IT asset managers consistently make important decisions, from the purchase of new equipment to the disposal of obsolete equipment or devices that are no longer needed. Traditionally, it’s the purchase of new equipment that gets a majority of the attention. The common thought is that a purchasing mistake would be much more costly than a disposal mistake. In fact, many companies minimize the value of having an official disposal policy in place and make decisions about retiring assets on an as-needed basis. However, it turns out that mistakes during the disposal process can be more costly than mistakes during the purchasing process because disposal mistakes are harder to catch. After all, when a company overpays for equipment, it’s fairly easy to notice. But when a company fails to recover the full value of its equipment during disposal, it is nearly impossible to know. More importantly, the time and effort put into the handling of assets being disposed is often calculated into the figures for purchasing new equipment, and IT asset managers see it as a necessary part of the process.
After spending many years as an IT director and making a shift to dedicate the last five years of my life to IT asset disposal and data security, I have had the privilege of working with many companies on the Fortune 500 list, along with thousands of other organizations ranging from small businesses to large government institutions. Through this experience, I have developed a list of the seven biggest mistakes companies make when disposing of their IT assets. While some companies make only one or two of these mistakes, I often find that many of the largest organizations make at least four to five of these mistakes on a regular basis.
Mistake 1: Provide Disposal Vendors with a Detailed Asset List
No matter how organized an organization attempts to be during the disposal process, many assets are still unaccounted for, and some assets go to the wrong place. In fact, it is very often the case that some of the new equipment recently purchased ends up mixed in with the assets being disposed by accident. For this and many other reasons, any asset list you have should be held closely, and the details should not be provided to the IT asset disposition (ITAD) vendor. Instead, IT departments should require their ITAD vendors to supply them with a list of the assets received and compare this list with the internal lists that may be available. It is not wise to tell a vendor exactly which items they are going to receive because it is the equivalent of giving test answers to a college student prior to giving him or her the exam. Your ITAD vendor should be kept on their toes knowing that they have to track all items properly and provide full reporting.
If you do not have a list, all is not lost. You can obtain at least a small partial list as the equipment is going out. You can often capture enough info in five minutes to be able to do a partial audit of your vendor’s work. This can be done by capturing information for only the highest-value equipment, a particular class of equipment, or even a random sampling of all kinds of equipment. As long as you have an accurate list of what you know is being sent to the vendor, you will have a way of double-checking their work. Of course, none of this can be done without requiring your IT vendor to provide you a specific, itemized, and serialized list of all assets received. So, always request a list and always verify the list against your own.
Mistake 2: Perform Unnecessary Due Diligence
Many of the steps in the due diligence process can be safely skipped by using a properly certified vendor. Of course, not all certifications are created equally, so be sure to look at Mistake 3 before committing to a “certified” vendor.
Certification bodies are already doing a great deal of the work for you with multiday on-site audits that cover many different aspects of the disposition process, including chain of custody, security, environmental standards, safety standards, and data security. Smart IT departments develop requirements for certifications and gain a solid understanding of the strengths and weaknesses of those standards. Then, they focus their time and effort into creating due diligence practices that analyze areas that are weak or ignored by the certification that they chose as their minimal standard. In this end, this practice allows you to spend less time and money and yet, complete a more extensive study of your vendor’s practices.
Mistake 3: Assume All Certifications and Licenses Are Equal
The U.S. Environmental Protection Agency (EPA), Department of Toxic Substances Control (DTSC), CalRecycle, and the New York State Department of Environmental Conservation all have two things in common: they sound very official, and they issue official approvals, documents, or certifications that just about anyone with a garage, 30 days, and a two-page application can attain! Don’t be fooled by companies that claim to have government-issued certifications. While it is required for companies in the ITAD industry to have some or all of the above-mentioned licenses, these licenses mean little to nothing for a client. A company in California, for example, can fill out two short applications and mail them in using any valid address, including a home address, and they will be issued a DTSC ID and an EPA ID and become an official “collector” through CalRecycle. They will even be listed on these websites as a company that can be used for ITAD and e-waste services.
There are only two certifications that actually review and audit the basics of companies in the ITAD industry. All other certifications cover only a small portion of the industry or do not include anything within the operations of a business. Of the two industry certifications, the e-Stewards standard is stricter and covers certain aspects of the industry that R2 does not. While various groups debate which standard is better for the industry, it is fairly well-accepted that a company that meets the e-Stewards standard can easily meet R2, but a company certified only to R2 would potentially need to make major changes in their practices to qualify for e-Stewards. Companies that reach for the highest standards are certified to both of these certifications.
There are additional certifications that are very valuable for specific areas of the business, such as ISO 14001, which covers environmental factors; ISO 9001, which covers quality; and NAID AAA certifications, which cover data security. All three certifications are excellent supplements to e-Stewards and R2, but they should not be accepted in lieu of them.
Most important, however, is the fact that trusting a vendor that is not certified to one of the major standards opens your company up to major risk. While many of those risks are related to disposal and the environment, the ones that can damage your company the most are related to data security and the protection of your company’s reputation.
Mistake 4: Let Sensitive Data Leave the Site
If your organization stores sensitive information including client records, patient records, credit card information, social security numbers, bank account numbers, and other extremely sensitive information, you should have a policy that data does not leave your site, regardless of the practices your vendor follows. There are many ways of ensuring that data is eradicated at your facility prior to allowing it to leave, and while these practices can be time-consuming or costly, they are a best practice that should not be ignored.
The most secure method of handling hard drives with sensitive data is to have the hard drives pulled and shredded on-site by a certified company. Some organizations add a step by choosing to wipe or degauss the drives prior to having them shredded on-site. While this practice appears to add a level of security, it can sometimes take away some aspects of security by allowing drives to be handled by too many people, for drives to “sit” for too long, and giving a false sense of security regarding drives that have been wiped.
Research has shown that most companies, including large banks and hospitals, that wipe their own drives have less than a 90% success rate. That means that at least 1 out of 10 drives that leave their facility labeled as wiped have actually not been wiped completely. This is caused by poor training, inadequate software, poor systems, and human error. This is a fact that is observed at almost all companies that choose to wipe drives using internal personnel.
Mistake 5: Pay for Services that Should Be Offset
Do not allow a vendor to charge you for costs that should be offset by the value of your equipment, including scrap value. While some equipment will not have value as a reusable item, there may still be scrap value in that equipment. Many vendors charge for handling, transportation, reporting, and data-wiping fees on that equipment, but they do not provide a credit for the scrap value of the equipment in order to offset these costs.
While some services cannot be done free of charge and the cost of handling and transportation of scrap equipment sometimes exceeds the scrap value of the equipment, it does not change the fact that the costs should at least be reduced based on that value.
In order to see how a vendor is really charging you, it’s simple to ask for “a la carte” pricing. In other words, ask the vendor to show you the value of your equipment, including scrap value, as well as the individual costs for handling, transportation, asset capturing, data destruction, repair, and other services. The separate pricing will allow you to see if your equipment is either being undervalued or if you are being overcharged for the services.
Mistake 6: Allow ITAD Vendors to Pick and Choose
Many IT departments make the mistake of allowing their “favorite” vendor or their primary ITAD vendor to pick and choose what they will accept. This leads to having the highest-valued items—especially newer computers, laptops, tablets, and cell phones—removed quickly, leaving behind CRT monitors, printers, batteries, older equipment, and other items that cannot be removed for free.
This causes a major problem, however, because the costs of transportation, handling, and recycling of the leftover items are often very high. Additionally, these high costs often cause companies to store the equipment, assuming a better opportunity will arise later. This further complicates the matter as the equipment not only causes storage issues, but the value further decreases, and recycling the equipment becomes even more complicated and costly. This is further complicated by data security issues that can arise from storing obsolete equipment for an extended period of time. Finally, in an attempt to find an inexpensive solution, many companies will abandon their policies of using only certified vendors and will accept the lowest bidder regardless of the potential harm to the company.
The industry best practice is to use a single vendor for all IT and electronics equipment. The company working with you for the higher-end IT equipment will almost always be willing to take your CRTs, batteries, printers, and extremely old equipment if they know that is the only way to earn your business. Furthermore, since they are already providing logistics services, adding some scrap equipment will not cost them significantly more, so the costs will be very reasonable.
The most important aspect of vendor selection is to establish your relationships and agreements from the beginning with the requirement to take everything so you find a vendor who can easily handle all of your equipment. If a vendor claims that they cannot handle CRTs, old printers, batteries, or other items like this, they are most likely not the right vendor overall and would not provide the level of service you desire.
Mistake 7: Not Enough Details in an RFP
This is the mistake that seems to plague some of the largest companies where the IT departments have thousands or millions of assets. Creating a request for proposal (RFP) that does not list specific items with specific model numbers, specifications, and configurations will dramatically reduce the pricing vendors offer. More importantly, the dearth of information causes the most capable vendors to provide very conservative pricing because they want to make sure they do not overpromise and under deliver. However, vendors who are not quite as concerned with long-term relationships and reputation will have much less to lose and will gamble with pricing and hope for the best. If the equipment ends up not being as they had “hoped,” they will simply back out, delay payments, or go down a long road of negotiations to reduce the ultimate payment. When the equipment is better than expected, however, they will not adjust pricing up, and you will continue to work with them, assuming you are being given the most competitive prices.
It is always best to offer as much detail as possible in an RFP. For example, servers, computers, and laptops should always include the makes, models and type of processor(s) along with the memory and hard drive specifications. The quantity of processors is a necessary detail and there may be other pertinent information. Leaving any of this information out or being vague about the specifications will cause vendors to assume the worst, unless they are not a quality vendor, as mentioned previously.
Even if you do not have the information for all of the equipment or you have equipment with vastly different specifications, you should either get a list of specifics or include one set of specifications in your RFP and ask vendors to base their pricing on that model. Once you find the vendor or vendors you feel are offering you the best services and competitive pricing, ask them to provide you with pricing based on various different configurations of the same equipment. This will allow you to get the highest possible value for your equipment while allowing the elite vendors who are dedicated to customer service to be competitive.
Providing this information should not be confused with breaking the first rule which is to avoid providing too much information about specific jobs. Keep in mind that the information you are providing here are product specifications in a general sense, not necessarily a specific inventory list of what equipment the vendor is going to be receiving on a specific load.
Making the Best Decision
Following these principles and avoiding the seven biggest mistakes companies make when disposing IT assets will allow your company to maximize the value of your IT equipment while giving you the ability to work with the best vendors.
In summary, follow these seven rules and you will make your job easier and your company safer while maximizing the return from your retired IT assets:
- Don’t Provide Vendors a Detailed List!
- Don’t Perform Unnecessary Due Diligence!
- Don’t Assume All Certifications Are Equal!
- Don’t Let Sensitive Data Leave Your Site!
- Don’t Pay for Services That Should Be Offset!
- Don’t Allow ITAD Vendors to Pick and Choose!
- Do Provide Detailed Specifics in RFP!