<div class=”col-md-9 md-margin-bottom-40″><!–Blog Post–>
<div class=”row blog blog-medium margin-bottom-00″>
<div class=”col-md-12″>
<h2><a>Six Important Questions when Decommissioning Data Center Servers</a></h2>
</div>
<div class=”col-md-4″><img class=”img-responsive margin-bottom-20″ src=”http://ewastesecurity.com/wp-content/themes/ewaste-theme/assets/images/computer-recycling-reporting.jpg” alt=”” /></div>
<div class=”col-md-8 “>

Is decommissioning data center equipment a task that you dread? Would you go so far as to call it the worst part of your job? Whatever the reason, if you’re like a lot of others, procrastination has lead to excess equipment in your data center. See Zombie Servers article in the Wall Street Journal

Most companies are far better at getting servers up and running than they are at figuring out when to pull the plug, says Paul Nally, principal of his own consulting company, Bruscar Technologies LLC, and a data-center operations executive with experience in the financial-services industry. WSJ

</div>
<div class=”col-md-12″>

We surveyed several IT managers on why they have “zombie” servers taking up space in data centers, and the number one answer is liability and compliance with data privacy laws. Data destruction requirements are a source of confusion and apprehension for many assigned to decommissioning IT equipment.

Here are the six most common questions we get when clients decommission data center equipment and dispose of hard drives:

</div>
</div>

<hr class=”margin-bottom-hr” />

<div class=”row blog blog-medium margin-bottom-00″>
<div class=”col-md-12 margin-bottom-20″>
<h2><a>Question #1: Can I transfer liability to a data destruction vendor?</a></h2>
No, data privacy liability does not actually shift, but that doesn’t change the fact that when you hire a professional third-party data destruction vendor, you can greatly reduce your risk.

</div>
</div>

<hr class=”margin-bottom-hr” />

<div class=”row blog blog-medium margin-bottom-00″>
<div class=”col-md-12″>
<h2><a>Question #2: What’s the most secure form of data destruction?</a></h2>
</div>
<div class=”col-md-4″><img class=”img-responsive margin-bottom-20″ src=”http://ewastesecurity.com/wp-content/themes/ewaste-theme/assets/images/hipaa-security-rule.jpg” alt=”” /></div>
<div class=”col-md-8″>

The National Institute of Standards and Technology is part of the Department of Commerce, and is responsible for providing recommendations and guidelines regarding security. NIST “Guidelines for Media Sanitization”, also referred to as NIST 800-88, establishes the shredding of hard drives as the most secure form of data destruction, and indicates that physical hard drive destruction is the most appropriate action for data that is considered “High Security”.

</div>
</div>

<hr class=”margin-bottom-hr” />

<div class=”row blog blog-medium margin-bottom-00″>
<div class=”col-md-12″>
<h2><a>Question #3: Does NIST 800-88 determine security categorization?</a></h2>
</div>
<div class=”col-md-4″><img class=”img-responsive margin-bottom-20″ src=”http://ewastesecurity.com/wp-content/themes/ewaste-theme/assets/images/nist.jpg” alt=”” /></div>
<div class=”col-md-8″>

<a href=”#”>NIST 800-88</a> leaves categorization and assessment of data and its confidentiality up to each individual organization. With today’s data privacy laws and litigious environment , it is probably safest to consider all information High Security. After all, when it comes to personal information, you want your data kept private – and so do your employees, your customer, your patients, and anybody else whose information you control.

</div>
</div>

<hr class=”margin-bottom-hr” />

<div class=”row blog blog-medium margin-bottom-00″>
<div class=”col-md-12″>
<h2><a>Question #4: Is hard drive shredding more expensive than erasing?</a></h2>
Surprisingly, no. If you factor in the time that it takes your employees to go through the process of wiping each drive, shredding can actually cost your organization less. Hard drive destruction companies charge between $5.00 and $10.00 per hard drive, and some vendors will even bring shredding trucks to your office so you or your staff can personally witness and validate the work being done.

</div>
</div>

<hr class=”margin-bottom-hr” />

<div class=”row blog blog-medium margin-bottom-00″>
<div class=”col-md-12″>
<h2><a>Question #5: What’s the hard drive destruction process?</a></h2>
First, any data destruction project should start with a written agreement between you and the vendor. To comply with most data privacy laws, such as HIPAA, a written agreement must be in place prior to performing any services.
<ul style=”list-style-image: url(‘http://ewastesecurity.com/wp-content/themes/ewaste-theme/assets/images/tick-ul.png’);”>
<li>A data destruction vendor comes to your location with mobile shredding truck</li>
<li>Serial numbers are scanned for each hard drive</li>
<li>Hard drives and tapes are shredded – not drilled, hole punched or bent</li>
<li>A Certificate of Destruction is issued complete with serial numbers (COD)</li>
</ul>
</div>
</div>

<hr class=”margin-bottom-hr” />

<div class=”row blog blog-medium margin-bottom-00″>
<div class=”col-md-12″>
<h2><a>Question #6: What records are required for compliant data destruction?</a></h2>
</div>
<div class=”col-md-3″><img class=”img-responsive margin-bottom-20″ src=”http://ewastesecurity.com/wp-content/themes/ewaste-theme/assets/images/naid-logo.jpg” alt=”” /></div>
<div class=”col-md-9″>

The documentation that you should request is called a Certificate of Destruction (COD), and it should include all of the pertinent details including the time and place where the data was destructed, the names of witnesses and a complete list of serial numbers. A COD from an NAID AAA Certified hard drive destruction company provides you with a greater level of security and validity.

</div>
</div>

<hr class=”margin-bottom-hr” />

<div class=”row blog blog-medium margin-bottom-00″>
<div class=”col-md-12 margin-bottom-20″>
<h2><a>The Federal Trade Commission: Choosing a Data Destruction Vendor</a></h2>
Conduct due diligence and hire a document destruction contractor to dispose of material specifically identified as consumer report information consistent with the <a href=”#”>Final Disposal Rule</a>. Due diligence could include:

</div>
<div class=”col-md-4″><img class=”img-responsive margin-bottom-20″ src=”http://ewastesecurity.com/wp-content/themes/ewaste-theme/assets/images/ftcb.jpg” alt=”” /></div>
<div class=”col-md-8″>
<ul style=”list-style-image: url(‘http://ewastesecurity.com/wp-content/themes/ewaste-theme/assets/images/tick-ul.png’);”>
<li>reviewing an independent audit of a disposal company’s operations and/or its compliance with the Rule.</li>
<li>obtaining information about the disposal company from several references.</li>
<li>requiring that the disposal company be certified by a recognized trade association.</li>
<li>reviewing and evaluating the disposal company’s information security policies or procedures.</li>
</ul>
</div>
</div>
</div>