IT asset disposal: It’s far from fool’s gold

By Troy McLaughlin

When was the last time you cleaned out and organized your closet? Did you find items you forgot you even owned? Things you gave up looking for and just ended up buying again? What about the items you no longer need but have resale value?

A haphazard approach to what’s in your closet is fine. After all, it’s not affecting anyone but you. Of course, corporations inject far more rigor into their information technology (IT) asset management (ITAM) process. But they often treat IT asset disposal (ITAD)—the last component in the ITAM process lifecycle—as an afterthought. Kind of like a forgotten shoe gathering cobwebs in the corner of their closet.

Not surprisingly, mounting environmental and security risks, the growth of mobile devices, and the explosion in the volume and variety of connected Internet of Things (IoT) devices are shining a new, brighter spotlight on ITAD.

Because ITAD is the critical end state of managing IT assets, its newfound attention is important for a range of reasons.

Legislative and public noncompliance repercussions

New and complex legislative mandates for secure and environmentally sound disposal of equipment are turning noncompliance into headlines. For example, in 2016, Apple agreed to pay $450,000 to settle California state claims that it had mishandled hazardous electronic waste at facilities in Silicon Valley¹. Although these financial penalties aren’t significant to the bottom line, the negative public relations generated among the environmentally aware public is attracting board-level attention.

Advance planning for disposal demand

While it may not initially be obvious, IT disposal must be considered early on in the ITAM lifecycle. Companies need to determine which asset classes to consider, asset use and data storage, how to appropriately track End of life (EOL) and End of Service (EOS) dates to prepare for the ebb and flow of disposal demand, proactively manage refresh cycles, reduce service disruption, and keep ahead of technology advances. There are many variables at play when it comes to IT disposal decision-making. For example, IT, Security, Finance, and Vendor Management have different reporting needs across the IT asset lifecycle that may trigger disposal events. So, it’s important to include a broad group of stakeholders across different functions who can provide a unique perspective from within their own domain.

Loss of sensitive company and customer data

One of the main drivers for a sound ITAD program is the risk of a data breach resulting in a loss of sensitive company and customer data. These breaches can cause devastating financial loss—the average total cost of a data breach is now estimated at $3.92 million²—and residual reputational damage for years to come. Most organizations have invested heavily in cybersecurity groups, data loss prevention tools, and defined policies when assets reach retirement/disposal states. But, are assets handled with the same rigor during IT infrastructure upgrades? What about when failed IT equipment is replaced? Or when a terminated employee left his or her laptop in their desk drawer, or worse?

It is extremely important that ITAD triggers are considered across the entire lifecycle of the asset to limit possible company exposure to unnecessary risk. A good ITAM tool can automate trigger notifications to reduce the manual administrative burden. It is a good idea to work with an experienced ITAM partner to help define the appropriate inputs, outputs, and event triggers across each phase of the IT asset lifecycle, and help determine how simple integrations with ITSM tools or HR feeds can help trigger ITAD actions.

Third-party vendors may not have it right

ITAD is the most commonly outsourced component of the ITAM lifecycle. And happy as corporations may be with having a third-party manage this responsibility, they often lack visibility into chain of command and accountability. To avoid these issues, your ITAD (and overall ITAM) processes should be designed to your company’s specific needs, and in a way that ensures transparency and industry-specific compliance.

When selecting your disposal vendor, make sure it operates to a certain set of standards, has consistently passed external audits, and possesses common industry certifications like ISO 14001, OHSAS 18001, and WEEELABEX. Consider asking for value-add services like data normalization, EOL/EOS data enrichment, and real-time resale value of equipment updates into your ITAM repository to help make more strategic decisions about the use and life of your assets.

Finally, actively manage and compare your vendor’s services against others throughout the lifetime of your contract to make sure your evolving ITAD needs are being properly met. And make sure you’ll be sufficiently informed and prepared to adjust quickly if your ITAD vendor decides to close shop.

Tips for getting ITAD right

Here are several recommendations for how to help maximize your outsourced ITAD environment:

• Align yourself with an experienced ITAM partner to build out your ITAM and ITAD processes
• Involve a broad group of stakeholders, including IT, Security, Finance, and Vendor Management, and consider how activities within each phase of the ITAM lifecycle can enable ITAD
• Account for varieties of asset classes and disposal needs in order to develop a logical process that considers regional and local regulation
• Use a trusted ITAD vendor that has the footprint to cover your regional or global needs, but constantly assess your needs and their capability/performance against peers
• Ask your ITAD vendor to provide additional value-add services to enable strategic ITAD decisions (e.g., EOL/EOS data enrichment, real-time resale value of equipment updates)
• Consider having your ITAD vendor integrate into your ITAM repository to provide automated updates to asset status, Certificate of Disposal, data destruction certificates, and donation receipts.

Getting ITAD right means having the information at your fingertips to enable dynamic investment, help maximize asset value, keep data secure, and enable customer trust. 

For more information on ITAM, please visit KPMG’s IT asset management web page.

¹Source: FORTUNE web site, Tech section, December 6, 2016.

²Source: IBM web site, Security section, “Cost of a Data Breach Report”, 2019