Responsible IT asset disposition (ITAD) goes way beyond enterprise data security, and today, growing regulatory requirements and customer pressure are forcing hardware asset managers to make better decisions about how they manage old devices. The Royal Society of Chemistry (RSC), for example, is calling for a change in the way e-waste is recycled, and for tech businesses to employ more sustainable manufacturing practices.
Today there is over 347 million tons of unrecycled e-waste on earth with the figure growing at a rate of 2 million tons every year. Less than 20% of e-waste is recycled, and the current volatile geopolitical climate is creating huge spikes in the price of certain materials.
Demand is also growing from entities such as the US Securities and Exchange Commission (SEC), European Financial Reporting Advisory Group (EFRAG) and the International Sustainability Standards Board (ISSB), for businesses to publish ESG figures. And, while approaches may differ, there’s clear appetite for more transparency into business practices among consumers and investors.
Sustainable ITAD: The Challenge for Enterprise IT
Gartner recently reported employees are 12% more likely to leave companies that don’t establish explicit hybrid work norms, so it looks like hybrid working is here to stay. It’s no secret this creates more challenges for enterprise IT, as it becomes even harder to understand where assets are, particularly when teams rely on manual processes.
Do you know how many devices are hanging around unused in users' desk drawers, for example? Three years ago, IT teams shipped unprecedented amounts of equipment so that users could work remotely. If you managed this, do you know what equipment, if any, has been returned? Do you have a policy in place around the return of devices? The RSC report found that 10.8% of employees who had switched to working from home during lockdown binned old equipment, with only 12.8% choosing to recycle.
These stats are worrying not just from a sustainability perspective. It shows that teams need to take a fresh look at IT asset management, particularly ITAD, not only to become more sustainable but also to strengthen data security. As a result, they may also be able to benefit from cost reductions.
5 Steps Toward Responsible lTAD
There are several steps that enterprise IT can take to put in place to build a responsible ITAD policy:
1) Conduct a hardware audit
First take stock of what’s out there. That means running network scans and combining output with the data held in your CMDB and other relevant tools and systems. Poll users to confirm information about the devices in their possession including serial numbers, location, and whether they are the user’s own (if you have a bring your own device (BYOD) policy in place) and ask them to confirm anything not being used.
2) Identify any devices that could be reused, recycled, or extended
If during your hardware audit and user poll you’ve identified any unused devices, you need to decide what to do with them. Could any devices be wiped and distributed to another user? Could you use this as an opportunity to move from the linear economy, where assets are thrown away, to a circular economy where they are repaired, or where components are harvested and sold for parts to equipment manufacturers? Alternatively, could anything be donated to charity? If you don’t have the expertise in-house to answer these questions, you should work with a responsible ITAD vendor.
Think about how you trigger asset refresh programs. If you own devices rather than lease them, is it the end of the warranty that triggers replacement activities? If so, could you benefit from using system performance as the trigger instead, and extend the life of devices, thereby reducing emissions associated with building and shipping more frequently?
Announce an IT equipment amnesty and dedicate drop-off locations where users can return equipment. This can encourage those that didn’t want to admit to keeping hold of some devices to return them or for users to recycle their privately owned outdated devices, ensuring they don’t end up in a landfill.
3) Work with a responsible ITAD vendor
Ask questions about their credentials and ability, including:
- Their policy (and ability) to repair/recycle and reuse hardware. For those that don’t lease their hardware, a responsible and experienced ITAD vendor can advise on the returns that can be expected from either selling devices in the current state or selling the individual components to manufacturers, as well as the best time to sell. This has the potential to create a new revenue stream.
- Which, if any, industry accreditations they hold. Have they achieved ISO 27001, the international standard for managing data security or ISO 14001 concerned with improving environmental performance?
- Their method for demonstrating compliance and doing what they say they would. As Morgan Stanley discovered, even when work is contracted out to a third party, they were still liable when things went wrong. The company had to pay huge sums to customers when data was breached after an ITAD vendor failed to correctly wipe old equipment. It’s vital for enterprises to keep records of all work completed, including third-party tasks.
4) Define a sustainable ITAD policy going forward
To do this, you’ll need to think about:
- Device turnover. This will vary by device type and could be dictated by any lease agreement if any are in place. Don’t forget to add a category of user’s own device (if you have implemented a BYOD policy) to create a process that encourages them to follow the same policies as used for ITAD of corporate devices.
- The triggers for distributing/recouping devices from users at relevant stages through the onboarding/offboarding and staff move process.
- How to identify when to reuse/recycle devices leveraging your user personas to determine when devices can be redistributed to employees with less demanding device requirements. Identify the devices that should be turned over to your ITAD vendor (or managed in-house) for repair, responsible disposal, or to strip for component resale, ensuring that all steps are recorded for audit trails/regulatory compliance purposes.
- How to identify which devices and data should not be disposed of – for example where data may be needed as evidence in the future. These should be marked as on legal hold and assigned to an appropriate ITALM workflow so that they remain untouched until requested. Devices can be on legal hold for some time and it’s vital to check inventories to understand requirements to ensure that nothing is destroyed.
- Employing ways to extend device lifecycles, such as virtual desktop infrastructure and thin clients (if possible), and proactively monitoring and troubleshooting issues, as well as keeping on top of software patching and update cycles.
Communicate policy changes to users if they are affected. For example, if you haven’t asked users to return dated equipment in the past, you need to make them aware of the new process.
5) Measure success and report progress
By keeping clear records of everything that you (and your third-party ITAD vendors) have done – including new policies put in place to extend device life - you can show how you are walking the talk in terms of ITAD sustainability. And by doing this before regulations come into play, you can show how far ahead of the game your company is.
Need help creating a secure ITAD process?
Download the checklistAutomate to Seamlessly Implement Sustainable ITAD
Do your teams have the bandwidth to manage sustainable ITAD? If you’re still applying manual processes to IT asset management, the answer is likely, “no.”
There is a better way, and that’s by using a digital platform conductor (DPC). Using a DPC you can automate your ITAD processes to ensure clear accountability at every step. It does this by:
- Giving you real-time visibility into the status of assets during the ITAD process.
- Allowing you to access templates based on your pre-defined processes for each asset type that automatically trigger workflows, assign tasks, and generate checklists relevant to how the assets should be handled while allowing task owners to mark task completion in a central location to trigger any subsequent workflows.
- Automating end-user communications to educate them on new company ITAD processes.
- Providing you access to accurate, up-to-date reports that allow you to identify device types and next steps in the process – e.g., redeploy/recycle, repair, legal hold, or dispose of.
- Integrating legal requirements so you can easily understand when devices should be set aside, and data preserved.
- Automating reports that document task completion, including third-party tasks, to use for reporting purposes and audit trails.
Book a demo with ReadyWorks to understand how you can leverage a digital platform conductor to implement sustainable device management and IT asset disposition.