Properly done, IT asset disposition (ITAD) can reduce your risks and deliver a solid return on investment.
ITAD: Much more than ‘in with the new, out with the old’
You’ve just completed an organization-wide information technology refresh. What will happen to all of your obsolete IT hardware? Have you considered the risks inherent with your various options for IT asset disposition (ITAD)?
Illegal dumping or exporting of IT assets can result in costly penalties for violators, including $93,750 per incident under the Clean Air Act and $51,000 per incident under the Clean Water Act.
U.S. businesses and organizations generate millions of tons of electronic waste annually, resulting from periodic technology upgrades, coupled with the ongoing replacement of inoperative hardware.
Thanks to rampant growth in e-waste volume, the world of ITAD has changed dramatically in recent years. What was once an afterthought is now a major — even strategic — focal point for many companies and organizations. The reason: a growing awareness of what can happen when
hardware is improperly handled or sensitive data is breached.
For both ITAD vendors and the entities that hire them, the consequences can be severe, including multiple millions of dollars in penalties, restitution, and lawsuits, as well as prison sentences in some cases. In addition to these tangible losses, businesses and organizations may face severe, even irreparable, damage to their reputation and brand.
Today’s ITAD decision-making needs to take into account a broad range of factors — and not just to mitigate risks, but to ensure the highest possible value, including return on investment (ROI). At minimum, the ITAD decision process should address:
- Who handles critical ITAD steps, from asset pickup to ultimate disposition
- How you ensure the protection of sensitive data on devices and the secure transport of those
devices to their destination - The efficiency and security of asset transportation from point A to point B (and all points
in between) - The potential ROI for assets that could be refurbished and resold
- How readily you’ll be able to verify and audit regulatory compliance
- Expectations of service levels from an ITAD partner
This guide was created to help you gain a clearer understanding of the need for a compliant ITAD program, while providing practical guidance with choosing the right ITAD partner.
Chain of Custody: Crucial oversight and control of every step in the disposition process
A paramount element in the disposition of IT assets, “chain of custody” refers to oversight and control of every step in the ITAD process, including pickup or drop-off of electronics, facility-to-facility transport, data sanitization and/or destruction, asset remarketing and resale, and end-of-life recycling.
One of the biggest risks in the ITAD chain of custody is the theft of data from disposed electronics.
Lacking the resources to manage these steps themselves, a growing number of businesses and organizations choose to partner with an ITAD vendor. But this decision may not be as straightforward as it seems, because most ITAD vendors outsource one or more steps in the chain of custody, although they may not readily disclose this information.
ITAD outsourcing can be risky, because even if you’ve thoroughly vetted your contracted ITAD vendor, you may not have a clear picture of a partner’s standards and practices. And the risk is magnified as more vendors become involved in the ITAD process.
To reduce your risks, verify that the ITAD provider — and all partners — have proved their compliance and certification with the following nationally recognized governing bodies, including:
- National Association for Information Destruction (NAID)
- e-Stewards (independent industry certification)
- Sustainable Electronics Recycling International (R2v3 certification)
- ISO 14001 (environmental management)
- OHSAS 18001 (health and safety management)
Under the Sarbanes-Oxley Act, a financial institution is subject to a $5 million fine per violation, and a healthcare organization may be fined $50,000 to $1 million for each violation under HIPAA.
Data security
One of the biggest risks in the ITAD chain of custody is the theft of data from disposed electronics. Besides potentially harming consumers, data breaches expose businesses and organizations to a variety of punitive and compensatory actions.
For example, under the Sarbanes-Oxley Act, a financial institution is subject to a $5 million fine for each violation, and a healthcare organization may be fined $50,000 to $1 million for each violation under the Health Insurance Portability and Accountability Act (HIPAA). Additional actions are possible in these cases, too.
An effective and comprehensive ITAD process addresses data security from a number of critical angles, such as:
- Sanitizing or destroying data on any device in strict compliance with Department of Defense, National Institute of Standards and Technology (NIST) 800-88, and NAID standards
- Offering a cloud-based solution for erasing and certifying any data-bearing devices prior to pick-up
- Carrying adequate liability insurance to cover potential data breaches and improper electronics disposition — at least $10 million for cyber security and $10 million for e-waste pollution
- Conducting criminal background checks, extending back at least seven years, of all employees and job applicants involved in the ITAD process
- Using sufficient surveillance cameras in storage and processing facilities and maintaining video footage for a minimum of 90 days
Seek out an ITAD partner that carries adequate liability insurance – $10 million for cyber security and $10 million for e-waste pollution.
Logistics
Logistics involves much more than simply moving IT assets from point A to point B. Of course, you want your equipment to ship as efficiently and cost-effectively as possible. But you cannot compromise security, especially considering the potential threats to data on transported devices.
Your ITAD partner should be NAID AAA-certified, meaning its transport operations must comply with NAID regulations and are subject to NAID audits. Other logistics criteria include the timeliness of asset pick-up, secure storage of equipment until processing occurs, and the availability of transport tracking reports to ensure accountability.
Value Recovery: Realizing and maximizing the return on your IT investments
Many businesses and organizations don’t recognize how much latent value is concentrated in their unwanted laptops, desktops, servers, networking equipment, mobile devices, and other IT assets. The challenge: How do you efficiently and cost effectively extract this value?
Most major ITAD vendors will share a percentage of the net sales price for items or materials that have value.
Look for an ITAD partner with extensive experience in — and a solid commitment to — value recovery. This takes three main forms:
- Refurbishing and reselling hardware to wholesale and retail buyers
- Recovering IT components, such as memory, processors, and circuit boards, for remarketing
- Recovering materials, including precious metals and non-ferrous scrap, for sale to processing facilities
Most major ITAD vendors offer a revenue-sharing program for items or materials that have value. Typically, the vendor will share a percentage of the net sale price (less processing costs).
But not all revenue-sharing programs are created equally. For the most reliable revenue stream, choose an ITAD vendor that handles a diverse range of hardware and a variety of makes, models, and components.
Other factors affecting ROI include volume of refurbished items distributed to the secondary market (higher volume generally means better ROI) and the size of the vendor’s resale network, encompassing both wholesalers and partner channels.
Reporting: Clear, on-demand visibility into the entire ITAD process
What an ITAD vendor says it’s doing with your IT assets and what it’s actually doing may be two different things. Insist on full visibility into every step of the ITAD process involving past and current assets — your regulatory compliance, reputation and bottom line depend on it.
Vendor reporting capabilities should offer:
- Customizable reports
- Online client portal
- Data tracking versatility
First, find out how robust and customizable the vendor’s reporting capabilities are. Available reports should cover, at minimum:
- Settlement statements with pick-up location, lot number, date received, incoming weight, weight by commodity/product, processing charges, date completed, and credit or charge information
- Certificates of recycling and data destruction, including serial numbers and total weight of recycled material
- Audit reports that include manufacturer name, model number, serial number, weight, and the resale value of qualified units
- Remarketing settlement summaries with manufacturer name, model, serial number, weight, product type, and sale price
Secondly, how accessible and timely are these reports? Ideally, an online customer portal will deliver secure, real-time asset tracking and account information 24/7. Automatic email notifications from the vendor will further ensure that you stay on top of asset disposition and other essential details.
Service Experience: What differentiates the best ITAD vendors from the rest?
A lot of companies talk a big game when it comes to service excellence. But how many truly deliver it? What does service excellence really mean?
Your ITAD partner’s service offerings should include:
- A dedicated account manager
- Service level agreements
- Timely business reviews
In the ITAD sector, there’s a baseline for service. Of course, you expect an ITAD vendor to properly handle, transport, and dispose of your hardware, as well as the accompanying data. You shouldn’t have to worry about whether the vendor (or one of its partners) is illegally exporting your electronics or inadequately protecting your customer data from theft.
But you can insist on more. Specifically, seek an ITAD vendor with customer service as one of its core values and guiding principles. (If you’re not sure, ask!) An unwavering commitment to service excellence will manifest itself in a number of key ways, such as:
- A dedicated account manager who’s easily reachable by phone, email, and/or text
- A service level agreement that holds the vendor accountable for meeting deadlines (e.g., for pick-up, processing, and reporting)
- Advanced reporting capabilities, including a customer portal (available 24/7) and automated communications
- Conducts regularly scheduled business reviews with customers
Ultimately, the services of an ITAD vendor should enable you to focus on your core business objectives with minimal disruption to your operations.
ITAD vendor evaluation checklist
The following criteria are intended to help you make an informed decision about the choice of an ITAD vendor or to
evaluate the performance of your current vendor:
- Ideally, the contracted vendor oversees and controls every step in the
ITAD process - The provider (and any partners) are certified by nationally recognized governing bodies
- Data security is addressed from a number of critical angles, including compliance with NIST and NAID standards, available on- and offsite services, sufficient liability insurance, background checks, and video surveillance cameras
- The transportation of equipment complies with NAID regulations and is subject to NAID audits
- Hardware refurbishing/resale and material recovery are top priorities
- The vendor offers a revenue-sharing program and is able to maximize your ROI by handling a diverse range of items and by maintaining a large resale network
- Reporting provides real-time visibility into the entire ITAD process and is available 24/7 through a customer portal
- Excellent customer service is a core company value and is demonstrated in a number of ways
About Dynamic Lifecycle Innovations
Founded in 2007, Dynamic Lifecycle Innovations is a full-service electronics and materials lifecycle management corporation
specializing in IT asset disposition, electronics recycling, legislative compliance, product refurbishment, remarketing
and resale, materials recovery, and data security.
As an ITAD industry leader, Dynamic possesses deep experience in the nuances of designing and implementing customized disposition plans that are efficient, secure, robust, and environmentally sustainable. Hallmarks of Dynamic’s ITAD program include:
- Complete control over the entire ITAD chain of custody, from asset pick-up or drop-off to ultimate disposition and data destruction
- Adherence to rigorous industry standards and best practices to ensure the security of customer assets and data, from pickup to processing
- Certification by nationally recognized governing entities
- The use of industry-leading sanitization and shredding technologies at the customer’s locations or at Dynamic’s highly secure facilities
- Scalable, affordable cloud-based data erasure anywhere in the world with Wi-Fi access, helping to reduce risk and improve chain of custody
- A full set of logistical services, including NAID-compliant transportation
- A strong commitment to “reuse first” of IT assets and material recovery, creating ROI for Dynamic customers
- Comprehensive, customizable reporting, providing complete transparency and responsiveness throughout the ITAD process; includes a customer portal, available 24/7, featuring real-time tracking and shipping reports
- Service: one of six core values, the main guiding principle and foundation for the company’s success
For more information, visit the Dynamic Lifecycle Innovations website: thinkdynamic.com.
Dynamic Global Capabilities
With facilities and partners across the globe, Dynamic can handle all of your IT hardware lifecycle needs.
