New regulations have been introduced in regards to the IT asset disposition process. These new regulations make it impossible or significantly more challenging to dispose of your IT equipment, such as servers, hard drives, and any other data bearing devices. It isn’t as simple as dumping the equipment in the trash or passing them on to employees.
If you fail to follow proper procedures and regulations when disposing of your IT assets, there are many negative things that can occur. These dangers include damage to your reputation, large financial penalties for data breaches, legal challenges and suits, dangers to our environment and human health dangers that can occur if the toxic materials in IT equipment is improperly dumped and leeches through soil or into fresh water supplies.
Due to the regulations that are in place and the dangers associated with improper disposal, it is important that your company secure a process to ensure that your equipment is disposed of safely and securely.
ITAD Is the Beginning of the End for an IT Asset
ITAD, or IT asset disposition, is the final, but important, step in an IT asset’s lifecycle. However, when the asset reaches its end-of-life, you cannot simply dispose of it or give it away. There is still much to be done to safely dispose of IT assets. In 2016, a report by Cascade indicated around 85% of companies now have a policy in place for how IT assets are disposed of. Does your company?
The ITAD process also involves preparing equipment for resale, donation or recycling such as keeping them in good condition, keeping all of the accessories together, such as the power cables and keyboards, and removing passwords and locks.
The DIY Route or Using a Third Party Vendor
Before your IT equipment can be donated, recycled or resold, any data on the equipment must be properly wiped and removed. Think about it for a second. How much information do you have stored on your desktops or laptops? You may have pictures, customer names, address and phone numbers and financial information. All of this information must be wiped clean from the IT equipment to ensure it does not end up in the wrong hands.
Some companies can wipe data themselves and either resell, donate or recycle the equipment. But it’s only practical for small businesses, not large ones or one with large data centers. And even for small businesses, it requires expertise and time most small businesses don’t have. For example, you will need to inventory all of the equipment and know which devices are data bearing and which parts can be reused. If you don’t know this information, you won’t get far in ITAD yourself. This is why most companies, large and small, use a third party vendor.
Resell, Donate or Recycle – What to Do with Old IT Equipment
Another decision that needs to be made is what the final stage is for the equipment.
Options depend on both the company disposing of the equipment, the ITAD vendor used or whether companies go the DIY route. If computers and equipment are quite new and in good condition they may have resale value and the business can recoup a percentage of their sale fees by reselling it. Some equipment can fetch significant returns which can be vital for a company’s IT department.
Some equipment is older and it may not have much value in terms of reselling it. But if it still works, there may be many local non-profits that can use the equipment or find a good home for it. In this case, donating it and getting a tax write-off may be beneficial.
Finally, some equipment is broken or so old that it has no resale value and cannot be donated. For these items, recycling makes the most sense.
Ideally, as much of the equipment should be reused as possible – so donate or resell. Most reputable ITAD vendors will offer this. Reusing equipment reduces your carbon footprint by reducing the need to make more computers, gives others a chance to access IT and keeps harmful materials out of landfills.
If you decide to go the DIY route, then you need to ensure data is wiped appropriately before re-selling or donating, something that reputable ITAD vendors can take care of for you if you don’t want to go it alone.
If you have IT equipment that you need to dispose of, it is important to act quickly. Don’t let old equipment gather dust. Assets deprecate at a rate of 3.5% per month.
Additionally, a special deal or new software release may mean many companies upgrade IT equipment at the same time. This can cause the reuse market to be flooded with lots of the same IT equipment. The longer a company holds onto their equipment, the less demand and resale value there will be.
A great ITAD company can help you to prepare your equipment for disposition and either sell it or donate it as quickly as possible before it loses value or becomes dated.
Vetting a Third Party IT Disposition Vendor
When you are selecting a third party IT disposition vendor, it is important that you conduct a thorough check on the vendor. To help with this process, the EPA has produced a checklist for federal agencies to find a suitable partner. Businesses such as yours should use a similar checklist when looking for ITAD solutions.
There are many items that you should pay close attention to when you are vetting a third party IT disposition vendor. One of the things you should look closely at is whether the vendor is either R2 or e-Stewards certified. You want a certified company so you have peace of mind they know what they are doing. Also look carefully at whether the vendor subcontracts out any parts of the ITAD operation. If they do, how do they vet their subcontractors? And does the company make you aware of who will have access to your data at every stage of the process? You are responsible for your IT equipment and the data on it, so it is important that you ensure there are no breaches, the company holding the equipment is reputable and that they follow the same best practices as the third party vendor you hired.
A Secure Transfer & Data Destruction Process Looks Like This
If you choose to use a third party vendor, ensure that they have an airtight procedure for collection, transportation, destruction or sanitization of data and eventual disposal or reuse. At CompuCycle, we take every step of the ITAD process seriously to ensure your IT equipment is always in good hands. Here are some of the steps that we follow to ensure the data destruction phase of the process is a secure one.
The first step we take is by thoroughly background checking all of our employees. We want only the best of the best working for us. We take the time to complete thorough background checks on every employee who works with us and they carry Transportation Worker Identification Credentials (TWIC) cards at all times.
We can perform our data destruction services on-site at your place of business where you can witness the secure destruction of data or we can safely transport equipment back to our secure facility to carry out the work.
When we remove assets from your location, we lock them up inside cases before we loading onto our trucks. This gives you peace of mind that the equipment is secure while it is being transferred from your facility to our facility for the next step in the ITAD process. We use trucks that feature GPS tracking information and allow us to see when the doors are opened. This allows us to track where your equipment is at all times.
The third step is arriving at our facility. When the trucks or vans with your equipment arrive at our facility, you can rest assured they are entering a safe environment. Our facility is locked at all times and access-controlled. There are also cameras everywhere, ensuring only those with access to certain areas can enter. We also have an alarm system, preventing break-ins. Lastly, we store employee lockers in a separate area from the facility. The employees and their bags or purses are scanned when entering or exiting, help to prevent theft.
Lastly, CompuCycle carries error & omissions insurance and pollution insurance as another layer of security. If something unexpectedly does go wrong, we have the insurance money to cover it, ensuring you won’t have to come out of pocket for the mistake. All these steps combine to create a robust system which minimizes the chance of risk or error, making clients fully compliant with local regulations and enabling socially responsible recycling.
Keep Track of Every Asset
A company’s IT asset management is responsible for your company’s equipment from cradle to grave. They need to know what happens to it, even when it leaves the premises. As such, they should use an ITAD vendor that tracks each asset at every stage of the ITAD process and notes which parts were reused and which ones were recycled.
Certification & Documentation
In case of an audit or legal challenge, it is important that a company have its asset disposal well documented. The documentation should be available in different formats that your company can easily access and share if needed. These documents should including any reports, settlements, and certifications in regards to the destruction of your IT equipment.
Some of the specific documents that a certified organization should provide you with includes a complete report of the IT assets that were given for ITAD services, a report that details what happened to each asset, a serial number for every hard drive that was destroyed, a Certificate of Recycling for the recycled materials, a Certificate of Data Sanitization (for wiped equipment), and a Certificate of Data Destruction (for shredded equipment). You should also get receipts with serial numbers for every piece of equipment that was resold.