Hardware Recycling

Introduction

Here you will find the standard operating procedures for recycling and disposing of University-Owned desktops, laptops, and removable storage. These standard operating procedures (SOP) are designed to meet the privacy, security, and data-destruction requirements detailed by the Office of the CIO; click here to review all related information security policies.

In addition, UBC IT Desktop Services completed a Privacy Impact Assessment (PIA) in conjunction with UBC’s PrISM unit of UBC’s Safety & Risk Services (SRS). This PIA (PIA03162) was a central focus for the development of the SOPs below.
There are two device categories listed within these procedures:

‘Standard’
  • Devices owned by UBC
  • Desktops, Laptops, and removable media
  • Equipment maintained within university standards
    • See:
      • Standard U7: Securing Computing and Mobile Storage Devices/Media
      • Standard U8: Destruction of UBC Electronic Information
      • SC14: Acceptable Use and Security of UBC Electronic Information and Systems
‘Out-of-Standard’
  • Desktops, Laptops, and removable media
  • Devices:
    • Owned by UBC
    • The operating system cannot be reached
    • Where encryption status is unknown
    • That were not known to be within UBC standards through their lifecycle

The recycling and disposal SOPs ensure that Desktop Services and the wider community follow a consistent, compliant, and auditable process for the secure end-of-life handling of UBC-owned desktops, laptops, and removable storage. By integrating structured ServiceNow templates, annual internal audits, and clear roles/responsibilities, the SOPs aim to achieve standards compliance while preventing privacy breaches or data leakage.

Purpose and Scope

Purpose:

To define a consistent, secure, and trackable process for collecting, sanitizing, and recycling/discarding University-owned desktops, laptops, and removable storage devices in compliance with ISS U7, U8, SC14, and FIPPA. In addition, this SOP will protect personal and high-risk data through verified encryption, sanitization, and a documented chain of custody.

Scope:

This SOP applies to all UBC-funded desktops, laptops, and removable storage that are integrated into UBC IT asset management (ITAM) and/or supported by UBC IT Desktop Services. All equipment recycled by UBC IT Desktop Services will go through these SOPs.

Bring your own devices (BYOD), personal devices, or specialized devices/batteries are out of scope of this SOP and will not be recycled by UBC IT Desktop Services.

Annual Audit Reviews

To validate that the SOPs are being followed and all required records kept; IT Leaders should verify a selection of submitted requests. We strongly urge the community to make this an action item every year.

An additional function of this annual audit is to check whether new guidance or regulations affect these SOPs. Please see the references below for guidance and regulatory sources.
 

Standard Operating Procedures

  1. Standard Recycling and Disposal Procedures
  2. Out of Standard Recycling and Disposal Procedures
  3. Audit procedures for Team Leads/Supervisors and Managers 

3rd Party Hardware Destruction Services

UBC IT leverages services identified within the BCNet agreement. This agreement highlights several local options for our IT teams to choose from. For a list of these services, please review the BCNet webpage for more details.

To further limit the risks of data leaving UBC; UBC IT Desktop Services have decided to rely on onsite device destruction where hardware destruction is the only potential step. Most local vendors will provide this service, but there will be costs and minimum device requirements.

Note:

When any third-party Service Provider handles UBC Electronic Information or media: the Administrative Head of Unit must ensure destruction is completed within seven (7) days and obtain the signed UBC Data Destruction Confirmation form; attach the signed form to a ServiceNow record.

References

University Policies

Acceptable Use and Security of UBC Electronic Information and Systems (SC14)

University Information Security Standards 1, 7 & 8

Freedom of Information and Protection of Privacy Act (FIPPA)

Industry Best Practices

NIST Special Publication 800-88 

Canadian Centre for Cyber Security

Office of the Privacy Commissioner of Canada

Additional Suggestions to improve SOP Adherence

ServiceNow Dashboards
  • Create a compliance dashboard that tracks the percentage of tickets with all mandatory fields completed:
    • This report could focus on only tickets created in the calendar year
    • Focuses on errors to keep things simple
  • Configure ServiceNow alerts if a ticket is not closed within SOP established timelines:
    • These alerts can be sent directly to supervisors
    • Risks of data leakage are increased in parallel to the amount of time hardware is sitting within working spaces
Sample-Based QA Checks

In addition to the annual audit, the Team Lead or a delegated staff member can do quarterly spot-checks on a small batch of tickets to catch process drift early.

  • Team members holding equipment for hard disk destruction should periodically check stored assets
  • Team Leads or Supervisors should be checking reports at least monthly
Ticket Closure Rules
  • Ensure no device is physically moved to Room 108 without all SOP requirements satisfied
  • A final QA check is in-built into the process by having S&R team members be the final ‘gate keeper’
Annual Reference and Guidance Review

During the audit, Team Lead or Supervisors should verify if the above references have been updated and assess if the SOP needs revision.

An additional function of the annual audit is to check whether new guidance or regulations affect the SOP. This must be an action item every year.

Appendix

1.    What is removable media?

In the context of data security, “removable media” generally refers to portable storage devices that can be easily attached to and detached from computing equipment or network environments. These devices are often small, easy to transport, and capable of storing substantial amounts of data. Common examples include:
•    USB flash drives (thumb drives)
•    External hard drives or solid-state drives
•    Optical media (CDs, DVDs, Blu-ray discs)
•    Memory cards (SD cards, microSD cards)
•    Portable media players or audio devices capable of file storage
•    Certain smartphones and tablets when used as external storage devices
 

Page last updated on December 24, 2025

UBC Information Technology

6356 Agricultural Rd
Vancouver, BC Canada
V6T 1Z2

Related Sites

Need Help?

UBC Crest The official logo of the University of British Columbia. Urgent Message An exclamation mark in a speech bubble. Bluesky The logo for the Bluesky social media service. Bookmark A bookmark in a book. Browser A web browser window. Caret An arrowhead indicating direction. Arrow An arrow indicating direction. Arrow in Circle An arrow indicating direction. Arrow in Circle An arrow indicating direction. Time A clock. Chats Two speech clouds. E-commerce Cart A shopping cart. Facebook The logo for the Facebook social media service. Help A question mark in a circle. Home A house in silhouette. Information The letter 'i' in a circle. Instagram The logo for the Instagram social media service. Linkedin The logo for the LinkedIn social media service. Location Pin A map location pin. Mail An envelope. Menu Three horizontal lines indicating a menu. Minus A minus sign. Pencil A pencil indicating that this is editable. Telephone An antique telephone. Play A media play button. Plus A plus symbol indicating more or the ability to add. Search A magnifying glass. Settings A single gear. Arrow indicating share action A directional arrow. Speech Bubble A speech bubble. Star An outline of a star. Twitter / X The logo for the X (aka, Twitter) social media service. User A silhouette of a person. Vimeo The logo for the Vimeo video sharing service. Youtube The logo for the YouTube video sharing service.