Every piece of hardware in a data centre has a beginning and an end. The beginning gets all the attention - procurement, racking, cabling, configuration, testing. The end? That's where things tend to fall apart.
Data centre decommissioning is one of those jobs that nobody plans for until it's urgent. And when it's urgent, mistakes happen. Equipment gets scrapped that still had value. Drives get tossed without proper sanitisation. Compliance paperwork gets forgotten. And someone, somewhere, ends up paying for an extra quarter of colocation fees because the deadline slipped.
We've seen it all. Here's how to do it properly.
Why Decommissions Happen
The trigger is usually one of four things:
Lease expiry. Your colocation contract is ending and you're not renewing. The facility wants the space back, and they've given you a date.
Cloud migration completing. You've finally moved the last workloads to Azure. The physical kit is sitting there powered on, doing nothing, costing you money every month.
Consolidation or merger. Two organisations become one, and nobody needs two data centres. One has to go.
Facility closure. The data centre operator is closing or repurposing the site. You've got a hard deadline whether you like it or not.
In every case, there's a clock ticking. And that clock is usually attached to a bill.
The Wrong Way to Decommission
We've walked into facilities where the plan was essentially "pull everything out and skip it." That approach is wrong on multiple levels.
You're throwing away money. Enterprise hardware retains significant value, even years after purchase. Servers, switches, storage arrays, UPS systems - there's an active secondary market for all of it. Skipping a rack of five-year-old Dell PowerEdge servers is like throwing away a used car because you can't be bothered to sell it.
You're creating a data breach. Every drive in that facility potentially contains sensitive data. Customer records, financial information, intellectual property, personal data covered by GDPR. Simply "deleting files" does nothing - the data is still recoverable. Throwing a drive in a skip without sanitisation is a data protection incident waiting to happen.
You're breaking the law. The UK's WEEE regulations (Waste Electrical and Electronic Equipment) require proper disposal of electronic waste. You can't just dump servers in a skip and send them to landfill. There are fines, and more importantly, there's reputational damage.
You're missing the deadline. Rushing without a plan is how you end up with a half-empty cage on the day the lease expires, still paying for space you should have vacated weeks ago.
The Right Process
A proper decommission follows a clear sequence. Skip a step and you'll regret it.
1. Asset Audit
Before you touch a single cable, document everything. Walk every rack. Record the make, model, serial number, age, and condition of every piece of equipment. This isn't glamorous work, but it's the foundation of everything that follows.
You can't value what you haven't catalogued. You can't certify destruction of drives you didn't know existed. And you can't prove compliance without records.
A thorough audit typically covers:
- Servers (including internal drives and memory configuration)
- Networking equipment (switches, routers, firewalls)
- Storage arrays and SAN infrastructure
- UPS systems and batteries
- PDUs (power distribution units)
- Patch panels and structured cabling
- Rack infrastructure itself (rails, shelves, blanking panels)
2. Data Sanitisation
This is non-negotiable. Every storage device must be sanitised to a recognised standard before it leaves the facility.
We follow NIST 800-88 guidelines for media sanitisation, which defines three levels:
- Clear: Overwriting with standard write commands. Suitable for most business data.
- Purge: Using manufacturer-specific commands (like Secure Erase for SSDs) that render data unrecoverable through standard forensic techniques.
- Destroy: Physical destruction of the media. Shredding, degaussing, or incineration. Reserved for the most sensitive classifications.
For most organisations, Purge-level sanitisation is sufficient. For government, defence, or highly regulated sectors, physical destruction may be required. Either way, every drive gets a certificate of sanitisation or destruction with its serial number recorded.
This is a GDPR requirement, not a nice-to-have. The ICO expects you to demonstrate that personal data was destroyed in a documented, verifiable way.
3. Value Assessment
Here's where decommissioning gets interesting. Enterprise hardware holds value far longer than most people expect.
What's worth money:
- Enterprise servers (even 5-7 years old) - a rack of HPE ProLiant or Dell PowerEdge servers can be worth thousands
- Networking equipment - Cisco, Arista, and Juniper switches hold value well
- Storage arrays - NetApp, Pure Storage, EMC units have strong resale demand
- SSDs and HDDs (after certified wiping) - enterprise-grade drives command premium prices
- UPS batteries (if relatively recent) - replacement batteries are expensive new
- Rack infrastructure - quality racks, PDUs, and structured cabling all have buyers
- Optics and transceivers - small items, but surprisingly valuable in aggregate
What's not worth much:
- Very old desktops and thin clients
- Consumer-grade monitors
- Generic patch cables and power leads
- Anything physically damaged beyond cosmetic wear
We've seen single decommission projects recover five figures of value from hardware the client assumed was worthless. That money offsets the cost of the decommission itself, and sometimes turns a profit.
4. Selective Resale
There are several channels for selling recovered hardware:
- Specialist IT brokers who buy in bulk and resell globally
- Direct sale to organisations looking for specific models
- Online marketplaces for individual items
- Manufacturer trade-in programmes where available
The key is matching the right channel to the right equipment. High-value networking gear might get the best price through a specialist broker. Individual servers might sell better direct. Bulk miscellaneous kit might go to a clearance buyer.
5. WEEE Compliance
Anything that can't be resold must be disposed of in compliance with the UK's WEEE Directive. This means:
- Collection by a licensed waste carrier
- Processing at an approved treatment facility
- Proper recycling of materials (metals, plastics, circuit boards)
- Waste transfer notes and duty of care documentation
- Proof of compliant disposal for your records
This isn't optional. Organisations have a legal duty of care for their electronic waste from the moment it leaves their possession until it's properly processed.
6. Certificates and Audit Trail
When the decommission is complete, you should have a paper trail covering:
- Full asset register (what was there)
- Data sanitisation certificates (per drive, with serial numbers)
- Certificates of destruction (for physically destroyed media)
- WEEE compliance certificates (for disposed equipment)
- Resale records (what was sold, to whom, for how much)
- Photos of the cleared space (proving the facility was vacated)
This documentation isn't just good practice - it's your protection. If a data breach claim surfaces two years later, you need to be able to prove exactly what happened to every piece of hardware.
The Time Pressure Problem
Most decommissions have a hard deadline. A lease expiry date. A facility closure date. A cloud migration completion target tied to budget approvals.
Missing that deadline typically means paying for another month or quarter of colocation fees. Depending on your footprint, that could be thousands of pounds for space you don't need.
The answer is planning. A well-planned decommission with a proper timeline works backwards from the deadline, building in contingency for the things that always go wrong: equipment that wasn't in the asset register, drives that need physical destruction, buyers who need time to arrange collection.
Starting early doesn't cost anything. Starting late costs plenty.
Environmental Responsibility
Proper IT asset recovery isn't just about compliance and cost. It's about keeping functional hardware in use rather than sending it to landfill.
A server that's end-of-life for a large enterprise might be perfectly adequate for a smaller organisation. Networking equipment that's been superseded in one environment can serve reliably in another for years. Extending the useful life of hardware is one of the most practical things we can do to reduce electronic waste.
When equipment genuinely is at end-of-life, proper recycling recovers valuable materials - copper, aluminium, gold, palladium, rare earth elements - that would otherwise be lost.
How We Handle It
We manage the full lifecycle of data centre decommissioning: audit, sanitise, recover value, and dispose of the rest compliantly. Based in the Slough and Thames Valley corridor, we have access to all the major data centre facilities in the area and can mobilise quickly when deadlines are tight.
Whether you're clearing a single rack or vacating an entire suite, the process is the same. Document everything, protect the data, recover the value, handle the waste properly, and leave you with the paperwork to prove it.
Planning a data centre decommission or sitting on old hardware you need to deal with? Get in touch to discuss your requirements and find out what your equipment is actually worth.