Companies of all sizes eventually need to dispose of IT equipment. This process called IT asset disposition or ITAD, can be complex and carry some inherent risk by its very nature.
If you’re considering a DIY approach to the ITAD process, make sure you’re carefully thinking through each step of the process ahead of time. Your goal should be to complete the process without inadvertently adding even more risk.
Not sure what to consider?
Let’s walk through the entire ITAD process – starting at the asset management phase through either re-use or end-of-life – and outline the potential pitfalls and risks at each stage.
ITAD Process: Asset Management
Ideally, you already have a process in place to manage all of the mechanics related to your IT assets. For example, you’re tracking what assets are in use, who’s using them, what licenses are active, and when the licenses expire. You also need to know what data is stored on each asset, any related compliance issues (e.g., HIPAA), how the asset connects to the environment, and what systems it can access. Finally, you need to know whether it’s leased equipment and, if so, when the lease expires.
These steps (and more) are part of the complex world referred to as asset management.
Tracking
The next step in asset management is tracking your IT assets. You want to know where they are, whether you can track them by serial number, what make and model they are, configurations, associated peripherals, whether it’s in use, in storage, and what’s happening to it when it’s removed from service.
Pitfalls and risks
- Systems – do you have all of the systems in place to manage this information for each IT asset?
- Knowledge – when you first acquired the asset, you knew everything about it. Did you keep up with it? Do you still have it?
- Process – what process do you follow to keep track of assets as they move through the ITAD process?
It’s probably ok if you didn’t retain all of the information above because you’ll be able to recapture it during the ITAD process. But recognize the risk that you’ll miss decommissioning an item if you don’t have a list to check it against.
Decommissioning
Now it’s time to decommission the hardware. Depending on location, there are different challenges associated with this step. For example, if it’s in a data center, you have to pull the servers out of use, make sure the data is backed-up, determine whether it’s encrypted, pull the asset out of the rack.
If the asset is located in an office, you need to remove it from the user environment, so you’ll need a process to manage that step – making sure you have enough people to gather all of the IT assets, track and securely package them. And if people are working remotely, like many are now, this stage can be incredibly complicated.
Pitfalls and risks
- Resources – do you have enough people to manage this process?
- Expertise – does your staff have the expertise to do this in a systematic way that’s trackable?
- Damage – can your team complete this step with minimal damage to your rack, server, or user environment?
Logistics
Next, it’s time to manage the logistics. At this step in the ITAD process, you need to know whether there’s data on the asset, where the asset is, and who is responsible for it. You also need to know whether it’s been appropriately packed, where it’s going, when it gets there and how and where it’s stored.
Pitfalls and risks
- Expertise – is your team prepared to manage each stage in the logistics process?
- Space – do you have the floor space or facilities to store the assets as they are removed and handled?
- Security – is your team protecting the assets, especially those with value?
- Damage – can you ensure that if the asset still has value on the books, it won’t be damaged?
- Loss – how will you handle the potential brand impact if the equipment is lost?
Data Sanitization
Next up in the ITAD process is sanitizing your data, and there are several ways to do this. You could overwrite it, degauss it (magnetically remove data), you can punch or crush it with a press, or shred/grind it. Regardless of the method used, you must have an audit trail for the assets.
This is one of the most critical phases of the ITAD process. You can’t afford any mistakes and must ensure processes and checks & balances are in place to eliminate 100% of the data on 100% of the assets, 100% of the time. There is no margin for error in this process.
Pitfalls and risks
- Expertise – do you have resources on your team that are knowledgeable about this step in the ITAD process?
- Security – is your facility secure? Are there cameras and other access controls?
- Process – do you have a consistent, repeatable process? Is it verifiable?
- Quality – do you have quality controls in place? Has everyone been adequately trained?
- Environment – what happens to the circuit boards and other materials after you sanitize the data? Are the toxin-containing components properly disposed of?
- Compliance – what are the standards or compliance requirements for your industry? Can you produce a report that shows how assets were sanitized, when, and by which technician?
Reporting
At this stage, you want to have evidence that you’ve handled your assets appropriately. A reporting system that manages asset-level information at the right level of detail is critical – especially one that’s formatted to sort data based on what the business needs.
Pitfalls and risks
- Accuracy – do you have an ERP or other systematic method of ensuring the data’s accuracy?
- Completeness – how will you make sure information is complete for each asset?
- Availability – can you quickly put your hands on the data you need and send it to others?
- Retention – do you have a document retention policy in place for the ITAD process? Are you able to keep information on file for years?
- Compliance – does your reporting help ensure you’re meeting any compliance requirements?
ITAD Process: Asset Re-use
It’s always preferable in the ITAD process to re-use assets – and in many cases, they can be. Here are the steps to follow if you’re taking this route and the associated pitfalls and risks with each.
Testing
Before assets are re-used, you need to test them to ensure they’re performing. To do this, you need the right tools and systems, standard procedures, and enough staff to follow the instructions every time. You also need to maintain records and easily produce reports that show where assets are located.
Pitfalls and risks
- Resources – do you have enough people in place to test assets?
- Facilities – do you have the space, workbenches, tools, etc., needed?
- Expertise – do they have experience and the tools they need?
- Quality – are there procedures and quality checks in place?
- Compliance – are you meeting any compliance requirements?
Repair
If your IT assets need repairs before they’re re-used, you need to have the right tools and components on hand. You also need systems that help you stay on top of repairs, procedures to ensure consistency, and a way to document repairs so you can produce reports if required.
Pitfalls and risks
- Resources – do you have enough people in place to repair assets?
- Expertise – are they adequately trained?
- Safety – some repairs can create hazards for the workers, including fire. Are your people trained and equipped for this?
- Quality – do you have procedures and quality checks in place?
- Cost – are you considering how the cost of repairs affects the asset’s value?
- Recycling/Disposal – for the defective components you removed, do you have proper recycling processes ready to handle them?
- Compliance – are you meeting any compliance requirements?
Resale
Now, you have a tested device that’s ready for resale. You have a few options for what to do next. Some companies have resale channels in places. Others auction off their equipment, let employees purchase it, or donate it to a non-profit.
Pitfalls and risks
- Financial – are you maximizing your financial return? If not, are you meeting your fiduciary responsibility to the company?
- Market risk – do you have existing resale channels? Are you moving quickly enough to ensure the asset is still marketable?
- Logistics – are you set up to pack or ship equipment?
- Support – will you run into support issues because a donation recipient needs IT help?
- Compliance – how will you maintain records and transaction transparency? Are you aware of and complying with all laws related to IT asset resale?
- Transaction – how will you track sales transactions? Do you have administrative processes in place to issue bills of sale or manage payments? What about handling fraud?
ITAD Process: Asset End-of-Life
You also need a plan for when an IT asset (or its components) reaches its end of life – there’s no option to re-use it further.
Component salvage
If there are salvageable components, you want to start by disassembling the asset and ensuring you don’t damage the component in any way. Then, you need to store the component, test it, and have a system in place to track it (so you know where the component is and how many you have).
Pitfalls and risks
- Resources – do you have people internally who know how to disassemble components?
- Expertise – do they have the expertise to complete this step correctly? With the right tools?
- Safety – have you trained your employees, provided the right PPE, and prepared the facility for the potential hazards resulting from the disassembly process?
- Damage – how will you handle the asset or component if it’s damaged at this stage?
- Quality – do you have checks in place to make sure disassembly is done each time correctly?
- Tracking – are you able to track the components if needed? Will you use serial numbers?
Recycling
Now, it’s time to separate materials into their commodity state for recycling. Many companies aren’t set up for this step in the ITAD process. They don’t have ways to deal with plastics, copper, and steel – not to mention the many other materials which can be hazardous or regulated (e.g., batteries, mercury, etc.). It takes the right tools and equipment; materials need to be handled carefully. You need to ensure wherever the materials are headed for next-step processing is credible and certified.
Pitfalls and risks
- Safety – do employees know how to handle materials safely? Do you have safety equipment?
- Environment – do you know the downstream impact of materials on the environment?
- Cost – can you afford to complete this step correctly? Or handle the cost of doing it improperly?
- Compliance – is your process compliant with local, state, and federal regulations, including permitting?
Disposal
At the disposal step in the ITAD process, you need to handle and store separated materials carefully. Then, you need to pack them up and manage distribution logistics to various downstream vendors, tracking everything along the way.
Pitfalls and risks
- Materials separation – does your team have experience handling separated materials?
- Handling/storage – does your team know how to store separated materials?
- Logistics – are you set up to manage packing, shipping, and other distribution logistics?
- Downstream diligence – are you confident in your downstream vendors?
- Compliance – are you protected from the fines associated with improper downstream disposal and recycling?
Partners Can Help Manage the ITAD Process
Can you DIY and handle each step in the ITAD process yourself? That depends. Are you prepared to manage the process carefully to avoid each of the pitfalls and risks outlined here?
If the answer is no, consider working with an ITAD partner. They can help you navigate each step of the process, reducing the major risks and the potential pitfalls.
ITAD partners have expertise and experience managing data, security, and compliance. They’ve invested in certifications and training for their team. They have systems in place to mitigate risk and manage data and reporting. Above all, they’re independent and take accountability for the entire process.
Want to learn more about the ITAD process, or do you need help implementing or optimizing your program? We’re here.