The Importance of Final Disposition to an IT Asset Management Program
By: Lynne Weiss, IAITAM
IT Asset Management is the practice surrounding the management of IT assets from a financial, inventory and contractual standpoint. The management of the entire lifecycle of your hardware, software and mobile assets fall under this set of business processes, from initial asset planning, to its disposition at the end of its utility. End-of-life practices, or ITAD (IT Asset Disposition), is critical to the business, mainly for risk avoidance due to errors. If managed properly, final disposition of IT assets can result in a positive net cash flow.
To start with, any phase of an ITAM program must have the necessary foundation of policies and process in place. Effective policies govern employee behavior and actions, and policies defining disposal practices, are the first step in implementing your disposition program. Process then follows policy. Process development questions to consider with your disposal team include:
- How are we going to manage assets before they leave our facility?
- How are the assets being stored?
- Are asset tags removed and logged?
- Do we have tracking mechanisms in place for inventory reconciliation?
- Have we or can we harvest software from this device?
- Is this a lease or purchase?
- What about the data and backup?
- What part of these activities are manual and what can be automated?
These questions should be addressed even before considering what vendor to choose and what method of disposal is a good fit.
Once processes are built around the internal aspects of your equipment, and data is secured, (wiped or stored offsite before the asset departs), it’s time to consider your options for utilizing a vendor to accept custody of the assets and finish the disposition process. Typical alternatives when it comes to disposition choice include:
- Disposal vendor, where the end result is proper destruction of the equipment
- Vendor resale programs, where vendor will split profits of resale of assets with organization
- Vendor resale of component parts, where equipment is dismantled and sold in pieces, which requires even more diligence, tracking, and reporting from both sides of the transaction.
Regardless of option chosen, the chain of custody, along with accompanying detailed documentation and secure transport, need to be monitored on a regular basis. Choosing the wrong vendor can subject the organization to serious fines and penalties along with unwanted public scrutiny and negative exposure resulting in revenue loss. The IT asset manager needs to lead the program and verify that processes are built to minimize risk surrounding the exchange.
Best practices to implement to ensure this does not occur when selecting or working with an ITAD vendor should include:
- Regular monitoring of vendor’s processes, including custody exchange
- Review of vendor insurances and warranties
- The vendor’s certification(s), accreditations, and customer references
- Documentation provided from the vendor
- Contracts and disposition guarantees signed by officer of vendor’s organization
- Vendor site visits
- Vendor evaluation/comparisons and reviews
One thing to consider is that even with proper due diligence, mistakes do happen, and theft and losses can occur. Risks to the organization and the potential for data loss in this particular phase of an ITAM program are exceedingly high. IT assets are constantly in motion and whether transitioning to the disposition vendor or from one department to another, assets go missing. Having robust processes with supporting tracking, documentation and systems will assist in detecting an unreported loss. Also, organizations that utilize remote disabling or wipe technology reduce the risk when those losses occur.
When assets reach the end of their usefulness within the organization, are too old or can’t support the current organization’s software image, one recommendation is to remove hard drives or wipe all data before it leaves your facility. This will substantially reduce the risk of permanent data loss. In addition to data loss, you must consider the environmental impact. The Environmental Protection Agency (EPA) in the U.S. can impose penalties and fines that can run into the six-figure plus range if improper disposal is detected. Countries around the globe are keenly aware of the growing surplus of used IT assets and have similar if not more hard-hitting legislation to curb improper disposal. According to the International Association of Electronic Recyclers in the IAER Electronic Recycling Industry Report for 2003, it is anticipated that based on today’s usage and trends, approximately 1 billion units of computer equipment will be disposed of between 2003 and 2010 (www.iaer.org).
Alongside improper disposal is improper storage of IT assets. Storage facilities can be deemed hazardous and treated as a hazardous waste site which results in significant penalties, negative publicity and potential revenue loss. Your organization can be held accountable in these circumstances if you failed to warrant that the proper steps were taken to ensure proper disposal.
Now disposal and equipment destruction is not the only option available to organizations. A disposition program can generate a positive cash flow for the organization. There are many vendors that will resell your assets into a secondary used IT market, which due to the advent of mobile devices and the fast pace at which they are released, is flourishing. Laptops, pads and mobile devices in general are examples of IT assets most commonly resold. If considering a resale arrangement, some considerations include a careful review of the terms and conditions of the agreement. Questions to ask include what percentage of the sales price will come back to the originating organization? What happens to assets that are deemed unsuitable for resale and what about the software that resides on the machine or will be loaded as part of the sale? There are of course many more, but it is your responsibility to ensure that the selected vendor is protecting your organization. In many cases, organizations have fully funded their disposition program through resale and profited from the process.
You may think that this concludes your disposition program and your responsibility towards those assets. Surprise – not yet! Even after the assets have left your environment and you have the proper documentation to show it. This documentation must be retained indefinitely as proof of disposition.
As IT assets improve in speed, shrink in size and grow in functionality, so will an organization’s ITAM program and the processes that surround end-of-life disposition. The processes are time consuming and require vigilance, care and monitoring. Proper disposition can lead to a positive cash flow and mitigate risk for an organization, but only if it is properly implemented and consistently monitored.