IT Asset Disposal - A Journey

If you attend ITAM events, you have undoubtably noticed that the booths are filled with companies in the Asset Disposal line of business.

Take a moment to peruse the Basel Action Network's website, and consider whether you want your company to be associated with some of the egregious actions of unscrupulous e-waste recyclers.  Laws in most countries you do business with consider electronic waste as hazardous material that requires special handling.  If avoiding this kind of publicity isn't enough to get your management serious about IT Asset Disposal, then consider that an IT Asset Disposal program, properly managed, and partnered with the right vendor (for you), provides a way to get something back (usually some money) for your old assets.

Our Journey

Our story is probably not unlike many others.

We used a single ITAD vendor for many years, and had good success with them.  However, this vendor only picked up used hardware, took it to their warehouse, weighed it, and we got a percentage of the "value" by weight, after their expenses.  In this scenario, our service management provider wiped all the PC hard drives and provided certification of their wiping via a periodic report.  Nothing went to disposal without that.

Your data destruction requirements may differ.  If you're in certain industries, for example like health care, or financial services, you may have more stringent requirements that require you to physically destroy hard drives.  Make sure your InfoSec teams are involved in this portion of the decision, as they will typically set these requirements.

We were relatively happy with this relationship, until one day we were approached by another (in this case local) vendor who would actually sell our old assets and give us a percentage of the sale.  How revolutionary!   All we had to do was give them a list of the assets by make/model, they'd provide a quote, then we'd arrange a pick up.  Our ITSM vendor was still performing final disk wipes and providing certification at this point.

This was a much more modern approach, but, we still had to parse the stuff that went straight to destruction to vendor 1, and the stuff to be "consigned" to Vendor 2.  We had to update our asset management systems when we received the final disposition reports from our vendors. So, some work for us still.

Vendor 1 was always reliable, but didn't provide very high level services, while Vendor 2 turned out to be not so reliable at bringing us our checks.  That proved a constant thorn in our side, an annoyance, and we felt we weren't getting the maximum value for our assets. While they were handling secondary market sales, we just didn't see much in additional services they could provide.

We managed a separate donation program ourselves.  We did this internally, and on request usually from someone within the company.  If you've ever tried this, you know this is a huge task if you get very many requests, and we did receive quite a few, so this created a backlog.

We also often got asked by our end users, "Can I buy my PC when I get upgraded (or leave the company)?"  We always wanted to say yes to these folks, because we could have managed them in the context of our donation program, but for many years, our Legal department forbade this.  We never truly understood the rationale (do your companies' forbid this? If so,  what rationale do they provide) but we had a change in management in our Legal department, and after pursuing it again, they approved the creation of an Employee Purchase Program.

Now we had some new requirements.  We wanted a vendor who could handle the entire disposal process, relieving our field techs of the wiping task (allowing us to remove it from the contract and remove costs there), who could handle a donation and employee purchase program, relieving my team of that task, who could provide detailed reporting (to the component level), and who could get us checks on time.

After some luck and searching, we were fortunate enough to find a vendor who could meet all our needs. I am happy to say that in the intervening time (just a couple of years), several other ITAD vendors have matured to be able to provide these same services.  Should you have similar requirements, the good news is you'll have plenty of choices.

Take charge of ITAD

In many organizations, your service management teams will own asset disposal.  They may be doing a great job, but odds are that they're solely focused on the disposal requirements and meeting only the security requirements set out by your security teams.  If this is the case, it is incumbent upon asset managers to ask questions and get involved in the entire life cycle management of assets.  In the case of data center assets and network hardware, you're looking at signifiant amounts of dollars in value that remain in those assets.  The market for them is even greater than for end-user assets.  Have a plan for them.

If you provide company mobile phones, they are valuable as well.  Especially iPhones, and any Mac for that matter.  We used to joke that as asset managers, we wished the company would standardize on Macs because we could get so much for them on resale.  iPads are extremely valuable on resale.  With iPads, you will find high demand for these as donations.  Schools, especially, use iPads, and with budgets extremely tight, they provide an excellent opportunity to give back to your community. 

In fact, an active donation program can and should be a part of your corporate giving program. If your company has specific giving goals, ensure that the teams who manage that are aware of, endorse, and have data from the donation of used assets.  I didn't begin an employee purchase or donation program because of any personally altruistic desires - one was out of demand (the EPP) and the other was simply because people asked.  They both make sense and they are simply the right thing to do. The fact that they're also socially, and environmentally responsible, is a bonus.  These may be primary reasons for some.  As they say, your mileage may vary.

Do not be put off if you use your assets until you think they are absolutely worn out.  You would be surprised the value that remains in your assets.  In our case, we were sending 6+ year old HP laptops to resale, and they were still getting prices I was shocked to see.  What I observed, and I expect some who monitor these markets can confirm, is that your hardware assets have an absolute bottom that they reach and stay there for some time. 

My bottom line notes:

1. Work with your InfoSec and Legal teams to ensure you document and detail the disposal requirements to protect corporate data, and comply with any existing laws. Most vendors you'd be considering can meet these requirements, so this is table stakes kind of stuff.  It's also the most important aspect.
2. Plan for end-of-life when you initially purchase assets.  If you are leasing, you have a different set of things to do at end-of-life, and that's a discussion for another post, but if you purchase your assets, you have some things to consider.  Note that there are ITAD vendors who can assist you with returns of leased assets.  If you are knew to leasing, I highly advise you to have a serious discussion with the teams who are most interested in leasing assets and ensure they understand the total costs associated with leasing.  Often, leasing is a means to get hardware bought with operational money (vice capital dollars), but everyone needs to understand that at end-of-lease, there are large, often unplanned, and completely lacking in value to the business, steps that must be taken to return leased assets, and the costs on return can be quite high.  You must model this as part of the entire lease decision.  Again, another future post will go into some detail on this.
3. Even after you've settled on data destruction requirements, you may want to consider making it a requirement that your ITAD vendor be e-stewards certified.  This is a way to provide confidence that your assets aren't seen on "60 Minutes" in a Chinese waste city (subscription required).
4. Do you want an employee purchase program?  How will you manage it? Who will host it? What discount do employees receive? What are the security requirements for employee-offered equipment? Note that many employees will want to buy their own asset when it's replaced. Will you allow this? How will you manage the data destruction requirements on these devices?
5. Do you have physical destruction requirements? If so, and you want to resell hardware, how does this impact your profit on resale?  Same questions apply for donations and EPP.
6. Donations - do you want to allow these? How do you manage such a program? Who will you allow donations to? You'll want to go through this with your Legal team to put rules in place about what kinds of organizations you'll donate to. And you'll need some guidelines for approvals on donations.