Building a Robust IT Asset Disposition (ITAD) Process
New regulations have been introduced about the IT asset disposition process. These new regulations make it impossible or significantly more challenging to dispose of your IT equipment, such as servers, hard drives, and other data-bearing devices. It isn’t as simple as dumping the equipment in the trash or passing them on to employees.
If you fail to follow proper procedures and regulations when disposing of your IT assets, many negative things can occur. These dangers include damage to your reputation, large financial penalties for data breaches, legal challenges and suits, dangers to our environment, and human health dangers that can occur if the toxic materials in IT equipment are improperly dumped and leeches through soil or into freshwater supplies.
Due to the regulations in place and the dangers of improper disposal, your company must secure a process to ensure that your equipment is safely and securely disposed of.
ITAD Is the Beginning of the End for an IT Asset
ITAD, or IT asset disposition, is the final, but important, step in an IT asset’s lifecycle. However, when the asset reaches its end-of-life, you cannot simply dispose of it or give it away. There is still much to be done to dispose of IT assets safely. In 2016, a report by Cascade indicated that around 85% of companies now have a policy in place for how IT assets are disposed of. Does your company?
The ITAD process also involves preparing equipment for resale, donation, or recycling, such as keeping them in good condition, keeping all accessories together, such as the power cables and keyboards, and removing passwords and locks.
The DIY Route or Using a Third-Party Vendor
Before your IT equipment can be donated, recycled, or resold, any data on the equipment must be properly wiped and removed. Think about it for a second. How much information do you have stored on your desktops or laptops? You may have pictures, customer names, address and phone numbers and financial information. This information must be wiped clean from the IT equipment to ensure it does not end up in the wrong hands.
Some companies can wipe data themselves and either resell, donate or recycle the equipment. But it’s only practical for small businesses, not large ones or one with large data centers. And even for small businesses, it requires expertise and time most small businesses don’t have. For example, you will need to inventory all of the equipment and know which devices are data-bearing, and reuse parts. If you don’t know this information, you won’t get far in ITAD yourself. This is why most companies, large and small, use a third party vendor. Prep work for disposing of old computers is simple when using a third party vendor.
Resell, Donate or Recycle – What to Do with Old IT Equipment
Another decision that needs to be made is what the final stage is for the equipment.
Options depend on both the company disposing of the equipment, the ITAD vendor used or whether companies go the DIY route. If computers and equipment are quite new and in good condition they may have resale value and the business can recoup a percentage of their sale fees by reselling it. Some equipment can fetch significant returns, which can be vital for a company’s IT department.
Some equipment is older, and it may not have much value in terms of reselling it. But if it still works, many local non-profits can use the equipment or find a good home for it. In this case, donating it and getting a tax write-off may be beneficial.
Finally, some equipment is broken or so old that it has no resale value and cannot be donated. For these items, recycling makes the most sense.
Ideally, as much of the equipment should be reused as possible – so donate or resell. Most reputable ITAD vendors will offer this. Reusing equipment reduces your carbon footprint by reducing the need to make more computers, gives others a chance to access IT and keeps harmful materials out of landfills.
If you decide to go the DIY route, then you need to ensure data is wiped appropriately before re-selling or donating, something that reputable ITAD vendors can take care of for you if you don’t want to go it alone.
If you have IT equipment that you need to dispose of, it is important to act quickly. Don’t let old equipment gather dust. Assets depreciate at a rate of 3.5% per month.
Additionally, a special deal or new software release may mean many companies upgrade IT equipment simultaneously. This can cause the reuse market to be flooded with lots of the same IT equipment. The longer a company holds onto their equipment, the less demand and resale value there will be.
A great ITAD company can help you prepare your equipment for disposition and either sell it or donate it as quickly as possible before it loses value or becomes dated.
Vetting a Third Party IT Disposition Vendor
When you are selecting a third party IT disposition vendor, it is important that you conduct a thorough check on the vendor. To help with this process, the EPA has produced a checklist for federal agencies to find a suitable partner. Businesses such as yours should use a similar checklist when looking for ITAD solutions.
You should pay close attention to many items when you are vetting a third-party IT disposition vendor. One of the things you should look closely at is whether the vendor is either R2 or e-Stewards certified. You want a certified company, so you have peace of mind they know what they are doing. Also, look carefully at whether the vendor subcontracts out any parts of the ITAD operation. If they do, how do they vet their subcontractors? And does the company make you aware of who will have access to your data at every stage of the process? You are responsible for your IT equipment and the data on it, so you must ensure there are no breaches, the company holding the equipment is reputable, and follow the same best practices as the third party vendor you hired.
A Secure Transfer & Data Destruction Process Looks Like This
If you choose to use a third-party vendor, ensure that they have an airtight procedure for collection, transportation, destruction, or sanitization of data and eventual disposal or reuse. At CompuCycle, we take every step of the ITAD process seriously to ensure your IT equipment is always in good hands. Here are some of the steps that we follow to ensure the process’s data destruction phase is a secure one.
The first step we take is to thoroughly background-check all of our employees. We want only the best of the best working for us. We take the time to complete thorough background checks on every employee who works with us and they carry Transportation Worker Identification Credentials (TWIC) cards at all times.
We can perform our data destruction services on-site at your place of business where you can witness the secure destruction of data or we can safely transport equipment back to our secure facility to carry out the work.
When we remove assets from your location, we lock them up inside cases before we loading onto our trucks. This gives you peace of mind that the equipment is secure while transferring from your facility to our facility for the next step in the ITAD process. We use trucks that feature GPS tracking information and allow us to see when the doors are opened. This allows us to track where your equipment is at all times.
The third step is arriving at our facility. When the trucks or vans with your equipment arrive at our facility, you can rest assured they are entering a safe environment. Our facility is locked at all times and access-controlled. There are also cameras everywhere, ensuring only those with access to certain areas can enter. We also have an alarm system, preventing break-ins. Lastly, we store employee lockers in a separate area from the facility. The employees and their bags or purses are scanned when entering or exiting, help to prevent theft.
Lastly, CompuCycle carries error & omissions insurance and pollution insurance as another layer of security. If something unexpectedly does go wrong, we have the insurance money to cover it, ensuring you won’t have to come out of pocket for the mistake. All these steps combine to create a robust system that minimizes the chance of risk or error, making clients fully compliant with local regulations and enabling socially responsible recycling.
Keep Track of Every Asset
A company’s IT asset management is responsible for your company’s equipment from the cradle to the grave. They need to know what happens to it, even when it leaves the premises. As such, they should use an ITAD vendor that tracks each asset at every stage of the ITAD process and notes which parts were reused and which ones were recycled.
Certification & Documentation
In the case of an audit or legal challenge, a company must have its asset disposal well documented. The documentation should be available in different formats that your company can easily access and share if needed. These documents should include any reports, settlements, and certifications regarding the destruction of your IT equipment.
Some of the specific documents that a certified organization should provide you with include a complete report of the IT assets that were given for ITAD services, a report that details what happened to each asset, a serial number for every hard drive that was destroyed, a Certificate of Recycling for the recycled materials, a Certificate of Data Sanitization (for wiped equipment), and a Certificate of Data Destruction (for shredded equipment). It would help if you also got receipts with serial numbers for every piece of resold equipment.