Kicking That Computer To The Curb – Think Twice!

By Nicole M. VanHaren

New fiscal year. New projects. New budgets. As support for Windows XP approaches its end of life, many companies are planning extensive refresh programs to update antiquated technology and ensure compliance.

Spending time planning the program — what to purchase, how to purchase, how to requisition, how to install — and other questions come to mind. One process often missed [overlooked] is how to dispose of the legacy technology being replaced. As consumers and enterprises, we have several options — throw it away, donate to charity, sell to employees, keep it in a closet out of sight, engage a free disposal company or pay for a disposal service.

As asset management professionals we have many critical tasks to manage. IT asset disposition is one area that must be done well. Details cannot be missing, and mistakes are not acceptable. By having an experienced 3rd party provider to partner with, I’ve found that the value they add far outweighs the cost.

Over the past ten years of my career, I’ve learned many lessons on proper disposition of legacy assets removed from our environment. I’ve read articles and books, attended webinars — all hoping for a simple checklist that I could use when deciding on a partner. Unfortunately for me, no such list existed. I’ve investigated and built my own list based on the most important criteria … and continue to revise with each renewal … This is a living document that I add to as I continue to learn. Here is my checklist for 2012 as it stands today:

Contract

  • Title and risk of loss transfer when the asset leaves our dock
  • Liability coverage
  • Full indemnity to customer
  • Include language that allows for new or changes in legislation
  • Put the onus on the vendor to comply with local, regional and global regulations
  • Data privacy compliance
  • E-waste
  • Anti-bribery and Anti-Corruption language (FCPA)
  • Supplier will meet the minimum security and privacy standards of International Standard ISO þ 27001 and 27002, and Safe Harbor
  • Code of conduct acknowledgement
  • Standard pricing per unit
  • Certificate of disposal, wipe, and full asset disposition details with each invoice (including make, model, service tag and asset tag identifiers)
  • Obtain reimbursement for assets sold
  • Standard T&C’s
  • Business downturn language
  • Volume commitments
  • Invoicing, reporting and payment terms
  • Taxability
  • Termination language
  • Do not compete language
  • Disaster recovery and business continuity
  • Annual audits
  • Robust controls to audit
  • Environmental score card reporting
  • Supplier will provide annual, upon request, SAS70 Type II or SSAE-16 report

Additional Services

  • Look for end to end solutions that match your needs (without creating new solutions that can be difficult to maintain long term

Certifications

  • Require Certifications
  • Certificates of Destruction
  • Certificates of Erasure
  • Certificate of Recycling
  • Settlement Reports
  • Retain records FOREVER
  • Availability of online portal to see each stage of the asset’s disposition
  • Redeployment and box solutions available

Sustainability

  • Zero landfill and zero incineration policies
  • Avoid sale to 3rd world countries of assets that are no longer functional
  • Match their footprint to your locations
  • Prohibit crossing of borders

Data Security

  • Compliant with Department of Defense 5220.22 (DoD) and NIST SP 800-88 standards
  • Shredding of assets that fail DoD wipe
  • Onsite shredding available
  • Locked, secure trucks available
  • Process for audit, including all partners
  • Limit downstream partners

Before settling on your end of life disposition process, use this checklist to ensure that your ITAD partner can fulfill these contract and process requirements. Before you take action, educate yourself. Many federal, state and local laws and regulations govern an area of our business that many of us don’t even think about. Legislation is just one aspect. Oftentimes, our customers include language pertaining to sustainability in their standard contract terms and conditions. Read between the lines. Seek to understand, and comply. With the cost of a data breach above $200 per record, the cost of non-compliance can add up to substantial penalties that could threaten your bottom line, and your brand image. It is, unfortunately, not uncommon to hear of stories where a single laptop amounted to over $8 million dollar loss of revenue! That’s a hard pill to swallow for your stakeholders and can create a negative image of your brand…which is priceless.

About the Author

Nicole VanHaren is the Manager, Desktop Management for Kelly Services, Inc.