Every CISO must be able to address it when asked to describe their information technology asset disposal (ITAD) program. Asset disposal normally isnt one of those burning topics that is top-of-mind for CISOs. Every entity needs an ITAD program, and the program must ensure that the devices are data-free when they exit the control of the company. Lack of a program signals data may be at risk when equipment is recycled; presence of program signals attention to data protection.”]
Source: https://www.csoonline.com/article/3622257/why-it-asset-disposal-is-still-a-security-risk.html