Below we lay the groundwork for you and your IT team to consider when developing your data center decommissioning process. While all sorts of small details come into play, this will guide you on the big-picture essentials. It is also important to know the decommissioning process varies from company to company. The only factor that never waives, regardless of your organization’s scenario, is achieving complete security and compliance.
Secure decommissioning requires months of proper planning to guarantee a successful outcome. Starting with a project plan will help ensure your business and critical data are not compromised. These are the top priorities when it comes to data decommissioning.
Develop a Statement of Work
Based on the work being done and requirements, your organization must first outline a scope of work. Doing an on-site audit and working through a blueprint of what the project will entail gives a realistic outlook on the complexity and needs. Clear goals, timelines and budgets should be thoroughly reviewed and communicated. This Statement or Scope of Work sets the expectations for all involved. Lastly, establish backup systems to ensure there isn’t a crucial loss of power or data.
Your plan should help you identify required resources – the number of individuals and hours to complete work, materials (forklifts, pallets, etc.), and vendor needs.
Why you need a valuable partner in place.
It is worth noting that, more times than not, at some level, you are using an ITAD vendor to manage all or pieces of your decommission process. When sourcing a partner for such a big endeavor, consider these:
- Identifying a vendor capable of managing most of their data center decommissioning services through owned and controlled facilities.
- Certificate of Insurance, compliance, sanitizations standards, certifications in NAID R2, ISO 9001 and e-stewards
- Thorough reporting and auditing
- The ability to perform on-site data destruction before equipment leaves the facility
- Your data center equipment list can carry a lot of dollar value. A vendor with a wide network and experience with reselling can get your organization the maximum value for your old IT assets.
Asset Inventory List
A critical step includes building an extensive, detailed list of all hardware and software assets involved in your decommission. In many cases, this can be pulled from your CMBD’s (configuration management databases). However, to make sure nothing is overlooked, always follow up with a physical review of the space and IT assets. During this process, you should be identifying where each item is going – reuse, resell or recycle? Use this time to determine IT asset recovery opportunities.
This process can ensure that all IT assets and data center equipment is accounted for, which is important for financial and legal recordkeeping, and it can also be used to resolve any discrepancies if necessary.
By this point, you have taken all the necessary steps to prepare for expectations and have contingency plans in place. Review your implementation strategy, which includes the roles, duties, and tasks that must be accomplished. Before decommissioning, review the hardware asset plan and asset recovery checklist with stakeholders and on-site team leaders involved in the project. Ensure all agree on the plan, and the milestones and required sign-offs are in place.
Before turning off and disconnecting equipment on the day of decommissioning, review your checklist to ensure all data has been backed up and all applications have been correctly transferred. Be diligent about recording serials, and tagging all hardware assets so they can be clearly identified for the next stages in the process.
In some cases, you may be getting your data center space back to its original leasable condition. Returning to white space may mean removing additional equipment like racks, routers, cabling, cabinets, power cords, etc.
DATA DESTRUCTION & ERASURE
Alleviating any security risk and having 100% assurance that your data will not be recovered is the most urgent priority.
On-site services have been a popular choice, hard drives being wiped and physically shredded on-site provide an extra layer of security vs. it going to another facility. And it means you have certificates of destruction before equipment is transported off-site.
Asset remarketing refurbishes used equipment to resell at its highest market price point. Your company can benefit financially by going this route and minimizing environmental impact.
Experienced ITAD partners utilize large networks of remarketers, increasing the equipment’s value. A reputable ITAD service will securely transport assets with shipping updates, provide detailed reporting, and certified data wiping. They will go to all lengths to mitigate any security risks around confidential data. These funds can improve an organization’s bottom line, fund upgraded electronics equipment, or be applied to future infrastructure initiatives.
Recycling parts that can’t be repurposed or resold should follow environmental compliance requirements and your vendor should provide certificates of recycling. Use a certified partner so you feel confident that your equipment doesn’t sit in a landfill. Truly end-of-life assets will be disassembled and distributed to other manufacturing facilities to be reprocessed into finished goods.
Your IT team should have access to real-time reports, including certificates of data destruction, recycling and sustainability.
Any refurbished equipment needs a secure chain of custody for the final disposition of all assets, along with certificates of sanitization and destruction.
Having robust and thorough reporting is also valuable to other departments like finance so that they can account for the final ROI. It is also critical documentation to show that your vendor and your organization followed all compliance requirements.
This is a general framework of phases to consider when it comes to decommissioning IT equipment in your data center. A decommissioning project, small or large in magnitude, is often sourced out to ITAD vendors. It is important that a proper partner is verified, and references are secured before committing to their services. They should have experience in all aspects of a decommission and illustrate their ability to securely manage end-of-life assets that hold critical company data.
We recognize your business’s responsibility and challenges concerning IT asset lifecycle management. As your infrastructure evolves, our team (some with over 30 years of ITAD experience!) is here to support your initiatives and answer any questions. Meet them here!