Summary of “The flawed IT asset management paradigm: Key considerations for privacy professionals”
Robert Johnson is a blue-flame thinker. IAPP published his article about the flawed ITAM paradigm, highlighting the conflict between IT asset management (ITAM) and IT asset disposition (ITAD), which causes regulatory noncompliance and data security risks.
Bob’s article highlights how organizations often lose track of IT assets, resulting in unresolved assets containing regulated personal information. The article emphasizes the importance of recognizing the need for change, particularly implementing segregation of duties (SOD) between ITAM and ITAD, to ensure data security and compliance.
Key points of the IAPP article:
- The current ITAM/ITAD paradigm is flawed because the person responsible for tracking IT assets is also responsible for disposing of them. This creates a conflict of interest, as the manager is motivated to overlook missing assets.
- This conflict of interest can lead organizations to ignore unresolved IT assets, posing significant cybersecurity risk.
- Segregation of duties (SOD) is a solution to this problem. SOD requires different people to be responsible for tracking and disposing of IT assets.
- SOD is a well-established practice that prevents conflicts of interest and protects organizations from cybersecurity risks.
- The SEC’s new cybersecurity regulations require SOD in ITAM/ITAD. Organizations are required to report cybersecurity incidents, and board members are held accountable for data security.
Public companies risk regulatory scrutiny if they do not implement SOD in ITAM/ITAD. Privacy professionals should know this risk and advocate for SOD within their organizations.
How Retire-IT Can Help
- SOD comes standard. The fox cannot guard the henhouse.
- Track up to 100% with disposal tags. Chain of custody guaranteed.
- Serial numbers are never shared downstream with ITAD vendors. Teachers don’t share answers with students for a reason.
- Equipment is held. Equipment Verification Holds permit us to have a second look, which solves 99% of inventory problems.
- Reconciliation is automatic. Spreadsheets are slow, easy to alter, and impossible to validate.
- Retire-IT’s methods work without changing a vendor or disrupting existing methods.
Take the Next Step
Ready to future-proof ITAD strategy? Contact us or call me at (888) 839-6555 or email kmarks@retire-it.com. I would be pleased to share a strategy and outline the options for vendor-agnostic defensible disposition.