Evan Berger, CEO Tarsus dispose-IT, talks to ITWeb Events about the importance of ensuring your redundant IT assets are disposed of; ensuring POPI compliance when disposing of these assets and how to spot a non-compliant disposal service.

Redundant IT assets carry risk for businesses.  As these assets accumulate, the risk increases of data loss, loss in value, theft and misappropriation of assets and peripherals, storage costs, audit and stock take problems, and environmental contamination, among other issues. More recently, these risks, if unmanaged may lead to statutory noncompliance, hefty fines and even jail terms.

CIOs and CFOs should be aware of the requirements to comply with regulations such as POPI, NEMWA and KING 4 and how to recover value from end-of-term assets.

Redundant IT equipment contains data. To be POPI compliant when disposing of assets, organisations need to ensure they have taken all required and reasonable steps to prevent loss of data and personal information. Three important factors include: removal of physical data; incorporating an effective asset management process to ensure all assets are accounted for in the process and ensuring accurate and auditable record keeping retained for five years as evidence of proper and reasonable steps. 

It is labour-intensive and costly to achieve a complete and compliant outcome. Specialist companies exist who offer these services, and help take over the risk associated with processing. They also help integrate services into your business to minimise risk and cost.

Free services are always something to keep a look out for. Bakkie traders or opportunistic dealers are always trying to gain access as quickly and as easily as possible. Tarsus dispose-IT recommends always requesting a site visit so that you can understand the process and ensure that the facility is capable of handling the service offered.  But remain vigilant and cautious in your partner decision. Disposing of assets to an unvetted third party could lead to risks for your business. In the event of them not following proper procedures, it may be asked whether you took reasonable steps in vetting them.

Questions you should ask yourself when investigating an IT asset disposal contractor include: is it properly systemised?; does it have proper premises?; does it have resources to undertake the task?; does it carry necessary insurances?; does it provide risk management options for on-site and off-site storage device sanitisation and measures to reduce risk of data loss?; are there security measures in place, including chain of custody, and a secure site?