Blog

8 Steps to Audit Compliance when Decommissioning Data Center Equipment (Infographic)

Growing and refreshing your data center can be challenging enough. Decommissioning data center equipment requires a different set of specialized skills and tools, plus a laser focus on meeting compliance requirements across regulatory standards and audit processes.

Leveraging our experience partnering with hyperscalers, ITRenew has defined an eight-step process that guarantees audit compliance. We rigorously track each serialized asset through data sanitization to final disposition, giving you a fully traceable audit trail. Our comprehensive approach to data security compliance ensures complete traceability and peace of mind.

Read the rest of this post for an overview of the process or download our Audit Compliance infographic for a more complete explanation.

Step 1 and 2 – asset discovery and initial reconciliation report

Your audit trail begins with complete asset discovery, comparing your list of stated assets with what we actually find. We automate this process using our proprietary data security and compliance software Teraware to ensure precise discovery of every asset. The process identifies the make, model and manufacturer of all components within the server and all key attributes of the drives associated with the server. The software logs the parent-child relationship between the rack, server and drive, constructing a perfect blueprint.

Following asset discovery, Teraware automatically runs reconciliation, creating a variance analysis. This evaluation ensures that any variances are identified, researched and closed out before further action is taken. This game-changing automated reconciliation report is critical to establishing accurate inventory and sanitization.

 

Steps 3 and 4 – drive wiping and certificate of sanitization

After setting up a virtual local area network (VLAN), our technicians connect a small appliance with Teraware to all of the racks to be wiped. If you prefer remote wiping, licensing is available for you to deploy Teraware over your own automation framework. Teraware’s agent-based architecture supports parallelization of tasks for unlimited scalability by sending agents to all targeted nodes and wiping them concurrently. Whether we are wiping fifty servers or 50,000 servers, the entire process only takes one to two days, with comprehensive asset tracking and job-status reporting occurs throughout. For each wiped drive, you receive a Certificate of Sanitization that guarantees complete sanitization of your data center equipment.

Teraware fully wipes more than 98 percent of drives. We destroy the remaining two percent of drives efficiently and securely, following the requirements from both the National Institute of Standards and Technology (NIST), NIST 800-88 and the National Association for Information Destruction (NAID).

 

Step 5 – data center departure report

Following wiping, Teraware’s automated asset reconciliation report identifies and categorizes all of the assets that have been processed onsite and designates which are to be shipped to the ITRenew facility. We cross-check Teraware’s automated report with a physical scanning of items, creating a complete data center departure report. Adding an extra step for data security, this report ensures all assets are accounted for – whether they are shredded at the data center or shipped to ITRenew.

 

Steps 6 and 7 – drives transportation and reconciliation

This step cross-checks your equipment against the Teraware report as it is loaded onto securely sealed trucks. We securely transport the assets to an ITRenew facility for processing. To meet the most stringent security requirements, we offer secure shipping with sealed loads and GPS tracking; you know where your assets are at all times.

Upon arrival, we again cross-check assets during unloading, reconciling all shipped assets against the baseline report. Items are then individually scanned into our Web Inventory Tracking System (WITS); the WITS inventory is cross-checked with Teraware’s reporting to independently reconcile each serialized asset. If there is any variance, we create a variance report and investigate.

 

Step 8 – shredding and value recovery

Our facilities are custom designed to handle data center hardware – from racks to switches to redundant array of independent disks (RAID) and more – as securely and efficiently as possible. Prior to disassembly and recycling, we remove asset tags from racks and servers to prevent future misidentification of equipment and ensure your data security. Failed drives are destroyed, and a Certificate of Destruction is created for every destroyed drive. Fully wiped drives can also be shredded if desired. The custom WITS portal provides you with complete transparency, enabling them to track their assets at every step.

You can opt to maximize the value of your decommissioned hardware through ITRenew’s reseller services. With this option, ITRenew removes the asset tags to ensure security and prevent future misidentification of equipment. Assets and components go through a thorough reconditioning process in which we evaluate the hardware for performance, conduct cosmetic upgrades and securely package hardware for a retail-grade final product. Firmware is reset to factory settings to further protect our clients and preserve their anonymity. Once a sale is complete, ITRenew provides you with a notification of sale and distributes resale funds, completing the chain of custody. The WITS portal enables complete tracking throughout the process for total peace of mind.

 

End-to-end compliance and peace of mind

From wiping and shredding drives to recycling or reselling racks, servers and other equipment, ITRenew maintains a fully traceable audit trail – ensuring end-to-end compliance. Thanks to our complete chain of custody, our clients have all received flawless results on audits by top tier, independent auditors. We stand by our results: our complete guarantee gives you total peace of mind.

Contact ITRenew today to talk to us about your data center decommissioning and audit compliance needs.