From bank floors to boardrooms to the trading bullpens of Wall Street, technology is one of the key drivers of financial services. But what happens when that technology reaches the end of the line?
It may be the headquarters deciding to upgrade end-user devices in all its branch locations. It may be a financial firm’s analyst determining that the best hardware is needed for compute-heavy financial modeling efforts. Whatever the reason, technology in this industry is typically refreshed every two to three years.
Asset removal and disposition can be complicated, with the sensitivity of customer financial data and other nuances to consider. Here are four best practices for preparing for IT asset disposition in financial services:
1. Understand the security, business and compliance requirements
Before getting started, you should be fluent in the end-to-end processes and requirements for financial services ITAD. You should have clear answers in mind for the following questions:
- Have you identified your company’s lead person to “run point” when the process is taking place?
- Have you planned and accounted for every data-bearing device?
- Are you adhering to your corporate policies?
- Are you familiar with the FACTA provisions in the Fair Credit Reporting Act?
- How about the Financial Industry Regulatory Authority and Gramm-Leach-Bliley Act?
The compliance mandates mentioned above are designed to protect consumers’ private data, and violations of these regulations often lead to civil penalties, loss of brand prestige and fines.
It is imperative to be familiar with every device, process, policy and regulation before signing the ITAD partner contract.
2. Determine if there is a cost benefit to reselling, reusing or buying back equipment
Saving money is great, but not at the cost of data breach. When considering what equipment to resell and reuse, make sure it’s all wiped clean of sensitive financial data. Even then, double-check corporate and regulatory policies concerning device resale. In some cases, hard drives must be destroyed regardless of whether they are data-sanitized — in fact, some companies require having hard drives destroyed on-site rather than at a remote facility.
Other specialized equipment, such as cash counters and check coders, aren’t usually worth the effort required to resell. Your ITAD partner can help you make these decisions and, in the case that a market for something doesn’t exist, dispose of the equipment in an environmentally responsible way.
3. Have backups and a Disaster Recovery plan in place before you begin
Before unplugging a single device, you should have a mature and well-designed disaster recovery and backup plan in place to ensure that you don’t lose any sensitive transaction, financial or customer data. Insist on having multiple, redundant copies of all your data stored outside of the equipment you are destroying. Why? Because it is going to be toast soon, and you don’t want to hold up the destruction process for some last-minute fire drill to copy a piece of data you haven’t stored anywhere else.
You should also conduct an internal audit and know where the data “lives.” Make sure to identify and protect data housed in uncommon or not-so-obvious sources such as copiers, fax machines, printers, gateways, routers and switches.
4. Do some homework on your suppliers — even ones that are far downstream
It’s rare that a business can refresh hardware, ensure data protection and dispose of IT assets in an environmentally responsible way without help. Professional ITAD providers have the specialized tools, procedures and knowledge to make the process run smoothly.
But companies need to conduct rigorous due diligence and get to know suppliers. ITAD providers often work with specialized partners for each phase of the process — from hard-drive shredding to secure, GPS-integrated transportation of IT assets. Make sure that you know the provider and its reputation for each phase of the ITAD journey before signing on the dotted line.
Are you responsible for ITAD at your financial services company? How well is your company doing with IT asset removal? Take the ITAD quiz to find out. We’d love to hear about your results in the comments section below.