IT asset acquisition requires careful consideration and post-purchase implementation. IT asset disposition (known as ITAD) involves the full lifecycle of an asset while owned by the business.
Every IT asset has a lifecycle. A home user might use a laptop for 4 – 5 years, but most companies expect a shorter lifespan. The equipment must operate more reliably and at an appropriate speed. Obsolete technologies have no place in modern business environments and may permit a data breach or introduce additional security risks.
ITAD strongly focuses on optimised management and subsequent safe disposal of IT assets. To manage data protection, sometimes equipment is securely data wiped. Other times, data storage is destroyed to prevent data recovery by a third party.
Companies must ensure proper asset disposal to fully comply with environmental laws. For example, a business laptop may be sold to an IT reseller, donated to a charity, or passed to an ITAD vendor to destroy it. All actions must be documented for auditing and compliance purposes, too.
Below is a detailed guide to responsible ITAD.
Understanding ITAD
Virtually every business requires technology to operate. ITAD refers to the complete lifecycle of every piece of technology introduced inside the company.
ITAD 101
Asset management begins with creating an inventory for every IT asset – this acts as a chain of custody. Then each asset is labelled. Assets are tracked to create an audit trail from initial acquisition to disposal.
The expected lifecycle of an IT asset does not match its anticipated end-of-life date. Instead, the lifecycle is the duration that the asset is owned by the business. For example, the company may choose to purchase all laptops as new and retain them for 2.5 years before disposing of them.
The above policy reflects the anticipated decline in laptop performance as it ages, where even well-maintained equipment suffers. Operating systems and other software upgrades continually require better PC specifications. Both factors encourage companies to pay for IT asset disposal before the equipment fails and is unrepairable.
Therefore, disposal often refers to the resale or donation of functional IT assets rather than their reaching a landfill. Such IT assets are often still usable by people or organisations not requiring the latest, high-end equipment. Depending on the scenario, data may be cleansed, wiped entirely, or devices sanitised in other ways before disposal.
The Stages of ITAD
Asset acquisition: When an asset is first purchased, it must be processed. The IT asset is added to an ITAD ledger – specialised software is available for this. Or, for a small pool of assets, some companies adopt a simpler method, such as a spreadsheet.
The asset record information should include:
- Asset coding number.
- Department assignation.
- Name of the item.
- Description of the item.
- Purchase date.
- Planned end-of-life date (best estimate if not known at the time).
- Expected lifecycle end date.
- Confirmation of whether secure data needs erasure before disposal.
- Confirmation if the asset must be destroyed rather than resold or disposed of.
Management of IT assets: Monitoring the expected lifecycle date for all IT assets is necessary. Once the expected date has passed, the ITAD management team contacts the relevant department to arrange for the collection of the asset. In some situations, it is agreed that the asset is to be used for a longer period, such as 6 months. If so, the lifecycle date is updated accordingly.
The logistics: Before its transfer to the ITAD team, arrangements are made to replace the older asset (laptop, printer, router, etc.). A centralised IT acquisition team, in coordination with the finance department, arranges for the purchase of replacement equipment. Coordination is necessary to order, receive, and introduce the new IT asset into the necessary department. The IT department handles any local data transfer between devices.
Data erasure: Some IT assets require secure data erasure. This might include overwriting existing data storage, such as a hard drive on a desktop PC, to prevent subsequent data recovery. Other times, storage devices are degaussed, removing the magnetic field from a storage device for added permanence. Occasionally, data storage systems must be destroyed. Printers and scanners store records that must be erased before disposal, too – this is often overlooked.
Responsible recycling or destruction: Operable IT assets are sometimes recyclable, i.e. sold in the secondary market to a second-hand laptop specialist as part of the disposition process. Other assets are either too old or must be destroyed for security reasons. IT equipment resellers commonly collect goods from the previous corporate owner. ITAD operators collect electronic waste for planned destruction to adhere to UK regulatory requirements for IT equipment. This reduces any environmental impact to a minimum and is more sustainable.
Best Practices for ITAD
ITAD best practices are essential. Otherwise, important aspects are easily overlooked.
ITAD Team Formation
Companies need to form an ITAD team composed of personnel from multiple departments. This includes the finance, IT, and compliance departments. Collectively, they manage the IT inventory from the beginning to the end.
The IT and Finance departments manage IT ordering and purchasing, asset configuration, installation, and subsequent disposal activities. The Compliance department controls and monitors the logging of essential IT asset information and ensures legal compliance for data protection and asset disposal.
ITAD Policy Development
Good business processes are a must. Therefore, a thorough ITAD policy must be developed.
The ITAD policy lays forth IT lifecycle expectations, alerting methods for upcoming lifecycle expiries, appropriate removal of login credentials, data erasure methods, and asset disposal options. Disposal options within the policy vary depending on asset type, secure erasure requirements vs. degaussing destruction, and more.
All stated policies must adhere to the environmental laws of the land. This applies whether through recycling, repurposing, or destruction and disposal of assets. Any ITAD vendor or partner must also meet or exceed legal requirements. This avoids potential environmental fines and negative brand reputational risk.
Benefits of Partnering with an ITAD Service Provider
Coordinating between multiple departments is tricky – things can potentially fall through the cracks. Instead of trying to do it yourself, a solid option is to use a reputable ITAD provider with a suitable ITAD policy already in place.
ITAD service providers already are apprised of all relevant UK laws and local requirements. They also keep up with changing legal requirements and environmental expectations to avoid headaches down the road.
Regulatory Compliance and Data Security
Regulatory compliance applies to data security and asset disposal policies.
For example, the General Data Protection Regulation (GDPR) relates to data protection laws to safeguard customer data. Data must be protected from loss, which may affect consumers. From an ITAD perspective, data wipes or degaussing of hard drives containing sensitive customer data protects them from falling into the wrong hands after disposal.
Recent e-waste statistics suggest that almost 1.5 million tonnes of IT waste are accumulated annually. Local environmental laws enforce e-waste recycling in various forms, including reuse, recycled use (sold to a third party to use), or destruction. The e-Stewards badge confirms that businesses adhere to relevant e-waste and recycling standards.
Here are some strategies for data destruction:
- Data wiping (where data is overwritten multiple times) to delete data and files.
- Degauss storage media to remove its magnetic field to prevent data recovery.
- Physical destruction of any IT assets ready for disposal that store confidential data. This prevents data recovery by a third party.
Section 4: Environmental Responsibility
Companies have a responsibility to protect the environment and ensure that their business operations do not harm it. There are a few strategies for achieving this goal:
Reuse over landfills: Equipment is often reused by a third party. For example, an older router can be reused as a reliable network repeater for a multi-storey hotel. In this way, the hotel avoids purchasing a new router, and the environment benefits from one less piece of IT equipment ending up in a landfill.
Recycling: Equipment can be recycled by stripping it down to its basic parts. Rebuilding faulty equipment by replacing a broken component with a second-hand part solves the inconvenience of buying a new one. This is especially useful for sought-after but hard-to-source older parts.
When using an ITAD provider, they must adhere to certified environmental standards. An inferior ITAD strategy risks creating legal issues for both the provider and your business. As such, it pays to be selective when choosing an ITAD vendor.
Choosing an ITAD Vendor
Evaluating ITAD vendors is necessary. They are not all created equal.
Here are 5 criteria to consider:
- Review authentic customer reviews.
- Compliance with UK environmental laws.
- Adherence to e-waste and recycling certified standards, e.g. e-Stewards, R2, or the Waste Electrical and Electronic Equipment (WEEE).
- Full compliance for adding, tracking, and managing all IT assets.
- Audit trails to manage any future requests for IT assets owned or previously disposed of.
Complete transparency is required when selecting an ITAD vendor. Every step taken in an asset’s lifecycle must be correctly documented, ensuring that such details can be verified upon request.
Conclusion
Companies must ensure that their business operations do not negatively affect the planet. ITAD practices, from acquisition to disposal, must ensure good stewardship. Customer data must also be protected and, where necessary, overwritten or destroyed in a compliant manner.
Working with an ITAD specialist allows your business to focus on its core tasks. An ITAD vendor follows proper ITAD practices while managing your company’s IT assets. This includes staying current with the latest data security and environmental regulations.
If you are interested in selecting and working with an ITAD vendor, talk with our qualified team at Microbyte. We can guide you in the right direction.
