What is ITAD and How Does it Work?
What is ITAD?
IT Asset Disposition, or ITAD, is the process of recycling and disposing of an organization’s old electronic equipment and other IT resources using practices that are not only safe and secure, but also environmentally-friendly.
According to FireEye’s 2020 Cybersecurity Trends report, regulation of data security and the protection of consumer data is more critical than ever before. Because of this, the ITAD industry is constantly expanding to meet demand – the global market for ITAD is projected to grow at a rate of 8.6% per year over the next eight years, nearly doubling the current value by 2027.
As data breaches and security threats are becoming more prevalent every year, proper IT asset disposition should be among the top of every organization’s priorities. However, simply throwing old hard drives in your nearest bin doesn’t mean the problem is solved – you must follow proper methods of disposal to ensure that any sensitive data is destroyed for good.
That’s where ITAD comes in…
Choosing the Right ITAD Company: 4 Things to Consider
To retire your equipment in a safe and orderly manner, it is ideal to partner with a reliable IT asset disposition vendor. A proper ITAD vendor will see to it that all legal, environmental and data security requirements are met when handling your assets.
Look for a vendor who is able to offer end to end results while providing documentation and certification every step of the way. You should also consider factors like convenience, and the vendor’s ability to recover value of old assets via refurbishment and redeployment.
Here are the four main considerations you should think about when sourcing for ITAD services:
1. Reputation and Quality of Service
It’s important to ensure the company you partner with has a well-established reputation and the credentials to maintain data destruction integrity.
If you plan to pass your company’s sensitive info to a third party, it’s in your interest to ensure the process is secure. Crucial data like financial information or company secrets can easily fall into the wrong hands without proper oversight.
This can open you to all kinds of fines, lawsuits and damaging negative publicity. A recent data security report by IBM states that the average cost of a data breach in 2020 is $3.86 million. In addition, a Centrify study found that an average of 65 percent of data breach victims lost trust in an organization as a direct result.
Your organization can mitigate these potentially catastrophic risks by choosing a vendor that has a proven track record in handling IT assets across many different industries.
2. Range of Services
Among the questions to ask yourself when deciding on a vendor is this – does the ITAD vendor provide more than just the basic ITAD services like destruction and recycling?
We recommend that you partner with a vendor who is able to offer acquisition services such as remarketing and redeployment. In this way, your organization can recoup costs from ITAD services and utilize that capital to fund the acquisition of new IT assets.
It’s important to assess the needs of your organization against the services offered before going into business with a vendor. If your organization is looking to recoup cost and generate revenue, consider a vendor that can re-market your IT assets once it has eliminated your sensitive data.
3. Compliance With Regulations
A suitable vendor should be financially stable while maintaining proper audit controls and data security measures. This will put your organization in a good position to meet the required laws and regulations for ITAD.
Your organization has enough to worry about – the last thing you should be concerned with is legal repercussions due to improperly handled assets. A successful vendor will eliminate that risk by ensuring that all legal and environmental regulations are met.
4. Convenience and Transportation
Perhaps your organization is located in a rural area with limited drop-off options, or you’re too small and busy to take time out of your week to transport your outdated assets. Depending on the size and location of your organization, you may need a vendor that can bring the ITAD process to you.
Consider choosing a vendor that offers mobile services such as equipment packaging and transportation. A suitable vendor will maintain an unbroken chain of custody during the process, allowing total transfer of liability from the client to the vendor. This will indemnify your organization from any responsibility for your outdated IT assets.
Preparing for IT Asset Disposition
The first step towards achieving a successful IT asset disposition should be to perform a thorough self-assessment of your current IT resources.
You should be able to identify the elements that are inefficient, outdated or incompatible with company goals.
- Identify your disposable assets – Not all disposable company assets are suitable for ITAD. Create an inventory and ascertain if your vendor is able to deal with the kind of assets in your organization. Commonly accepted assets range from computers and printers to data center resources such as servers, routers, and switches among others.
- Know the duration of the service – A long term partnership is preferable to a one-time service. Having a long term partner will help streamline the logistics, and in so doing, save time and money. However, the choice is likely to depend on the size of your company.
- Evaluate your data protection options – Depending on your organization’s data security policies, there are various data destruction methods available. These range from data wiping or hard drive shredding to the complete destruction of all data containing devices. Your vendor should help you decide which method is the most appropriate, while ensuring compliance to both company and industry policies.
Know What ITAD Industry Standards Apply to You
IT asset disposition must be completed in accordance with industry regulations and standards. These include:
- HIPPA/HITECH– The Health Insurance Portability and Accountability Act and the Health Information Technology for Economic and Clinical Health Act are federal regulations that govern the privacy and security of healthcare data.
- SOX– Sarbanes-Oxley Act of 2012 is a federal law that sets standards for public companies and their management.
- FACTA– The Fair and Accurate Credit Transactions Act is meant to protect consumers from identity theft. It requires organizations to institute a proper disposal of consumer information.
- PCI– Stands for Payment Card Industry Data Security Standard. Although not required by federal law in the US, the requirement of its implementation differs from state to state. PCI DSS is strict on any form of access to cardholder data.
These rules and regulations are continually evolving and require a great deal of attention to detail. Request for reports and certifications from your vendor at every step of the process to make sure that every necessary industry legal standard is met.
Contact Us Today
At All Green Recycling, we provide quality asset retirement services designed to maximize data security and asset value. As a leading certified company, we make it our highest priority to ensure our services meet our client’s exact needs. Contact us today or request a free quote.