LinkSource Blog

mac-computer-on-desk

What Is IT Asset Disposition (ITAD)?

What is ITAD

IT asset disposition (ITAD) involves the end-of-life management of desktop computers, laptops, data center hardware, smartphones, and other digital devices. 

The purpose of ITAD is to eliminate the risk of unethical actors removing sensitive data from discarded electronic waste and to mitigate environmental contamination through electronic recycling.

ITAD specialists utilize principles of reverse engineering to facilitate the disposition and potential refurbishment of IT assets. When refurbishment is not feasible, certified electronic recycling companies harvest components from discarded digital devices to extract valuable metals or to provide rehabilitation pathways for viable components.

Benefits of IT Asset Disposition (ITAD)

ITAD is not only a method to dispose of electronic equipment; IT asset disposition protocols are designed to transfer all or part of digital assets to other entities. If an organization is planning to decommission its data centers, for example, IT managers might consider the benefits of hiring an ITAD vendor:

  • Provides accurate inventory counts by labeling all assets that have been targeted for replacement and disposition
  • Significantly reduces company logistic expenses by performing the collection, extraction, refurbishing/reselling, and secure destruction of obsolete digital assets
  • Ensures federal and state environmental and other laws are rigorously followed before, during, and after the IT asset disposition process
  • Offers companies the chance to recoup a portion of the costs of obsolete digital devices through resale or precious metal recovery

For businesses managing highly sensitive data, the biggest advantage of using an IT asset disposition service is the peace of mind of knowing that all data has been permanently erased. Sophisticated cybercriminals aren't just spending their days attempting to infiltrate networks through deficient IP addresses, phishing, or password decryption; they are also known to ransack landfills (especially overseas) where tons of electronic devices remain intact.

The danger of not relying on a professional ITAD service is exemplified in the data breach that occurred at HealthReach Community Health Centers in September 2021. According to the press release issued by the Vermont State Attorney General, HealthReach was negligent in disposing of hardware that stored sensitive patient data. Instead of hiring ITAD specialists to securely manage unwanted hardware, HealthReach sent the hard drives to a third-party vendor storage facility. An employee at the facility failed to properly dispose of the hardware. It appears that the employee failed to wipe hardware clean of data, and patient information somehow reached the internet, where cybercriminals pay a lot of money to commit identity theft.

While data security has been focusing primarily on preventing cyber security incidents by employing cybersecurity tools, encryption, firewalls, antivirus and anti-malware programs, etc., the data breach and data security compromise by HealthReach Community Health Centers reflects the other side of the data security problem: data theft due to improper disposal of IT assets.

Once sensitive data is extricated from intact IT assets, unethical actors can extort companies for millions of dollars or infiltrate their data centers and hijack them with ransomware. It can happen; it has happened; and it will continue to happen, particularly to organizations that do not rely on certified ITAD companies.

Why Hiring a Certified ITAD Specialist to Manage Your Decommissioned Electronic Hardware and Ewaste is Crucial

The accelerated development of digital and AI technology and the continual upgrading of digital devices have significantly increased the need for companies to invest in data center decommissioning. Migrating data centers to the cloud are also fueling the uptick in decommissioning projects. Total world data storage will likely exceed 200 zettabytes within three years, including data retained on smartphones, tablets, and IoT devices.

Decommissioning a data center isn't just about replacing an obsolete component by simply plugging in a new one. A basic decommissioning checklist includes but is not limited to

  • Documenting exact times and dates when disconnection of servers from networks and associated software occurred
  • Ensuring packaging material is available to remove and replace data systems
  • Documenting erasure of servers for destruction, recovery, or both
  • Accurately identifying and labeling decommissioned servers
  • Updating or canceling software licenses
  • Continuing or canceling IT maintenance contracts
  • Listing descriptions of backup processes to prevent loss of data
  • Developing a detailed flowchart that clearly shows the first and final phases of the decommissioning project

Too many organizations delay decommissioning obsolete assets because of the time, resources, and expense involved in the process. When companies do hang onto obsolete digital equipment for whatever reason, they are putting themselves at serious risk of falling behind their competition. Moreover, there is the more serious risk of being targeted by hackers who love nothing more than infiltrating older computer systems.

Not only can ITAD specialists perform errorless decommissioning projects, but they can also be depended on to completely remove sensitive data from hard drives before disposing of digital equipment. Authoritative data destruction should always be a top priority of decommissioning managers and should never be left to uncertified ITAD companies.

Asset Recovery and Data Remanence

What are the downsides of not having a certified ITAD company manage asset disposition? Several years ago, Idaho Power Co. and Affinity Health Plan found out the hard way.

Idaho Power hired Grant Korth, a single salvage vendor operating out of Nampa, ID, to recycle over two hundred SCSI hard drives. Instead of properly recycling Idaho Power's hard drives, however, Korth sold them on eBay to twelve different buyers. Idaho Power soon discovered that confidential data involving employees and nearly 500,000 customers had been compromised and began trying to track down the illegally sold hard drives. While it was able to communicate with ten of the twelve buyers, the other two have not been identified.

A health insurance subsidiary of Molina Healthcare called Affinity Health Plan paid a settlement of $1.2 million to the U.S. Dept. of Health because they neglected to erase data from photocopier hard drives. The data leak involved the sensitive information of 350,000 hospital patients, including social security numbers and details of medical conditions. Spending a little more to have hard drives disposed of by an ITAD company could have saved the organization this significant expense.

What Is Data Remanence?

Residual, or remanence data, often remains on hard drives when erasure operations are inadequate or insufficient. Data remanence can also be left behind when hard drive reformatting does not delete previous data. Ensuring IT assets cannot be accessed by unethical actors involves much more than smashing or drilling holes through hard drives. That's why more companies than ever are hiring ITAD specialists to handle asset recovery, electronic recycling, data destruction, reporting, tracking, and data center decommissioning.

Electronic Waste Recycling

Electronic waste (ewaste) recycling is the meticulous disassembling of electronic devices to determine which materials and parts may be reused or refurbished. Materials like iron, silicon, aluminum, and plastic can be recycled for inclusion in new digital components. Silver, gold, platinum, palladium, and copper are valuable metals that can be recycled and incorporated into electronic and non-electronic devices.

Environmental benefits of electronic waste recycling include:

  • Humans, animals, the air, water, and the planet benefit from electronic waste recycling:
  • Prevents toxic substances like cadmium, lead, chromium, and mercury from leaching into the soil and groundwater
  • Significantly reduces the amount of discarded electronics that are dumped into landfills and illegally shipped overseas to developing countries
  • Preserves natural resources by reusing raw materials that require huge amounts of water, energy, and land to mine and refine
  • Reduces greenhouse gas emissions emitted by facilities that manufacture electronic components

When businesses hire trusted, certified ITAD specialists to handle the disposition of digital assets, they get the benefit of knowing sensitive data will be professionally and permanently removed. Issued by licensed ITAD companies, a certificate of data destruction verifies that storage media has been wiped clean of data or properly destroyed. Each certificate specifies the method of data destruction applied to individual assets.

How LinkSource Can Assist Your Organization with IT Asset Disposition

LinkSource works with licensed, experienced ITAD businesses that provide an array of services to help you with the secure disposal or liquidation of obsolete hardware and server systems. These ITAD specialists will classify and process all electronics that contain precious metals, determine which devices may be refurbished and resold, and provide certificates of data destruction.

By working with LinkSource when you need first-rate ITAD specialists, you know that you're partnering with professionals who meet these high standards:

R2 Certification

A Responsible Recycling Certification (R2) signifies that an electronic waste recycler upholds the highest standards in the industry. R2 guidelines provide a detailed summary for developing and implementing environmental management systems (EMS) and protocols to ensure the safety and health of workers.

ISO 9001 Certification

A voluntary standard intended to validate high-quality management, ISO 9001 certification provides a rigorous framework for businesses involved in ITAD and other industries. Quality management systems, as described in ISO 9001, focus on meeting customer expectations, producing exceptional services and products, and sustaining continuous improvement within all levels of a company.

ISO 14001 Certification

Another voluntary but respected international standard upholding principles of environmental management, ISO 14001 certification is awarded to companies that have gone beyond standard compliance rules involving environmental management systems and are consistently utilizing proactive methods for protecting the environment.

National Association for Information Destruction (NAID)

Companies offering IT asset disposition or electronic recycling services earn NAID certification by demonstrating they have established procedures and policies for the proper erasure and/or destruction of digital devices. In addition, NAID-certified businesses enforce documented validation of the security of facilities, processes, and employees involved in removing data from devices.

LinkSource is your resource for complete IT management, including sourcing hardware, network, and cloud services as well as ITAD for your old equipment. To learn more about how to make the most of your company’s IT resources, subscribe to the LinkSource blog!