Decommissioning IT Equipment

Decommissioning IT Equipment: 5 Considerations

The speed of technology continues to increase at an unprecedented rate.  Product lifecycles grow shorter and the need for innovation is now a necessity. Organizations upgrading their IT equipment must also consider how to decommission their outdated equipment.  Before the era of cyber theft, intellectual property rights, and data storage compliance regulations, IT departments regularly tossed hardware into the trash bins or dumped it into the nearest landfill. Carelessly decommissioning your IT equipment invites theft of your sensitive corporate data, and potential legal ramifications.

Below are a few ideas to consider when strategizing the decommissioning of your outdated IT equipment.

Decommissioning IT Equipment: Data Backup

Execute Critical Backups of Your Data

Before you virtually or physically destroy the machine, properly back up and store your data. This assures that you don’t lose any critical or proprietary information, such as employee records or documentation needed to file the company’s taxes. A backup also serves as proof of exactly what data was on the machine that was destroyed.

Decommissioning IT Equipment: Data Logs

Keep a Log for Decommissioning IT Equipment

Your IT department will need to establish a logbook that centralizes the information on decommissioning IT assets. The log includes the identification of all destroyed equipment, the decommissioned date, and the process taken during the destruction. Also, create a punch list of pending tasks according to your company policy and compliance regulations. This assures the workers charged with the process don’t forget anything. Even the smallest oversight will return to become a huge burden for your organization.

Decommissioning IT Equipment: Double Check

Double Check Before Decommissioning IT Equipment

Before decommissioning, double-check the identity of the hardware. Having an IT asset management system in place streamlines this process. Make sure it is the right piece of equipment and include who the user(s) were in your logbook. In addition, companies know the types of data stored on the machine from the user’s access level and job title. In summary, this is your proof later that the equipment was indeed disposed of according to company policy and the law.

Network Access Control

Access Control and Network Management

Managing users and controlling their access to your network is an essential piece of your network’s security.  Old user IDs left with access into your network will serve as an open gateway to hackers and other malicious cyber threats.  When planning your decommissioning process, consider not just hardware but other means

IT compliance

Stay in Compliance

Many organizations must abide by a certain set of industry regulations to remain in business.  Regulations such as PCI DSS, HIPAA, FERPA, and FISMA require companies to accurately log every asset from purchase to disposal/destruction.  In addition, The National Institute of Standards and Technology (NIST) requires monitoring and quality control for data erasure and disposal of IT equipment.


In light of new malicious cyber-attacks and data theft, organizations must implement a thorough decommissioning strategy for outdated IT equipment.  In addition, companies must follow proper data erasure and equipment disposal protocols to stay in compliance with industry regulations.  When upgrading your IT equipment or relocating to a different building, be meticulous in logging every piece of equipment.  Also, make absolutely sure any data stored on equipment is completely wiped clean and backed up in a secure location.  Doing these simple things will save your organization and your customers a lot of headaches in the future.

For more information on Decommissioning IT Equipment and how we can help, please visit to speak with one of our solutions specialists!

Share this Post