Hardware decommissioning policy
November 30, 2020
When decommissioning hardware, standard and well-documented practices are critical. The steps outlined in this policy will guide your staff methodically through the process. Assets won’t be unnecessarily wasted or placed in the wrong hands, data stored on this hardware will be preserved as needed (or securely purged), and all ancillary information regarding hardware (asset tags, location, status, etc.) will be updated.
Decommissioning of hardware (whether due to obsolescence, failure, or another reason) will be the jurisdiction of the IT department, which will work with any related owners/stakeholders (e.g., finance, if this involves an accounting system or HR if it is a payroll server).
Determining whether and how to decommission hardware
Sometimes the decision behind whether to decommission hardware is easy—but in other cases it can be harder to find the right answer. When in doubt, the decision should be based on the following questions:
- Is the device no longer needed?
- Is the device performing poorly and/or causing outages or service disruptions?
- Can the device be repaired/upgraded to perform more reliably?
- Is the device outdated and no longer the best choice for use?
- Is the device redundant and superseded by another one?
- What services will be affected by the removal of this device? Can they or have they been reallocated or replaced elsewhere?
- Can the device be used elsewhere (e.g., a test lab or practice system)?
Working with these answers, the IT department can proceed to donate, give away, or have the device recycled or destroyed. The choice made here will depend on the device, the staff involved, and security policies and procedures, so this will vary by case as well as by company. The security department (if applicable) must be consulted to ensure that appropriate steps are taken to protect the organization, its data, and its assets.