Safeguards for Proper Disposal of Hardware: Risks and Examiner Expectations (Part One of Two)

Are firms disposing of hardware with cyber risks in mind? The recent report issued by the SEC’s Office of Compliance Inspections and Examinations (OCIE) related to cybersecurity and operational resiliency practices includes a new focus on the proper disposal of hardware, a topic also included in OCIE’s 2020 exam priorities. If laptops, servers and other types of computer hardware are not handled properly before and during disposal, criminals could access personal or network information contained on those devices. This first article in a two-part series discusses what is behind the focus on hardware disposal; the types of hardware that should be considered; applicable laws and guidelines; and what safeguards regulators expect firms to have in place. The second article will address ways to keep track of the relevant hardware; best practices for creating and implementing policies; and protective measures for using third parties for disposal. See “How Fund Managers Can Prepare for the Latest SEC Cyber Sweeps” (Jul. 16, 2019).

To read the full article

Continue reading your article with a PELR subscription.