What to look for in an ITAD provider

 

With strong new privacy regulations about to go into effect in Europe and pressure growing for measures in the US, there has never been more at stake in protecting sensitive digital information all the way through its lifecycle – including disposal.

 

IT Asset Disposition (ITAD) is a program that safely disposes of IT assets having e-waste such as old PCs, tablets, servers and disk drives in a way that guarantees against inadvertent disclosure of data. In some cases, the equipment may be destroyed through shredding or grinding. Or it may be cleaned and re-sold, with the customer receiving a percentage of the residual value. No matter how equipment is disposed of, the data should be secured, and the assets tracked and documented at every stage of the disposal process.

 

When faced with a mountain of old computer equipment, it's a natural impulse for an IT manager to simply want to find someone who will make it all go away. But disposing of IT assets isn't the same as throwing out old desks and chairs. Computers, disk drives, cell phones, flash drives and even printers may contain sensitive data, vulnerable to being breached, which could leave a company facing lawsuits, regulatory action and brand damage.

 

Deleting data or formatting storage media is no protection. Those processes simply remove digital pointers to data, but they don't delete much of the data itself. Even disk drives that have been formatted multiple times may still have plenty of recoverable information.

 

ITAD is a specialized discipline that incorporates multiple checkpoints, protections and an audit trail, as well as verification of data erasure and asset destruction. John Sharpe, Director of Product Management at Iron Mountain, suggests seeking ITAD providers that employ the following practices to make the process secure (SITAD):

 

Auditable process and workflow - Each item marked for disposal should be logged in an inventory and tracked through the entire disposal process. A best practice is to affix a scan code at the point of surrender and scan the tag at each handoff point. The inventory management system should flag any missing items and create an exception report. The customer should be able to audit the process at any time.

 

Secure logistics, transportation and vehicles - Equipment is never more vulnerable than when it's in transit. Items can fall off open truck beds, and unlocked vans are an invitation to thieves. Look for ITAD providers that use closed, secured transportation and secure handoff points monitored by closed-circuit cameras.

 

Visibility into project status - Customers should never be in the dark about the status of their surrendered equipment. An online tracking system, like that used by package delivery services, should enable customers to identify the precise location and status of their equipment whenever they desire.

Background-checked employees – The best logistics in the world are useless if employees can't be trusted to adhere to them. Anyone who will touch your equipment should be background-checked, and employment policies should detail behavioral standards and penalties for noncompliance. You should be provided with a copy of those policies if you request it.

 

Proof or certification of destruction - This is a document that verifies that equipment has been scrubbed, recycled or destroyed in a manner that satisfies the terms of the contract. There is no governing body that issues certificates of destruction, so it's best to work with an ITAD supplier that has been certified by a respected third-party standards organization such as e-Stewards or Sustainable Electronics Recycling International.

 

Full erasure of assets to be remarketed - If assets are identified to be refurbished and remarketed, your ITAD provider should give you a certificate that verifies complete erasure or destruction of storage media that was on those assets.

 

Guarantee of zero toxic material deposited to landfill – E-waste is a growing problem, particularly in underdeveloped countries. Twenty-five states currently have electronics recycling laws, and efforts are underway to create regulations at national and international levels. Computer equipment contains toxic metals and chemicals that can pollute groundwater and cause regulatory and public relations headaches. Your ITAD provider should comply with all relevant standards. Certification by the organizations listed above gives you peace of mind.

 

In short, a friend with a truck or a low-cost junk hauling service is great up to a point, but when IT assets are involved, look for a service that knows the risks and can put your mind at ease.