Electronic Data Destruction 101: Chain of Custody
Posted in Blog
If it’s time to replace your IT equipment, then it’s time to double check that your data security policy contains a secure chain of custody and an electronic data destruction process. This will ensure that your computer hardware with sensitive data makes it safely from your facility through data destruction to a certified asset disposition company that has been properly vetted. To significantly reduce the risk of legal, financial and PR disasters, be sure that a certified and bonded service provider properly handles the onsite data destruction or secure transport of the assets to help prevent a data security breach.
What is a Chain of Custody?
Chain of custody is a fully auditable paper trail providing end to end visibility documentation of what was done, when, and by whom in the process of electronic data destruction. This should include:
- An assigned project manager
- Identification and scanning all serial numbers for tracking purposes
- Optional: Scanned and matching computer and hard drive serial numbers
- A recording of the time of disposition, and the method of disposition
- Identification of the individual executing the procedure
- A video recording of the process
- A signed Certificate of Destruction proving compliance with relevant privacy legislation.
Why do you need a Chain of Custody?
Maintaining an auditable record of chain of custody is necessary for regulatory compliance and data management. It will help to protect your business against any potential regulatory fines that could be incurred for a data breach that may result from IT assets being improperly disposed of. And a secure chain of custody includes a Certificate of Destruction, a nationally-recognized record to keep on file helping you document compliance with state and federal privacy laws such as HIPAA, PCI, FACTA, Gramm-Leach-Bliley, and Sarbanes-Oxley.
NAID AAA Certification and Chain of Custody
Using a NAID AAA certified data destruction vendor ensures the highest standard of information destruction. NAID-certified companies undergo announced and surprise audits that include careful scrutiny of the chain of custody audit trail and procedures. Selecting onsite electronic data destruction services further reduces the opportunity for chain of custody gaps resulting from packing and shipping. Additionally, with onsite data destruction, you’ll be able to have your own staff witness the process to further strengthen your chain of custody process and verification.
Chain of custody is a legal obligation for anyone disposing of sensitive data. To ensure compliance and verification of compliance is a part of your ITAD (IT Asset Disposition) program, ask your VAR or contact Guardian Data Destruction for advice. No one needs the embarrassment, financial and legal consequences of an end of life data breach that could have been easily avoided.
We also recommned
15 essential factors for IT asset management and data destruction
If your goal is to ensure that data doesn’t show up where it shouldn’t, these 15 essential factors for IT asset management and data destruction will help you develop a defensible data destruction policy and secure IT asset management process.
Overflow warehousing for IT asset disposition, security and transitions
Secure, overflow warehousing designed for IT asset storage and processing is the solution for ITAD, VAR and reseller when space, receiving and client services are a problem
8 Post-pandemic Predictions for the Planning of Data Security and IT Asset Management and Disposition
We’ve pinpointed eight post-pandemic workplace trends that will affect the planning of data security and IT asset management and disposition from budgeting, purchasing through end of life disposition. Here’s what you need to know.
Stay in the know
Get relevant information right in your inbox
We do not sell or share your information with anyone