It is no secret that the SEC’s Office of Compliance Inspections and Examinations (OCIE) has been focused on cybersecurity the last few years. Now, as highlighted in two of its recent reports, it has a new focus: the proper disposal of hardware. This second article in a two-part series explores creating an inventory to track a firm’s hardware; drafting and implementing policies and procedures on the disposal of hardware; and performing due diligence on third-party disposal vendors. The first article addressed what is behind the focus on hardware disposal; the types of hardware that should be considered; applicable laws and guidelines; and what safeguards SEC examiners expect firms to have in place. For another regulator’s view on cybersecurity, see “FCA Head of Technology Outlines Regulator’s Cybersecurity Expectations and Three Key Lessons for Fund Managers” (Feb. 22, 2018).