Decommissioning a data centre is an extensive undertaking. Beyond shutting down servers and dismantling your equipment, you must ensure thorough data destruction to prevent any security breaches and satisfy compliance requirements. The simplest and most effective way to have your hard drives and other assets destroyed or wiped is enlist the help of an IT disposition firm. Before you begin your search, here are some factors to consider.
Do you need onsite or offsite data destruction?
Some companies are required to witness the destruction or wiping of assets, in which case on-premises data destruction is the best option. For other companies, it may be sufficient to have assets collected and destroyed by a trusted third party.
If your company requires onsite data destruction, be sure that the provider you’re considering offers this service. For instance, Quantum has a mobile truck that can come to your facility so hard drives can be destroyed on premises in front of witnesses. An individual from your organization can physically watch the destruction process take place in the shred truck.
For offsite data destruction, look for a company that offers security measures such as seals on their vehicles and photo evidence that they have been untouched when they reach their facility. Make sure the firm you choose can communicate the status of your assets through the data destruction process, allowing you to keep track of items by their serial numbers.
Which certificates do you need?
For compliance purposes, many organizations require a Certificate of Data Destruction (CODD). The CODD should include the company name, date of destruction, and hard drive serial numbers. Organizations with stringent compliance requirements may need additional information, such as the product’s make and capacity. Make sure the provider you choose can issue CODDs that meet your company’s precise needs.
If you plan to reuse or re-market your assets instead of having them physically destroyed, you might require a data wiping certificate. Quantum offers secure data wiping services and can provide supporting documentation as needed, in addition to CODDs.
What will the deinstallation process entail?
A successful deinstallation calls for a skilled team to disassemble and transport racks and heavy cabinets full of servers. Delicate equipment must also be packaged properly, so the firm you choose should be experienced in these procedures.
Some companies require deinstallation to take place outside of normal business hours. In such cases, a representative from the organization will still need to be on site to indicate which components need to be removed. You may also require lockboxes for hard drives as a further security measure. Since there are many variables to consider, it’s important to work with a flexible and responsive team that communicates clearly and promptly.
Finally, keep in mind that most firms won’t take any components that still have power connected to them, so make sure equipment is removed from power in advance.
What security requirements must be met to enter the facility?
Associates from your chosen firm will be considered guests, so communicate the visitor policy ahead of time. In many cases, personnel that will enter the facility need to be verified 48 hours in advance. List which forms of identification will be required, such as passport or driver’s license, and how they should be sent.
What is the physical layout of your data centre?
Consider whether your facility has features that won’t accommodate standard equipment. For instance, if your floors could get damaged by traditional pallet trucks, let the firm know so they can bring in special equipment, such as protective carpeting.
Think of any potential obstacles, from the front door to the area where your assets are located and back down again. You’ll need to ensure the standard elevators are large enough to fit the equipment, or reserve freight elevators if needed.