What's inside
A complete, audit-defensible chain of custody form for IT Asset Disposition. Designed for IT operations teams, ITAD service providers, internal audit, and CISOs who need a documented, unbroken record of physical custody from decommission through final disposition.
23 pages of structured operational content covering:
Document control with ISO/IEC 27037 alignment statement
Section 2: full ISO/IEC 27037:2012 alignment table showing how each principle is operationalised
Section 3: when to use this form (always required, recommended, and not required scenarios)
Section 4: glossary of 8 terms including custody, custodian, handover, tamper-evident seal, and custody break
Part A: Initial Custody at Decommission with event details, asset summary, custodian identification, condition checklist
Part B: Storage Phase with location and controls, periodic check log, exit procedures, and extended-storage warning
Part C: Transit Phase with carrier details, sealed container table, vehicle and GPS tracking fields, formal transit declaration
Part D: Receipt at ITAD Facility with count reconciliation, seal verification table, asset-level reconciliation, discrepancy log
Part E: Final Custody Closure with disposition outcome, certificate of destruction reference, formal closure declaration
Multi-Asset Tracking Sheet with 14-row inventory table for batch handovers
Section 11: five named failure modes with documented response steps (count mismatch, broken seal, unsigned handover, condition discrepancy, transit incident)
Integration map cross-referencing the ITAD Policy, Certificate of Data Destruction, Data Retention Policy, and IT Asset Inventory Tracker
Why this template
Most free chain of custody templates online are generic forms designed for evidence handling in a forensic context. They miss the ITAD-specific phases: storage between decommission and transit, sealed-container verification during transit, and count reconciliation at receipt. This template is built for ITAD operations, with the failure modes and discrepancy logs that real audit failures actually need.
ISO/IEC 27037 alignment matters. ISO/IEC 27037:2012 is the international standard for the chain of custody of digital evidence. While developed for forensics, its principles apply directly to ITAD because the evidentiary integrity requirements are identical. Almost no free chain of custody template references 27037 explicitly. This one does, and the alignment table in Section 2 shows auditors precisely how each 27037 principle is operationalised.
Who it's for
IT operations leads, ITAD service providers, CISOs, internal audit, compliance officers, and procurement teams running ITAD contracts.
Pairs with
ITAD Policy Template (NS-TPL-001) which references chain of custody as a core control. Certificate of Data Destruction (NS-TPL-002) which is referenced from Part E.1. Data Retention and Destruction Policy (NS-TPL-003) which defines the form retention period. IT Asset Inventory Tracker (NS-TPL-004) which feeds the Multi-Asset Tracking Sheet.
Format: Microsoft Word (.docx) | 23 pages | Last updated: May 2026