Key takeaways

  • The risk in a decommission isn't the hardware — it's data, dependencies and disposal evidence.
  • Sanitise media to a recognised standard and keep certificates for every device.
  • Dispose through WEEE-compliant recycling under chain-of-custody, and hand over a documented audit pack.

Decommissioning a rack, a row or a whole hall looks like demolition, but it behaves like surgery. Pull the wrong cable and you take down a live service two racks over. Skip a sanitisation step and you have a data-protection incident waiting in a skip. Lose the paperwork and you can't prove anything to an auditor. A good decommission is defined by what you can evidence afterwards, not how fast the racks emptied.

Here is the checklist, in order.

The 10-step checklist

  1. Audit and tag every asset. Build a verified inventory of everything in scope — make, model, serial, asset tag, rack location — and reconcile it against your CMDB. If it isn't on the list, it doesn't move.
  2. Map dependencies. Confirm what each device actually serves: power feeds, network uplinks, shared storage, anything cross-connected. This is where "we thought that was dead" incidents are prevented.
  3. Plan the sequence and window. Agree the shutdown order, site access, escort requirements and the change window with every stakeholder — including the colo, if it's a shared facility.
  4. Take final backups and confirm restorability. Back up anything that might be needed again, and actually test that it restores before you power the source off. A backup you haven't verified is a hope, not a copy.
  5. Sanitise the data. Securely erase or physically destroy storage media to a recognised standard. Record a sanitisation or destruction certificate for every single device — this is your evidence if anyone ever asks.
  6. Sequenced power-down. Power devices off in dependency order, logging each step and confirming nothing live drops as you go.
  7. De-cable and de-rack. Remove cabling and hardware methodically, labelling anything being retained or relocated. Take photos as you go — the handover pack starts here.
  8. Secure transport. Anything leaving the floor for reuse, resale or destruction travels under sealed, tracked transport with an unbroken chain of custody.
  9. WEEE-compliant recycling. Retired equipment goes to licensed, WEEE-compliant processors so hazardous materials are handled correctly and disposal is fully documented.
  10. Hand over the audit pack. Deliver the evidence bundle: final inventory, sanitisation certificates, chain-of-custody records and disposal/recycling certificates.

(That's nine numbered actions plus the audit-pack handover — ten discrete checkpoints, and the tenth is the one auditors care about most.)

The two failures that cost the most

Unverified data sanitisation (a compliance and reputational risk) and missing disposal evidence (you did it properly, but can't prove it). Both are paperwork problems, and both are entirely avoidable.

Why sequence matters more than speed

The temptation on a decommission is to get the racks empty quickly. But the expensive mistakes all come from doing things out of order — de-racking before sanitising, powering down before checking dependencies, transporting before logging custody. A slower, sequenced exit is almost always the cheaper one, because it doesn't generate a second project to clean up the first.

Where most teams need help

Internal teams usually have the knowledge but not the bodies — a decommission is a burst of work with a hard deadline and a need for certified hands on the floor. That's exactly the shape of a smart hands engagement: our data centre decommissioning and ITAD & recycling services handle it end to end, with the audit pack delivered at the end. If you've got an exit coming up, tell us the site and the timeline and we'll scope it back the same working day.