Lifting the Lid on ITAD

Don't have time to read the whole guide now? Download a copy now for instant access:

Risks and challenges posed by internal ITAD and how switching to an external partner can mitigate these

The IT landscape is complex and in constant flux. Staying on top of regulations is paramount for businesses in avoiding risk exposure and financial damage. IT Asset Disposition, or ITAD, is the process of managing the decommissioning of end-of-use IT assets in a manner that ensures data security and environmental compliance while maximizing residual value. Consider securing an efficient, compliant ITAD partner who can mitigate against risks while supporting your enterprise across the three main pillars of ITAD: data security, sustainability, and value recovery.

Supporting Robust Data Security

itad-1-470x407 It is important that any data is securely erased and destroyed from your end-of-use devices to comply with data protection regulations. Keeping data secure is not only applicable while it is in use within your company, but also when the data-bearing device reaches the end of its useful life. An ITAD partner mitigates your risks and provides liability coverage protecting against the financial impact of potential asset loss or data breach.

1. On-site vs off-site, and the chain of custody

Some companies may wish to find an ITAD partner to sanitize data onsite as opposed to or prior to shipping those devices to an ITAD processing facility. An enterprise class ITAD partner will ensure all vendors handling your devices throughout the supply chain will adhere to a strict chain of custody processes, minimizing any risk to your devices while they are in transit.

2. Theft of physical devices or remote data breaches

Theft is a risk wherever your device sits, whether within your facility, in transport, or with your ITAD partner. Physical security arrangements must reflect the importance and sensitivity of data housed on the devices. Data breaches can lead to severe fines, loss of any proprietary information that may have been involved, and damage to company reputation, which in turn can have ongoing financial implications. For breaching the General Data Protection Regulation (GDPR), the Information Commissioner’s Office (ICO) has previously fined British Airways £183.39m and hotel chain Marriott £18.4m for failing to demonstrate having the appropriate measures in place to protect personal data on their devices after the companies were hacked. Your ITAD partner will minimize the risk of theft by deploying measures such as background checks on employees and the installation of comprehensive security systems (for example, video monitoring, intrusion detection, and controlled access). Moreover, an asset tracking system allows the ITAD partner and clients to track each individual asset at any point in the disposition process.

3. Understanding your data responsibility

Committing time, training, and resources to continually understanding regulation changes may be onerous. It is not likely to be a top priority within overall business functions, but it is vitally important for the reasons outlined above. By contracting an expert and specialized ITAD partner, you outsource the process of ensuring your policies and practices are continually aligned to the latest legislation, thus in turn reducing the in-house cost of supporting this function.

4. Managing a data security budget

Research suggests that security policies and budgets exist mainly for devices while in use. Consider the fact that unwiped, end-of-life devices could house accessible data, exposing businesses to risks from loss and theft of assets which are vulnerable to physical hacking and accessing of passwords, PII (personal identity information), and other company confidential

information. An ITAD partner provides solutions to bridge this gap, removing the data on end-of-life devices, and these additional costs need to be factored into a data security budget that is secured at all stages of the device’s life.

Environmental Responsibility: Reducing CO2 and Damage to our Planet

itad-3-512x353 Enterprises are becoming accountable for the CO2 emissions and e-waste that their operational footprint generates. As with data protection, environmental protection is also regulated with financial implications for non-compliance. The size and scale of greenhouse gas (GHG) emissions and landfill contributions can negatively impact your company’s reputation. There are two main ways an organization can reduce their negative impact on the environment when their devices reach the end of their useful life; find a secondary use for the device, or make sure they are disposed of in an environmentally responsible manner. An ITAD partner should track the final disposition of all of your devices and be able to provide data showing the carbon savings you have accumulated by choosing to reuse, resell or redeploy product rather than buying new technology.

1. Extending the device lifecycle

Look for an ITAD provider that focuses on finding a secondary use for your functional devices. By extending the life of your end-of-use IT assets through refurbishment and repair then redeploying them within your organization or finding a home for them in the secondary market, you reduce the resources needed to manufacture a new device. Mobile network provider, Giffgaff, reports that opting to use a refurbished smartphone over a new one saves 50kg of carbon.

2. Disposal of technology

Not all technology because of age or condition can have its lifecycle economically extended and will need to be destroyed. The Waste Electrical and Electronic Equipment (WEEE) recycling directive makes businesses responsible for their e-waste and non-compliant disposal can

lead to fines. In 2019, the UN stated3 that of the 50 million tonnes of global e-waste generated each year, 20% is recycled formally; the rest goes into landfill or is informally recycled by hand, posing huge environmental and health and safety concerns. It is predicted that by 2050, 120 million tonnes of global e-waste will be generated annually. A reputable ITAD partner will compliantly dispose of e-waste as responsibly as possible, recycling as much as possible, avoiding landfill and negative impacts on the environment.

Recovering value

itad-4-584x454 There is potential to recover value from devices that would otherwise end up in landfill or remain collecting dust in an office cupboard. There are options to enable the recovery of some value which could in turn be invested back into asset management and security of the remaining equipment.

1. End-of-life devices

Asset management on behalf of an enterprise should focus on maximizing the potential value in finding a second life for devices. An effective way of recovering the highest monetary value can be through refurbishment and reuse. Not all ITAD providers have an extended capability of repair and refurbishment, and therefore it’s important to find the most comprehensive set of services to ensure an optimized solution.

2. Minimizing cost of recovery and maximizing resale value

A good ITAD provider should have a secure and cost-efficient transportation network in place to collect your devices, whether it’s for bulk collection or single-user collection. Ideally, the ITAD provider should act as a single point of contact for the entire delivery of the service covering the collection of the equipment, asset processing, audit report, resale and recycle of the equipment with all the required reporting, saving you valuable time out of your day-to-day business. A key component in maximizing value is to choose a provider that has the most diversified multi-channel sales strategy including e-commerce, resellers, and a wholesale network.

3. Enhancing the cosmetic condition

Should you decide to resell your decommissioned devices after they have been securely wiped of data, the visual condition of the hardware could impact the value of the device. By cost-effectively refurbishing and re-kitting products, you can obtain a higher resale price. Each device due to be resold is given a grade based on its functionality and its cosmetic appearance.

Maintaining infrastructure on-site and remotely

itad-5-792x410 Historically, most organizations were not equipped to manage remote workforces on a large scale, but the COVID-19 pandemic changed the approach to work. Many organizations have adapted to maximize workforce efficiency and productivity, regardless of where they work. In response to this shift, ITAD partners have evolved, broadening their offer to include storage, custom pre-configuration, end-user device deployment, and recovery, alongside bulk device management to enable IT departments to efficiently support all workplaces.

1. Break/Fix

Working from home means relying heavily on technology to remain connected. A faulty router or laptop can prevent an employee from working and minimizing the time required to get an employee back up and running is important. One way to do this is through the rapid, advanced exchange of hardware (repair and redeploying or disposal of the old equipment are a secondary requirement).

2. New starters/leavers

With the reduction in the amount of office space, many staff will find themselves starting or finishing a role from their home. They must be equipped to get up and running as quickly as possible on pre-configured assets to benefit from a seamless and efficient start with their new company. For leavers it is key that their valuable assets are recovered as quickly and securely as possible, data is processed compliantly, and devices are repurposed. Before being reused, a device may require cleaning, re-imaging, upgrading, re-kitting, or repackaging, and all of these tasks can be completed before returning the device to the asset pool.

3. Device refresh

When performing an IT estate refresh, a seamless transition from old to new is key. New devices may require more configuration before deployment and legacy equipment will need to be securely recovered once the new equipment is up and running. To do this, organizations may benefit from taking a fresh approach to the way they manage their IT estate. Organizations should consider using a partner that has the processes in place to manage the full product lifecycle and map out the end-to-end process so that they can identify opportunities to reduce costs, meet sustainability goals and improve productivity.

4. Remote worker asset recovery

Where you have large quantities or large devices to dispose of, your ITAD partner will be able to collect from your sites. Where there is a single device needing collection, perhaps from a remote worker, a box program would be suitable. Box programs are rising in popularity as an affordable solution to cover mobility devices, such as tablets, laptops, and smartphones, in need of a fault/fix solution so staff downtime can be minimized. Look for an ITAD provider that can send out new or refurbished devices whilst simultaneously arranging the collection of the faulty devices at the same time as issuing the replacement. The faulty device can either be returned directly to you or managed for repair. The COVID-19 pandemic resulted in a shift towards more remote working so people are no longer in a centralized location for hardware to be collected from. This solution is ideal for supporting remote workers.

ITAD Processes and Detailed Reporting

1. Robust processes

To get the best value from the resale of your devices, there’s specialist equipment and software that must be used to process these accurately, safely, and efficiently. Staff using these machines need the correct training and skill to use them, plus maintain a passion for troubleshooting and problem-solving. The ITAD partner should have robust, documented processes, underpinned by industry recognized accreditations such as ISOs, to ensure uniformity and provide assurance that you and your assets are in safe hands.

2. Metrics supporting ESG objectives

Environmental, Social and Governance (ESG) strategies are becoming increasingly important to enterprises and so is finding quantitative evidence to reflect improvements. Through instigating ITAD processes, your partner should be able to produce visibility of all the tonnage in CO2 emissions saved and materials recycled/reused. These can be used for reporting to end customers or stakeholders and enable you to showcase your ESG achievements.

3. Tracking assets

When your ITAD partner provides warehousing for your assets, they should have in place an inventory tracking system that enables visibility over your asset inventory. This allows you to request specific assets to be despatched. You should also be able to track your assets as they move through the disposition process and see the outcome for each device, plus access any data security certifications and related documentation.

How to choose an ITAD provider

itad-7-593x302 Rather than search for a company that promises unlimited or financially unsustainable liability coverage, instead choose an ITAD partner who has strong financial resources to back up any commitments, carries industry-appropriate levels of insurance, has an excellent security history, and offers strong chain-of-custody and process controls. A provider with those attributes, plus advanced onsite service capabilities, will be able to collaborate with you to build end-to-end security measures into your ITAD program before the first asset is collected.

The ultimate responsibility for protecting and keeping data safe varies country by country and will depend on local laws and regulations. For example, for those protected by GDPR, the responsibility is shared between the data controller and the data processor, so there is an equal liability in the event of a data breach. If you are in a regulated industry or have a specific risk profile that requires extraordinary security measures, the most secure option will be to implement on-site data sanitization services. However, there’s a notable shift towards more sustainable ITAD processes, particularly as business guidelines are tailored to achieve ESG objectives. For a more ethical outcome, businesses should consider an on-site data erasure and re-use of IT assets.

An established ITAD provider will have a range of service options available so you may customize your program based on the data and security scenarios specific to your business. Choosing an ITAD partner with relevant certifications, such as e-Stewards, ensures your end-of-service assets will be recycled in a responsible and compliant manner. Your ITAD partner will supply a serialized Certificate of Data Erasure & Destruction for each asset they process.

By actively partnering with a major provider, and by implementing data security measures as foundational elements of your ITAD program, you will achieve a security solution tailored to your specific requirements that will proactively remove risk and protect your business.

A well-managed ITAD provider will minimize risk by putting in place a set of sophisticated and robust process controls. They will fully train and proactively manage employees who work with client assets, they’ll use industry and process-specific management systems, and they’ll maintain all relevant certifications.

In looking to offset inherent risk, companies sometimes lose sight of the fact that high-limit liability coverage – and even robust insurance to back up liability commitments – does nothing to reduce the actual risk of asset and data losses and the business damage that would follow a loss. An experienced ITAD provider is not only acutely aware of the risk factors around asset end-of-service, but they also have a strong incentive to minimize that risk.

Customer Premises Equipment Returns and Refurbishment Program