The underlying objective of a successful ITAD program should be to ensure that your retired IT assets are managed properly, insulating your organization from any potential liabilities related to disposition. Risk management involves everything from environmentally compliant end-of-life recycling to the complete sanitization of re-marketable assets. Failing to adequately address the risks involved with ITAD can result in data breaches, loss of critical IP, environmental violations, and negative press—all of which can be very damaging. The following measures can be taken to ensure that your organization’s data and reputation stay out of harm’s way.
Data security is one of the most important components of the ITAD process. To prevent your data from being compromised, HDDs and other storage devices must be completely erased before reentering the market. You can assume this responsibility yourself, but individually wiping hard drives can be time consuming and free erasure software is often less effective than licensed professional solutions. Work with an ITAD partner who can efficiently and effectively wipe large volumes of HDDs and provide erasure reports to confirm execution for each drive. Thorough ITAD partners regularly audit the quality of their erasure activities by subjecting random samples of wiped drives to internal and 3rd party data forensics tests.
Asset tags and other identification labels should be removed from any asset you plan to resell. This generally occurs as a part of the financial reconciliation of your ITAM program once an asset is retired. Your ITAD partner should remove and record any tags left on assets as a part of your reporting requirement in the scope of work.
Assets that have reached their end of life (EOL) need to be recycled properly. Due to the growing number of exporters operating under the guise of “recyclers” it’s important to confirm that your EOL assets are recycled into reusable commodities in compliance with strict environmental health and safety standards. Do your homework – ask to see the vendors “downstream” flow of recyclable materials as a part of your due diligence process.
If you want to ensure the destruction of highly sensitive assets such as HDDs, custom hardware and other IP, be sure to work directly with the recycler who will be processing your equipment and request certificates of recycling. Some recyclers even provide ‘witnessed destruction’ services that enable clients to observe the destruction of assets.
The most effective way to ensure that your retired IT assets have been managed properly is to require transparent documentation of the entire ITAD process. Utilize an ITAD partner who can track the disposition of all your assets and provide detailed reports demonstrating that your requirements have been met (complete asset detail includes Make, Model, S/N, configuration, condition, pass/fail criteria, and value recovery/recycling costs – per unit).
Make sure that your organization is protected financially by requiring your ITAD partner to maintain the appropriate types and limits of liability coverage, and always request copies of Certificates of Insurance (COIs).
Insulate your organization from risk by ensuring that your IT assets are managed properly. Contact ECS for more information, or to implement secure ITAD solutions in your company.
As a leader in IT asset management and end-of-life electronics processing, ECS Refining provides a broad spectrum of solutions that enable OEMs, retailers, enterprises, and e-waste collectors to manage, disposition, and recover value from electronic devices while protecting sensitive data and mitigating downstream liability.