Reviewing and verifying the security posture of the server firmware is the most effective step to ensure the new devices comply with security best practices before they are integrated into the company's network. Firmware can often be a target for supply chain attacks and may contain vulnerabilities that need to be addressed. While conducting penetration testing is valuable, it is not the first step in ensuring the security of new hardware. Similarly, vulnerability scanning is important but would follow the initial step of reviewing the firmware. Enabling full disk encryption is a good security practice for data protection but would not necessarily address potential supply chain vulnerabilities present in firmware or hardware configuration.