IT Decommissioning: How to Properly Shut Down Your Old Office

Whether you are relocating to a new office, downsizing after a shift to hybrid working, or closing a site following a merger, IT decommissioning is one of the most overlooked — and most consequential — aspects of shutting down an office. Get it wrong, and you risk data breaches, compliance violations, unexpected costs, and environmental penalties. Get it right, and you protect your data, recover value from old assets, and close the door cleanly on your old premises.

IT decommissioning encompasses far more than simply unplugging computers and throwing them in a skip. It involves the systematic identification, documentation, secure erasure, and responsible disposal or redeployment of every piece of technology in the office — from servers and network switches to desk phones, printers, and the cabling in the walls.

This guide provides a comprehensive, step-by-step approach to IT decommissioning, covering data security obligations, asset recovery, environmental compliance, and the practical logistics of dismantling an office's technology infrastructure.

Why IT Decommissioning Matters

The consequences of poor IT decommissioning are severe and wide-ranging. From a data protection perspective, any device that has ever stored personal or sensitive business data must be securely erased or physically destroyed before disposal. The ICO has repeatedly demonstrated its willingness to fine organisations that fail to protect data on decommissioned equipment. In one high-profile case, a former NHS trust was fined after hard drives containing patient records were found for sale on an internet auction site.

From an environmental standpoint, the Waste Electrical and Electronic Equipment (WEEE) Regulations 2013 place legal obligations on businesses to ensure that electronic waste is recycled or disposed of responsibly. Simply dumping old IT equipment in general waste is illegal and can result in fines from the Environment Agency.

From a financial perspective, poorly managed decommissioning wastes money. Old equipment that could have been resold, refurbished, or donated is instead scrapped. Software licences that could have been transferred or cancelled continue to accrue charges. And rushed, unplanned decommissioning often requires expensive emergency services from IT contractors.

The IT Decommissioning Process: Step by Step

Phase 1: Audit and Inventory

Before you disconnect a single cable, you need a complete picture of what exists in the office. This means conducting a thorough IT asset audit that documents every piece of equipment, its location, its age, its condition, and whether it contains any data.

Your inventory should cover servers and storage devices, desktop computers and laptops, monitors and peripherals, network equipment including switches, routers, firewalls, and wireless access points, telephony equipment including desk phones and PBX systems, printers, scanners, and multifunction devices, UPS units and power distribution, security cameras and access control systems, and all structured cabling and patch panels.

Each item should be tagged with a unique identifier and its status recorded in a decommissioning register. This register becomes your primary tracking document throughout the process and your evidence of compliance if ever questioned by a regulator.

Phase 2: Data Classification and Migration

Once you know what equipment exists, you need to identify where data lives and ensure it is either migrated to your new environment or securely destroyed. This is more complex than it sounds because data has a habit of hiding in unexpected places.

Beyond the obvious locations — file servers, email servers, databases — data may exist on individual workstation hard drives, in printer memory and hard drives (many modern multifunction printers contain hard drives that cache every document they process), on backup tapes stored in the server room, on USB drives and external hard drives in desk drawers, and in the configuration files of network equipment such as firewalls and switches, which may contain credentials, VPN configurations, and network topology information.

Phase 3: Secure Data Destruction

Every data-bearing device must undergo certified data destruction. There are two primary methods: software-based erasure and physical destruction.

Software-based erasure — also known as data sanitisation — uses specialised tools to overwrite every sector of a storage device with random data, making the original content unrecoverable. This method is suitable for devices that will be resold or redeployed. The erasure must comply with recognised standards such as NIST 800-88 or HMG Infosec Standard 5 (the UK government's standard for data sanitisation). Each device must receive an individual certificate of erasure documenting the serial number, the method used, and the result.

Physical destruction — shredding, degaussing, or incineration — is used for devices that are beyond reuse or that contained particularly sensitive data. A certified destruction company will collect the devices, destroy them at their facility, and provide certificates of destruction. Some organisations require on-site destruction for highly sensitive equipment, where a mobile shredding unit comes to your premises and destroys the devices while you watch.

Phase 4: Asset Disposal and Recovery

Once data has been securely destroyed, you can dispose of the physical equipment. There are several options, and the right choice depends on the age, condition, and type of equipment.

Resale: Equipment that is less than three to four years old and in good condition can often be sold to IT asset disposition (ITAD) companies. Depending on the equipment, you may recover meaningful value — a three-year-old business laptop in good condition typically fetches £80 to £200, while enterprise servers can be worth considerably more.

Donation: Equipment that is too old for commercial resale but still functional can be donated to charities, schools, or community organisations. Several UK charities specialise in refurbishing business IT equipment for reuse, and donation may provide tax benefits.

WEEE-Compliant Recycling: Equipment that is beyond reuse must be recycled through a registered WEEE compliance scheme. Your ITAD partner should provide WEEE waste transfer notes as proof of compliant disposal.

Equipment Type	Typical Resale Value	Recommended Disposal Method	Data Destruction Required
Laptops (under 3 years)	£80 - £200	Resale via ITAD	Yes — software erasure
Desktop PCs (under 3 years)	£40 - £120	Resale or donation	Yes — software erasure
Servers	£200 - £2,000+	Resale via specialist ITAD	Yes — erasure or physical destruction
Network switches & routers	£20 - £300	Resale or recycling	Yes — factory reset and config wipe
Monitors	£15 - £60	Resale or donation	No
Printers / MFDs	£10 - £50	Recycling or donation	Yes — internal hard drive

Phase 5: Service and Contract Termination

Decommissioning the physical equipment is only part of the process. You also need to terminate or transfer the services and contracts associated with the old office. This includes broadband and leased line circuits (which typically require 30 to 90 days' notice), telephone lines and SIP trunks, software licences tied to the premises, maintenance and support contracts for on-premise equipment, cloud services and subscriptions that were specific to the old site, security alarm monitoring contracts, and any managed print or copier lease agreements.

Failing to cancel services promptly is a common and costly mistake. We have seen businesses continue paying for broadband circuits at vacated offices for months — sometimes years — simply because nobody remembered to cancel the contract.

Common IT Decommissioning Mistakes

Starting too late: IT decommissioning should begin planning at least eight to twelve weeks before the office closure date. Rushing the process leads to missed devices, unsecured data, and unnecessary costs.

Forgetting about printers: Modern multifunction printers contain hard drives that store copies of every document they have printed, scanned, copied, or faxed. These devices must be included in your data destruction process.

Ignoring structured cabling: Your lease may require you to remove all IT cabling from the premises. Even if it does not, leaving cables in situ means leaving potential evidence of your network topology for whoever occupies the space next.

Not obtaining destruction certificates: Verbal assurance from a recycling company is not sufficient. You need auditable, written certificates for every data-bearing device, linked to the device's serial number.

Overlooking cloud services: Just because your physical office is closing does not mean your cloud obligations end. Review all cloud subscriptions, storage accounts, and SaaS applications associated with the site and either migrate, archive, or securely delete the data they contain.

How Much Does IT Decommissioning Cost?

The cost of IT decommissioning varies significantly depending on the size of the office, the volume and type of equipment, and whether you handle it internally or use a specialist partner. As a rough guide, a small office with 20 to 30 workstations might cost between £2,000 and £5,000 for a full decommissioning service. A larger site with server rooms, extensive networking, and 100 or more devices could cost £10,000 to £25,000 or more.

However, these costs should be offset against the value recovered from equipment resale and the avoided costs of compliance failures. A single ICO fine for improper data disposal could dwarf the cost of a properly managed decommissioning project.