...
White Paper
March 14, 2018

How to Develop an Effective ITAD Policy

Blog Image

Does your organization have a formal IT asset disposition (ITAD) program that dictates how decommissioned hardware will be managed when it is removed from service? Before you act, your organization needs to establish a formal policy that outlines specific requirements relating to IT asset disposition. ITAD affects a diverse mix of stakeholders in any organization, therefore decision makers from the affected departments should be involved in developing your ITAD policy. These departments and their primary concerns generally include:

Information Security - data security compliance (HIPAA, SOX, PCI, etc.)

Asset Management - asset lifecycle management; integration with ITAM system/software

Data Center Management - manage expensive data center assets; unique data security requirements

Finance/Accounting - manage the cost of ownership for IT assets; asset depreciation

Facilities - physically manage the triage, storage, and transfer of retired IT assets

Environmental Health & Safety - ensure environmental compliance; downstream chain of custody

 

Incorporate feedback from the stakeholders in your organization to establish an ITAD policy that addresses the following elements in some form or another:

Timeline – 

Identify the length of depreciation for each hardware type and establish a disposition timeline for fully depreciated assets. IT assets are typically depreciated over 3 years but can be used for up to 5 years depending on performance requirements, hardware and software warranty timelines.

Vendor Certification – 

Identify which environmental certifications you will require your ITAD vendor(s) to maintain (e-Stewards, R2, ISO14001, CHWMEG audited, etc.).

Data Erasure Standards – 

Identify which wiping standards you will require your ITAD vendor to utilize (NIST 800-88, DOD 5220.22-M, etc.).

Physical Destruction – 

Destruction may be required to protect your brand and intellectual property or fulfill other data security requirements (such as HIPAA compliance). Identify which assets (if any) require physical destruction and establish how destruction will be confirmed (certificates of destruction, witnessed destruction, etc.)

Storage –  

Identify storage capacity and a secure physical location for storing retired assets before they are removed from your facility.

Chain of Custody – 

Identify downstream chain of custody requirements and establish vendor auditing procedures.

Asset Reporting – 

Identify what information is required to “close the books” on your retired assets. This information should integrate seamlessly into your IT Asset Management system/software.

 

As a pioneer in electronics recycling and ITAD solutions since 1980, ECS understands the many facets of the disposition process and we’ve provided best practices to keep you ahead of the curve when the time comes to retire and refresh your IT hardware.

For more information, or to discuss your ITAD program contact one of our experts today.