ITAD vendors create security penalties for bank

How confident are you that you are correctly managing your ITAD (IT Asset Disposition)?

If you have a vendor who manages ITAD for you, how confident are you that your vendor is correctly managing it?

In either case your answer should be, “100%” because if not, you could be opening yourself up to a host of fines and legal issues. Data breaches resulting from improper handling of customer PII happen more than they should. In fact, you have probably seen the news reports about some of the bigger breaches that happened in the past few years like Facebook in 2019, Marriott and Twitter in 2018, and Equifax in 2017. In total, these four breaches resulted in personal information being compromised for over 1 billion people. Unfortunately, this is far from an exhaustive list of large companies who have had issues securing their customer PII.

ITAD fines for policies and procedures

In August 2020 reports indicated Morgan Stanley bank was facing seven class action lawsuits related to multiple data breaches because 1) the vendor they were using the manage their ITAD did not correctly scrub their devices when decommissioning and 2) were unable to locate retired servers. Earlier this year, The ITAM Review reported Morgan Stanley was fined $60 million from Treasury Department due to their oversight failures with their ITAD policies and procedures. Of all the processes a managed services vendor is responsible for, data security is at the top of the list.

With Covid-19 companies had to rapidly scramble to buy new assets to allow their employees to work from home. The world is moving towards a new normal that will mean at least some employees will return to the office at some point. That leaves a surplus of assets that will need to be managed, upgraded, repaired and decommissioned. Managing all of this is time consuming and many companies choose to outsource the work.

ITAD managed services

If you are going to outsource your IT asset disposition needs, then you want to make sure you’re working with a reputable ITAD vendor who will go above and beyond to ensure your PII is kept safe and / or properly eliminated.

As you begin evaluating managed services vendors to find the best fit, what follows are some important things to evaluate:

  • A proven track record and a good industry reputation
  • ISO certification
  • Data deconstruction standards that meet or exceed 800.88
  • Recycling standards that meet or exceed R2

In addition, make sure they have processes in place that give you guaranteed chain of custody:

  • Ensuring all assets are accounted for from the moment of acquisition until disposal
  • Thorough process documentation that adheres to your specific regulatory and compliance requirements

Lastly, you’ll also want to make sure they provide real-time metrics and reporting sufficient to effectively plan and purchase.

Re-Source Partners IT asset disposition

With a Re-Source Partners ITAD solution, you are guaranteed the highest levels of security. We meet all the needed certifications and standards and employ all the processes above using AssetTrack® for ServiceNow. Our secure asset recovery process removes all data from retired and disposed assets and also addresses:

  1. What you currently have
    1. Onsite Inventory
    2. Packaging & Transportation
    3. Reconciliation Reporting
  2. Your data security
    1. Audit / Test
    2. Drive Wipe / Data Erasure
  3. Your asset value
    1. Value Assessment
    2. Resale
    3. Redeployment
    4. Donation Fulfilment
    5. Employee Buyback Programs
    6. Recycling

Using the intelligent automation tools in AssetTrack®, we can conduct a complete chain of custody mapping of data, from the certificate of disposition to sanitization records, which can then be archived within ServiceNow. The goal of ensuring data integrity and a complete chain of custody with a centralized, streamlined hardware asset management system controlled within ServiceNow is possible.

As detailed in this real-life Bank Case Study. You will see how this bank:

  • Reduced purchase orders and costs
  • Improved hardware inventory accuracy
  • Best practices with KPIs
  • and more.

Securely and accurately managing your assets while ensuring accurate reporting could mean the difference between your company keeping PII secure or being issued a potentially devastating fine because of a data breach. Also, keep in mind there’s no statute of limitations or safe harbor exists for assets that are not correctly decommissioned. In the case of Morgan Stanley, the equipment was decommissioned four years ago. So, companies cannot simply turn a blind eye to missing or improperly scrubbed assets today and assume if they can’t find it then nothing is wrong. That is a potentially significant liability carried forever.

To learn more about how Re-Source Partners can help you manage IT asset disposition, visit our ITAD overview.

Leave a Comment