Safeguards for Proper Disposal of Hardware: Risks and Examiner Expectations (Part One of Two)

Are firms disposing of hardware with cyber risks in mind? The SEC Office of Compliance Inspections and Examinations’ recent report (OCIE Report) related to cybersecurity and operational resiliency practices includes a new focus on the proper disposal of hardware, a topic also included in its 2020 exam priorities. If laptops, servers and other types of computer hardware are not handled properly before and during disposal, criminals could access personal or network information contained on those devices. This article, the first in a two-part series, discusses what is behind the focus on hardware disposal; the types of hardware that should be considered; applicable laws and guidelines; and what safeguards regulators expect firms to have in place. The second article will address ways to keep track of the relevant hardware; best practices for creating and implementing policies; and protective measures for using third parties for disposal. See “How Fund Managers Can Prepare for the Latest SEC Cyber Sweeps” (Jul. 11, 2019).

To read the full article

Continue reading your article with a HFLR subscription.