When is an onsite data destruction project too big? Or too challenging? Extreme? At Guardian, we’re often asked by our VARS if we can handle an onsite data destruction job that they believe is impossible. In other words, their client wants a huge amount of data or e-media destroyed. Tomorrow. And the client has a few non-negotiable logistical and security hoops to jump through.
That’s when we put on our problem-solving hat and our “can do” attitude.
For us, the job boils down to three factors: volume, deadline, extra requirements. Here are a few recently completed projects that fit the definition of extreme (but certainly not impossible):
The Marathon: Destroyed one MILLION tapes onsite in 12 days.
Extra requirements: All Guardian workers had to be prequalified by the client before the job began.
The Iditarod: Destroyed 500,000 reel-to-reel tapes onsite in 3 weeks.
Extra requirements: Manage logistics and documentation of transport and immediate incineration of shred.
The Tough Mudder: Decommissioned a data center with 1,500 cabinets including onsite hard drive shredding, serial number capturing of the hard drive and referencing back to the host device. Disconnected all cables from the cabinets, removed the devices from the racks and packed each one. Removed racks from the floor and cables from below the raised. Entire decommissioning, disconnection and removal within two weeks to meet lease termination date.
Extra requirements: Manage crews working (2) ten-hour shifts without disturbing live power and data cables (parts of the facility still working 24/7). All staff required to pass background checks. Complete inventory of all equipment and project logistical coordination.
The Biggest Loser: De-rack 120 servers from 12 racks and removed front and rear hard drives, internal and motherboard hard drives and reference back to the host unit in a live data center. In ONE day.
Extra requirements: A checks and balance system driven by weight comparisons of the pre-shred and post-shred weight for the entire job. (Yes, it had to match perfectly.) And in addition to that, video recording of the entire data destruction process.
Onsite Data Destruction compliance is an open field
Banks/financial sector, retail, insurance, data centers, hospitals, government entities and technology have ranging levels of security compliance that, at a base level, is determined by a combination of professional protocols and government regulations. (Sarbanes-Oxley, HIPPA, NIST, etc.).
Sprinkle in corporate lawyers, asset disposition specialists, red tape, decision by committee, tight security protocols (or an unusually savvy IT security team), changing technology and some real risk awareness and you’ll end up with some unique, extra demands that each client tacks on to be confident that the job will be done right. There’s no one, clear way to do any of it so a combination of deep onsite data destruction industry experience, regulatory knowledge and flexibility are vital.
Why are end users so demanding?
VARs know Guardian can handle the capacity (volume within a given deadline), but the question mark is always the extra and seemingly capricious requirements. From the outside, clients may seem extreme in their extra demands but, more often than not, we realize that they’re driven by a singular motive: risk reduction. Understanding the client’s risk demands and providing the data destruction solution as a package is what VARs want in a partner. Because that’s what their clients want.
Preparation and communication are essential (but often forgotten)
For any project in any industry, consistent direct and honest communication ensures that there won’t be any surprises. And, when the occasional surprise does arise (and it will), preparation and project walkthroughs foresee possible challenges so that backup solutions are ready if needed.
At Guardian, for projects big and small, we live by the rule of the five P’s: Proper Preparation Prevents Poor Performance. Paired with constant communication, we focus on the preparation that makes each unique job a success: site survey, detailed SOW, toolbox review, defined traffic lanes, shredder checks, hardened chain of custody on all equipment, regulatory review and assigned responsibilities
So, as you plan your next onsite data destruction project whether it’s tapes or laptops, data centers or equipment refreshes, consider the extra requirements that are a part of the job and how it affects capacity. If it’s absolutely what’s needed to make sure the job gets “As” in quality and risk management, you’ll want your onsite data destruction provider to calmly respond, “How high?” when you let them know there are a few extra hoops to jump through.
Additional resources:
Wondering about residual data? Read Don’t let Residual Data Hack You
Proper data destruction pays dividends – read the Costs of Cybersecurity for Business
Any questions about electronic recycling? – check out the FAQs – Q&A: Electronic Recycling & Disposal