HomeGovernance, Risk & ComplianceMitigating Risk in IT Asset Disposal with DIAL

Mitigating Risk in IT Asset Disposal with DIAL

When organisations upgrade their tech, they are left with redundant devices containing valuable (and often sensitive) information.

The secure disposal of these IT assets is far from a tick‑box exercise; it’s a critical part of protecting your organisation, your customers, and your reputation.

One tool that helps ensure this protection is the Data Impact Assurance Levels (DIAL) system. Widely used in the IT Asset Disposal (ITAD) industry, DIAL provides a structured, risk‑based way to choose the right disposal method for your devices, based on the sensitivity of the data they hold.

Understanding DIAL

DIAL is a risk‑evaluation model designed to match your disposal method to the level of risk posed by the data on your devices. It considers:

  • The type and volume of data stored
  • The threat level to your organisation
  • Your risk appetite — how much risk you’re prepared to accept
  • The impact a breach would have on your business

By using DIAL, you can ensure that devices containing highly sensitive or classified information undergo more stringent disposal and erasure methods than those containing only low‑risk, internal data.

Why DIAL Matters

Data breaches caused by poorly managed asset disposal can be catastrophic — not only under UK data protection law (GDPR and the Data Protection Act), but also in terms of financial loss, reputational damage, and customer trust.

DIAL helps organisations:

  • Comply with GDPR and ICO guidelines on secure disposal
  • Mitigate the risk of data breaches
  • Apply the right level of protection to different categories of data
  • Standardise ITAD processes across departments
Risk Vectors by Vecteezy

Applying the DIAL System

To use DIAL effectively:

  1. Evaluate the data stored on your assets awaiting disposal.
  2. Categorise the risk level (based on sensitivity, volume, and potential impact).
  3. Select the disposal method appropriate to that risk level.

The Information Commissioner’s Office (ICO) strongly recommends this approach, ensuring that your disposal method matches the risk level of the data.

You can calculate your organisation’s DIAL level using ADISA’s DIAL evaluation tool. This will give you a benchmark for building a compliant ITAD strategy – one that clearly defines:

  • Where the process starts and ends
  • Sanitisation procedures by media type
  • Whether disposal happens on‑site or at a certified processor’s facility

In Summary

DIAL isn’t just a technical tool – it’s a safeguard for your organisation’s data, reputation, and compliance. By embedding DIAL into your ITAD processes, you can ensure that every retired device is disposed of in a way that’s proportionate to the risk it poses.

Remember: data protection doesn’t end when you stop using an asset – it ends when that asset is securely and completely destroyed.

Main Image: Computer Vectors by Vecteezy

Tags:

Share: 

Categories
Tags
ADISA Competence Management Cyber Security Data Protection DIAL Rating Environmental GDPR Human Resources ISO 9001 ISO 14001 ISO 27001 Operational Excellence PDCA People Development Quality Risk Management