August 22, 2018
The year is slipping by and your organization simply has too many tasks and initiatives that require your attention. You’ve committed a large percentage of your technology spend to some innovative projects that will have a real impact on revenue, and your IT staff is almost drowning in work.
Really, who has time to audit their ITAD program?
After all, it seems to be working, doesn’t it? No known data breaches, equipment is collected when you remember to ask…if you remember to ask…and you really need to divert resources to more “mission critical” projects. Anyway, you’re saving the company money by simply pushing the whole asset refresh and disposition matter out to next year.
Right?
Not really.
As we discussed in our previous post, the sweet spot for taking assets out of service – both in terms of resale value and to avoid the increased maintenance of keeping them in service – is three years. But to reap the benefits of a three-year refresh cycle you must, of course, actually complete the refresh. This means acquiring and deploying new equipment and having your ITAD partner sanitize, evaluate, and remarket the equipment you remove from service.
But what’s even worse than delaying your asset refresh? Doing only half the job.
Some companies actually get through the first part of the refresh process – they purchase and deploy the new equipment – but don’t immediately follow through with having the assets removed, sanitized, and either remarketed or recycled.
Perhaps these companies simply reformat the drives – which doesn’t actually destroy the data – and put equipment in storage to disposition at a later date. Or perhaps they actually do have the equipment removed by a provider, but they’ve failed to complete due diligence or a yearly audit to ensure the company they’ve selected follows certified processes to ensure legal and environmental compliance.
In either case, this failure to audit an ITAD provider can expose a company to potential costs far higher than any of the big-ticket projects that took precedence over the ITAD program in the first place.
What are the risks?
- If you keep out-of-service assets on site, you run the risk of unauthorized access
- If you send assets to a company without audited chain-of-custody controls you run the risk of loss or unauthorized access through mishandling
- If your ITAD provider doesn’t use a verified erasure process you run the risk of assets being resold that still retain data
- If your ITAD provider isn’t e-Stewards or R2 certified you run the risk of assets being improperly disposed
- If you have a multinational operation and your ITAD provider doesn’t have consistent global reporting you run the risk of not being able to prove how your assets were processed
All of these risks can have financial ramifications for your organization. A data breach or improper recycling incident can result in fines or negative publicity…or both. And if that happens, the perceived “savings” from failure to audit your asset end-of-life process will be insignificant compared to the cost of dealing with the incident.
The take-away?
Just because IT Asset Disposition isn’t the largest initiative on your project list doesn’t mean it’s “safe” to let program reviews and audits slide. A well-run program provides security and financial returns that make yearly audits well worth your time and effort.
Mary Couse
Mary has been involved with the IT Asset Disposition (ITAD) industry since 2004, however she’s been passionate about reuse and recycling since her college days.