Alongside the importance of regularly upgrading IT assets with the latest innovations, businesses must ensure their surplus IT assets are handled responsibly.
When the time comes to replace or retire outdated technology, choosing the right ITAD (IT Asset Disposition) company to responsibly and securely handle IT assets is crucial.
This blog post explores the key factors to consider when searching for the right ITAD company for your business needs.
1. Expertise and experience
It’s essential that your chosen partner has extensive experience in managing the equipment that you have within your organization — for example, some ITAD vendors have no experience in handling cloud and networking equipment.
You should also consider the company’s tenure in the industry and its track record of handling a wide range of IT assets. Third-party recommendations can serve you well here, such as inclusion in the Gartner market guide or being recognized by industry awards.
Your chosen company should also showcase expertise in the full range of technology lifecycle management services, such as data destruction, equipment remarketing, asset tracking, logistics and secure transportation.
Tapping into this expertise will ensure the safety of your organization’s sensitive data and mean your assets are being handled responsibly.
2. Waste management and movement regulations
Your ITAD partner should prioritise compliance with your data protection policies, industry standards and environmental regulations.
Look out for certifications such as the Responsible Recycling (R2v3) standard, which certifies responsible ITAD processors. Selecting partners audited to R2v3 standards gives you increased confidence that the company’s data destruction procedures are robust, residual value recovery will be optimized and assets will be handled in an environmentally responsible manner.
The transboundary movement of assets also carries risks. From the Basel Convention to local regulations within different countries, transboundary movement can present risks.
Import and export permits are typically required for these movements. Permits can take months or even years to acquire and are selectively granted to providers that meet standards, have a deep understanding of the requirements of regulations and showcase the ability to execute against them.
When selecting your ITAD provider, look for companies with the permits required to compliantly transport materials across country borders, as this is sometimes the most effective method for responsible recovery.
Other essential certifications and regulations for providers include:
ISO 9001: The ITAD company has implemented a quality management system to ensure consistent delivery of its services.
ISO 14001: A clear environmental management system is in place to reduce the ITAD company's environmental impact.
ISO 27001: The company has implemented a rigorous information security management system to protect sensitive data.
ISO 45001:2018: A certification as a standard for occupational health and safety management systems that help organizations promote and ensure the safety and well-being of their employees.
3. Data security
Your ITAD company should demonstrate robust data sanitization methods, secure chain of custody procedures, and certifications to ensure data security and responsible disposition practices.
Adhering to NIST (National Institute of Standards and Technology) standards for data sanitization methods is essential for a multitude of reasons.
The NIST 800-88 Standard provides a well-established framework for ensuring the security and confidentiality of sensitive data, and following these standards ensures that ITAD providers operate with robust sanitization methods. By doing so, the risk of data breaches and unauthorized access to sensitive information is reduced.
The potential of a sensitive data escape represents a substantial risk to your business. Ensure your chosen ITAD provider has a robust procedure to ensure all data is removed from retired media that governs the entire chain of custody as well.
Other regulations providers must adhere to are:
General Data Protection Regulation (GDPR): GDPR is a comprehensive data protection law implemented in the EU in 2018. Its aims are to strengthen and harmonize data protection rules across EU member states and applies to organizations that process the personal data of EU individuals.
California Consumer Privacy Act (CCPA): CCPA is a privacy law that went into effect in 2020 in the state of California, United States. It grants rights to California residents regarding personal information and imposes obligations on businesses that process this data.
4. Asset tracking and reporting
It’s important that your ITAD partner provides you with comprehensive asset tracking and reporting.
This should include detailed documentation of the assets received, their condition and their final disposition. Reports on your assets can include a Certificate of Data Destruction or a Certificate of Destruction. Your partner should have a reliable and trackable chain of custody throughout the entire process, ensuring transparency and accountability when managing your assets.
Organizations are subject to regulatory requirements during IT asset disposition, and asset tracking and reporting provide a documented trail of the entire process. This information is vital for compliance audits and ensures your organization meets its regulatory obligations.
5. Environmental stewardship
Your chosen partner should demonstrate a clear commitment to environmental stewardship, including certified e-waste recycling and adherence to environmental regulations, as well as a clear purpose. At TES, our purpose is ‘sustaining tomorrow,’ as we believe our future is linked to the success of people and our planet.
Your ITAD company should also promote sustainable practices such as equipment refurbishment, resale or donation. Align with partners that take action to operate with a low footprint and publish sustainability reports.
Look for partners with certifications that ensure the responsible handling of electronic waste, such as R2.
R2 (Responsible Recycling) Certification Program: Managed by Sustainable Electronics Recycling International (SERI), this program outlines requirements that electronics recyclers must meet to demonstrate their commitment to responsible electronics recycling practices.
6. Global reach and scalability
Depending on your company’s global presence, you should assess whether your ITAD partner can support your geographic locations and handle your ITAD needs effectively.
Look out for factors such as having a network of owned and operated facilities to ensure that operations and compliance are seamless across different regions.
Where subcontractors are used to expand international networks ensure that appropriate governance and quality management systems are in place to deliver consistent standards.
Here are some things to look for in international ITAD program management:
- Knowledge of international legislation, such as transboundary movements under the Basel Convention.
- Membership of international e-waste management and electronics organizations, like the Circular Electronics Partnership (CEP), the International Association of IT Asset Managers (IATAM) and the Reverse Logistics Association (RLA).
- In-country service delivery networks.
- Local languages.
- Global billing methods.
7. Value recovery and remarketing
If you’re seeking to maximize the value of your retired assets, you should consider an ITAD partner with expertise in asset recovery and remarketing.
Look for partners that can assess the market value of assets, refurbish or repair equipment, and facilitate its resale to generate revenue or offset costs. They should also have multiple channels for different types and grades of equipment.
This is a vital part of maximizing value for your business through proper ITAD methods. Value recovery and remarketing methods can help you prolong the life of your IT assets or recoup some of your initial investment through resale.
8. A range of data destruction options
Your ITAD partner should offer reliable and certified methods for data destruction that meet the NIST 800-88 standard.
There are various data destruction options to support global programs with different volumes of equipment in different locations:
On-site degaussing: Degaussing involves destroying data on a storage device by removing its magnetism. This erases the information on the storage device and renders it inoperable. This option is suitable for remote locations with low volumes of assets, or can be combined with physical destruction methods where an extra layer of security is required. Degaussing is only effective on magnetics drives; as more companies shift to using SSDs, alternative data destruction methods will be needed.
On-site puncturing: Puncturing involves machinery that punctures pins in the storage device and the memory chips within them, eradicating the data.
On-site shredding: Shredding can be applied to various storage devices, such as SSD drives, USB drives, SIM cards, SD and MicroSD cards, and spindle drives. Memory devices can be shredded per your company’s security policies, and is suitable for when equipment can’t leave your premises or geographic location means logistics could carry increased risk.
On-site data erasure: Physical destruction methods mean that storage drives can’t be reused, whereas software erasure enables reuse. On-site erasure securely wipes all data from storage media by overwriting at an organization’s premises.
You should also ensure your provider understands your particular equipment and has appropriate data destruction methods in place, along with checking their process for failed wipes and standalone HDDs.
9. Customer references and reviews
When searching for an ITAD partner, it’s essential to evaluate the reputation and track record of the company you’re assessing.
You should seek references and customer testimonials to gauge the company’s performance, reliability and customer satisfaction.
Look out for testimonials from those involved in your industry, so you can assess whether the ITAD company can meet your specific needs.
10. Customization and flexibility
It’s important that your ITAD partner can tailor their services to your specific needs.
The company should be flexible in accommodating your unique requirements, providing customized solutions and adapting to your ever-evolving business needs.
A flexible ITAD partner will offer these customized packages and work closely with companies to understand their data security protocols, asset disposition goals and compliance requirements.
Flexibility also involves accommodating changes in the scale of disposition requirements. Adaptable ITAD companies have the capacity to handle both small and large-scale projects and can easily adjust resources to meet fluctuating demands. For larger-scale operations, there are full-range, end-to-end ITAD services available, including managed deployment services and decommissioning options.
Some companies may also prefer on-site ITAD services due to security or logistical concerns. Flexible ITAD companies offer on-site services such as data destruction or asset inventory management, allowing the client to maintain control over the disposition process and ensure compliance.
11. Security and insurance
Before making your final decision, you should inquire about the ITAD company’s security measures and insurance coverage.
Your partner should have appropriate safeguards to protect assets and your data throughout transportation, handling and processing, such as people vetting and robust physical security protocols.
Insurance cover adds an extra layer of protection against the potential risks and liabilities that come hand-in-hand with sensitive data.
Get in touch with a TES ITAD expert today
Choosing the right ITAD company is critical for businesses looking to retire IT assets securely and responsibly. Here at TES, we can offer customized solutions to manage the full lifecycle of your IT assets and hold essential certifications to ensure compliance with industry standards worldwide.
Getting in touch with a TES expert means you can discuss your ITAD requirements and configure a solution that best meets your business needs.
Fill in your details below and your local TES expert will contact you to discuss your requirements. Take the first step towards compliant and responsible IT asset disposition practices today.
Get in touch