IT Equipment Disposal Policy
Policy agreed by the Information Policy & Strategy Committee (IPSC) - 6th September 2021
IT equipment must be disposed of using the University approved disposal contractor. The contractor will physically destroy all storage media, recycle or arrange charitable donation. This policy is to meet the University’s legal and environmental responsibilities including: Data Protection Act 2018; Electrical Equipment (Safety) Regulations 2016; Waste Electrical and Electronic Equipment (WEEE) Regulations 2013.
All University IT equipment for disposal, including any equipment used at home or at other locations.
3.1 The University maintain one or more contracts with companies for the disposal of IT equipment. The contract will stipulate all storage media is removed and physically destroyed by shredding or crushing, before the rest of the equipment is reused or recycled.
3.2 IT equipment must always be disposed using the approved University contractor. The School/Service must maintain asset disposal records.
3.3 Equipment must be protected by storing securely until collection. Storage media should be wiped if there is a risk of unauthorised access before collection.
3.4 Any charges relating to the uplift or other aspects of this policy are the responsibility of the School / Institute / Service owning the equipment.
3.5 Charitable donations. Any intention to donate IT equipment to charity must be facilitated through the University contractor. The original equipment owner, and their Head of School / Institute / Service, are responsible for engaging with the approved Contractor to ensure charitable donations of IT equipment comply with this policy. Any software licensed to the University must be removed. Failure to do so may lead to legal licensing breach claims and reputational damage.
3.6 Trade-in. It is acceptable to trade-in IT equipment to a supplier in part exchange for newer equipment only if all storage media is removed before trade-in. Any software licensed to the University must be removed. (Note: any future University device leasing agreement may negotiate a contractual reset protocol subject to approval by IT Services End User Computing and Information Security).
3.7 Re-deployment in the University. IT equipment with economic life meeting current information security requirements can be re-used within the University in a different School/ Institute /Service. Storage media must be wiped to remove any personal or other confidential data.
3.8 IT equipment must not be sold, traded-in or donated other than by this policy.
3.9 IT equipment must not be disposed of in skips, dumps, or landfill.
In this policy:
- IT equipment: servers, desktop, laptops, tablets, smartphones, peripherals or other devices
- Confidential data: classified as Medium or High Risk in the University Information Risk Classifications
- Personal data: defined by the Data Protection Act 2018