Seven Practical Tips for ITAD – Avoid the Gaps and Mistakes that Introduce Risk into IT Disposal

By Sean Magann

As the form and volume of devices used by individuals and businesses evolve, so will the ITAD programs needed to ensure the retirements of these devices. Currently, 77 percent of businesses rely on some sort of technology for success and growth and there is no denying the significance of these IT and electronic devices. Therefore, the successful management of this equipment, both during their useful life and after, can be critical. Corporate requirements regarding data security, environmental compliance and accurate inventory reconciliation hinge on responsible and resourceful processing of this end-of-life IT equipment. The following tips offer suggestions for adjusting your ITAD program for better results.

Start with Accurate, Complete Asset Lists

Many customers use their internal IT asset management (ITAM) inventory system to generate an initial list of assets being retired. Unless this list is validated with a complete physical inventory, it is almost impossible to fully reconcile inventory counts through final disposition. Taking the time to verify initial asset lists makes it easier to settle final asset lists within the IT and accounting departments of your organization.

Identify and Protect All Digital Data

And we do mean all… Digital data can reside on assets inside and outside the direct control of the IT department. Regardless of location, all data has the potential for a data breach. Potential threats that are easily overlooked include:

  • Unwiped hard drives in printers, copiers and fax machines
  • Undetected secondary hard drives in desktop computers
  • Used solid state hard drives (SSD) since typical data destruction methods are not effective on SSDs
  • Lost mobile assets (tablets and phones) or portable storage devices (whether on a personal or company-owned device)
  • Un-returned or lost assets assigned to remote or contract employees
  • Incomplete data destruction or missing assets that are a result of loose handling by an ITAD vendor
  • Unauthorized resale of IT assets by third-party vendors

While it is common to overlook these above-mentioned threats, it doesn’t mean the potential for a serious threat doesn’t exist. Sometimes the tiniest security holes can expose critical data.

Don’t Let Data Leave Your Site

Since a single instance of compromised digital data can represent a devastating incident for a company, best practices dictate that digital data be destroyed prior to being removed from their original location. Digital data destruction can now be performed on-site through several services being offered by ITAD vendors. These on-site data destruction services support small and large projects, are convenient, and provide IT managers the ability to witness and confirm digital data destruction.

Properly Evaluate and Audit the ITAD Vendor

If a company relies on an external vendor to process retired IT assets, take the time to find a vendor who properly supports the organization. Consider performing an on-site audit of short-listed vendors before making a final selection to help make a more informed decision by uncovering the following:

  • Process accountability: Procedures that are (or are not) in place to seamlessly account for assets, security and environmentally responsible processing
  • Certification legitimacy: How plant certifications translate to demonstrable differences in equipment processing
  • Employee safety: Environmental health and safety (EHS) protocols in place which can be important in safely meeting environmental compliance requirements
  • Facility security: Secure facilities, which are part of an overall secure and efficient supply chain, ensuring full accountability for customer assets and proprietary digital data
  • Service structure: Facility size can be important in providing a wide range of services and maximizing material recovery
Mind the Gaps: Review the Process Holistically

When retiring assets, vulnerabilities are introduced as equipment is:

  • Moved, packaged, transported off-premise
  • Transferred to different departments such as from IT to facilities management, and then to third-party transporters
  • Processed and reprocessed

This multi-step chain of custody introduces risks and vulnerabilities that need to be effectively managed. The chain of custody should be clearly defined, secure and as streamlined as possible.

Accountable and Integrated Solutions

Final retirement of technology assets can involve several departments within an organization each with unique requirements. Partnering with the right vendor can reduce administrative overhead, simplify vendor relations and improve overall accountability. Internal stakeholders may include the CIO, Information Security Officer, IT Procurement Specialist, Risk and Compliance Officer, IT Asset Management Team, Sustainability Officer and Accounting Director. Each of these stakeholders will evaluate the ITAD process through a different lens. Make sure the selected vendor can securely address each of their unique needs.

Ensure Reliable and Consistent Service

RFPs and criteria for ITAD vendor selection typically center on price agreements, data security mandates, corporate compliance requirements and responsible IT asset disposition. It is interesting to note that after vendor selection and implementation, the financial and corporate compliance results are impacted much more by the seamlessness of day-to-day operations than initial contracted price and services. Scheduling of load deliveries, flexibility for on-call pickups, paperwork transactions and requirements, and online reporting translate to time savings and a reduction in administrative resources and expenses resulting in impactful savings to the bottom-line results.

Once the vendor is selected to manage the reuse and recycling of retired IT, office equipment and other electronic assets, the work isn’t over. Always evaluate the service and confirm satisfaction before furthering the relationship. For global companies, IT vendors are often piloted in one location and can eventually be rolled out worldwide for complete holistic ITAD management with consistent services and support. Finding the perfect integrated solution that can streamline complete ITAD processing under a single roof may not always be easy, but will be worth the wait.

About the Author

Sean Magann is the Global Vice President of Sales & Marketing at Sims Recycling Solutions.