IT Asset Disposition (ITAD) is the last phase in IT Asset Management (ITAM). It’s often overlooked by companies who may create detailed requirements and plans for asset acquisition, but simply create one line of policy for disposition requiring that assets must be “disposed of securely and in an environmentally-sound manner.”
As we all know, what’s not specific can easily become difficult to manage and execute.
This comes with tremendous risk—chiefly, data security. Last year, the global total cost of a data breach was $4.45 million, a 15% increase over the previous three years, with the bulk of the impact and cost attributed not to fines or ransoms, but to the costs of cleaning up following the breach and the loss of customer trust and business.
Meanwhile, compliance penalties can also be hefty: in 2020, the Office of the Comptroller of the Currency (OCC) fined Morgan Stanley $60 million for “failing to oversee the decommissioning of two data centers connected to its wealth management business.” They also settled a related class-action lawsuit for $60 million.
Disposal methods range from storing assets in unsecured locations (i.e., piling laptops up in a locked IT closet) to securely shredding assets on-site. While technically the most secure option, shredding on-site often means devices are held onto for extended periods of time or handled in bulk. This is a costly data destruction approach, opening the door to error, loss, and theft.
Conversely, taking the time to develop a comprehensive ITAD strategy and plan can help you maximize the value of your assets while minimizing e-waste and other carbon emissions.
Getting ITAD right also means selecting the right partner who can bring expertise, the proper certifications to ensure compliance and secure data destruction, plus the experience and processes to execute, with transparency.
Security and Compliance
Security is of the utmost importance: it’s critical that as you retire devices, data is destroyed, securely, and there’s a secure chain of custody with documentation.
The right partner is also critical.
Take, for example, the Morgan Stanley case we mentioned that they were fined $60 million for. The bank had hired a third-party vendor to dispose of their data center assets, including to wipe data from their hardware and servers. However, personal identifying information (PII) remained even after the vendor sold the assets to a recycler.
Then, Morgan Stanley was fined again in 2022—this time $35 million by the SEC for “failing to protect the PII of 15 million people. Starting in 2015, over a five-year period, the bank hired a moving and storage company to decommission thousands of hard drives and servers. The company not only had zero experience in data destruction, but Morgan Stanley also failed to properly monitor their work. The moving company sold the devices to another third party, who then auctioned them online with unencrypted data still intact. While Morgan Stanley recovered some devices, they were not able to recover “the vast majority.”
- Choose a Reliable ITAD Partner: Select a certified ITAD vendor with a strong track record in data destruction and e-waste recycling preferably an ITAD company with automated processes like Unduit, to take most of the burden of your IT managers.
- Implement Data Destruction Protocols: Ensure all data is securely wiped or destroyed before disposal.
- Document Processes: Maintain records of all ITAD activities to ensure accountability and compliance.
Implement policies for ITAD Security preferably according to the General Data Protection Regulation (GDPR) and their own local data protection laws. This ensures that the disposed of asset does not become a liability in the future for the organization.
Upon acceptance of the offer, Carbon Neutral will securely pick-up and transport your IT assets to an ISO-Certified processing facility where they are audited, tested, de-branded and wiped clean in accordance with National Institute of Standards and Technology 800-88 Guidelines for Media Sanitization.
Assets de-branded
NIST 800-88 data wiping protocol
Data wipe & destruction certificates issued
“ITAD is the most commonly outsourced component of the ITAM lifecycle. And happy as corporations may be with having a third-party manage this responsibility, they often lack visibility into chain of command and accountability. To avoid these issues, your ITAD (and overall ITAM) processes should be designed to your company’s specific needs, and in a way that ensures transparency and industry-specific compliance.
When selecting your disposal vendor, make sure it operates to a certain set of standards, has consistently passed external audits, and possesses common industry certifications like ISO 14001, OHSAS 18001, and WEEELABEX. Consider asking for value-add services like data normalization, EOL/EOS data enrichment, and real-time resale value of equipment updates into your ITAM repository to help make more strategic decisions about the use and life of your assets.
Sustainability
IDC research found that while 90% of companies understand the “importance of sustainability in their IT infrastructure, most are still in the pioneering phase of sustainable IT...” While sustainability awareness and knowledge are growing, and goals are being set, putting it into action remains a challenge. This is made even more true as the demand for IT infrastructure and assets continues to grow rapidly, making the size and number of assets grow with it. Then, there’s the fact that for multiple, sound reasons, hardware refreshes are recommended every three to five years.
The Business Case for IT-generated Carbon Credits
The expectation, or responsibility, you have when you retire IT assets is that you will get a valuable ROI and dispose of the assets safely, securely, and sustainably.
But those assets can also be doing more for your organization, and with that, help move your IT team’s profile forward within the organization by providing value and moving organizational initiatives forward.
What we understand at Carbon Neutral Technology Corp., is that there is still a lot of value left in your aged equipment. We focus on finding that value and aligning your technology refresh with the principles of the circular economy.
By collecting, refurbishing, and reselling technology, our program eliminates the need for new equipment to be manufactured. Thus, the carbon emissions associated with the production and manufacturing of new technology are not incurred.
As a result, you earn top-value money back for your equipment and self-generate carbon credits for your organization. Depending on where your company is in its sustainability journey, these carbon credits can replace some of the credits your org may be paying for—but either way, it’s creating value and additional cash back towards your financial bottom line, while also delivering wins for people and planet.
“Although most companies believe that they have a plan to dispose of assets, IDC research data
suggests that only 15% use an asset disposition company. Unfortunately, common end-of-life
practices include storing assets in unsecure locations or following noncompliant disposal practices,
thereby putting sensitive data at risk” HPE report
- Look to examples of what your leadership has said publicly or internally about your company’s carbon reduction goals. You may even be able to find internal or public statements and accounts of your organization’s carbon credits: how many, what type, what category, and where or who they were purchased from.
- Note that Carbon Neutral Technology Corp., has worked with environmental organizations to develop our protocol to generate verified carbon credits through the refurbishment and resale of corporate IT assets.
- Carbon credits generated through Carbon Neutral Technology Corp., are serialized and registered on internationally recognized CSA’s CleanProjects Registry under ISO 14064 – Part 2 guidelines and principles.
- Our carbon credits are developed in North America for use worldwide. By being serialized on an internationally recognized standard’s registry, our carbon credits are suitable for retirement worldwide.
- Once transferred, you have the option to decide if you want to retire the carbon credits immediately and reduce this year’s carbon footprint or hold on to the credits and retire them at a future date of your choosing. Carbon credits will only count towards carbon reductions once they have been retired.
Finally, actively manage and compare your vendor’s services against others throughout the lifetime of your contract to make sure your evolving ITAD needs are being properly met. And make sure you’ll be sufficiently informed and prepared to adjust quickly if your ITAD vendor decides to close shop.
Tips for Getting ITAD Right
Here are several recommendations for how to help maximize your outsourced ITAD environment:
- Align yourself with an experienced ITAM partner to build out your ITAM and ITAD processes
- Involve a broad group of stakeholders, including IT, Security, Finance, and Vendor Management, and consider how activities within each phase of the ITAM lifecycle can enable ITAD
- Account for varieties of asset classes and disposal needs in order to develop a logical process that considers regional and local regulation
- Use a trusted ITAD vendor that has the footprint to cover your regional or global needs, but constantly assess your needs and their capability/performance against peers
- Ask your ITAD vendor to provide additional value-add services to enable strategic ITAD decisions (e.g., EOL/EOS data enrichment, real-time resale value of equipment updates)
- Consider having your ITAD vendor integrate into your ITAM repository to provide automated updates to asset status, Certificate of Disposal, data destruction certificates, and donation receipts.
Getting ITAD right means having the information at your fingertips to enable dynamic investment, help maximize asset value, keep data secure, and enable customer trust.”
SHARE THIS POST
