IT-16 – Asset Disposal

Estimated reading: 2 minutes 1186 views

What is IT-16 – Asset Disposal Control?

The IT-16 Asset Disposal Control is about implementing a formal process to dispose of an organization’s equipment at the end of its useful life. This includes anything from an old laptop to electronic data.

Available tools in the marketplace

The following listing is “crowdsourced” from our customer base or from external research. TrustCloud does not personally recommend any of the tools below, as we haven’t used them.

Fresh service

Available templates

TrustCloud has a curated list of templates, internally or externally sourced, to help you get started. Click on the link for a downloadable version.

Control implementation

You would need to document the process of disposing of the equipment. This document, at a minimum, should include:

  • The type of equipment in your organization to dispose of
  • The time when equipment would need to be disposed of  (i.e when it was no longer needed, when it reached end of life, was unused, etc..)
  • How the data on the equipment should be deleted (i.e. overwritten;  electronic recyclers; hard drive shredding)
  • The method used to dispose of equipment  (degaussing, recycling)
  • The parties responsible for implementing and overseeing the process

Secondly, you would need to implement a way to track any equipment tagged for deletion. This can be tracked in a ticketing system.

What evidence is the auditor looking for?

Most auditors, at a minimum, are looking for the below-suggested action:

  1. Asset disposal procedure
  2. A project management tool used to track assets disposed of and a recent example of a recently disposed asset

Evidence example

For the suggested action, an example is provided below:

  1. Asset disposal procedure
    The following screenshot shows an example of an externally sourced IT asset disposal policy from Iron Mountain.
    IT 16 Asset Disposal 01
  2. A project management tool used to track assets disposed of and a recent example of a recently disposed asset.Example – Note that this ticket is not displaying the details under the disposal. This is what the auditor is interested in.
    The following screenshot shows an example of a recently disposed asset.
    IT 16 Asset Disposal 02
    IT 16 Asset Disposal 03

Join the conversation