Choosing an IT Asset Disposition (ITAD) vendor for your business is one of the most important decisions your business will ever make. That’s why it’s crucial to ask the right questions when interviewing possible vendors. Here are some important questions you should ask:
How long have you been in business?
ITAD is an intricate industry with many critical security and environmental components. Even for a new ITAD business, it’s imperative that no stone is left unturned. The more seasoned the ITAD business, the more time they’ve had to develop a thorough and effective business strategy.
Also, a reputable ITAD company should be more than happy to share a list of the certifications they hold, the standards they apply and the regulations they abide by throughout the data disposition process. Here are some questions you can ask in this regard:
What security certifications do you hold?
The R2 (Responsible Recycling™) Certification looks at data security, in addition to environment and employee safety procedures. National Association for Information Destruction (NAID®) Membership is also a common way to verify a company’s commitment to data security.
What standards do you apply?
Common standards include NIST 800-88r1 and DoD 5220-22m.
What industry regulations do you abide by?
Here are four industry regulations that all ITAD companies should be aware of and abide by:
FACTA: This act mandates that anyone in possession of consumer information must dispose of it properly. More specifically, any data that contains customer information must be erased or destroyed to such an extent that it cannot be reconstructed.
SOX: This act requires that any publicly traded company must establish, document, test and maintain internal controls and data security procedures.
PCI DSS: This standard pertains to organizations that accept credit cards as a form of payment. It requires these companies to maintain consistent data security standards throughout the asset lifecycle.
GLBA: This act requires a written financial security program and a contracted disposition vendor as well as a frequent reviewal of ITAD procedures.
Do you have security cameras on-site?
Your assets contain sensitive information and security cameras are one critical facet of asset protection throughout the ITAD process. A good rule of thumb is one security camera per 2500 sq. ft. If an ITAD vendor you’re interviewing doesn’t use adequate video surveillance to monitor and protect your assets while they’re onsite, don’t trust them to manage asset disposition for your company.
How do you monitor pick-up and delivery of electronic assets?
The window of time your electronic assets are most vulnerable to a security breach is between the time an asset is designated for disposition and the time it arrives on-site. Make sure the ITAD company you’re interviewing guarantees prompt pickup and has protocol in place to track and monitor your devices once they are in their possession.
Do you guarantee a secure chain of custody?
Make sure the ITAD vendor you’re interviewing can assure you that every aspect of your asset disposition happens under one roof—theirs. When subcontractors are in the mix, the chain of custody is weaker and more susceptible to a security breach.
Can I tour your facility?
Reputable ITAD vendors don’t have anything to hide. They operate with transparency and won’t hesitate to give you a tour of their facility in hopes of earning your business.
What environmental certifications do you hold?
Two important environmental certifications include R2™ and e-Stewards. When items cannot be refurbished, they must be discarded. It’s the responsibility of your ITAD vendor to ensure responsible recycling. That’s where R2™ and e-Stewards come in. Both of these certifications will give you peace of mind that your asset tags or sensitive data won’t show up in the wrong places, resulting in a costly PR nightmare.
How do you document the ITAD process?
It’s important to ask potential ITAD vendors about their reporting process and how you can access the information they record concerning your end-of-life assets. This includes settlement statements, certificates of recycling and data destruction, auditing reports and remarketing settlement summaries for current and past assets.
How do you determine the cost for your services?
Calculating the cost of ITAD services depends on many factors. Ask potential vendors in advance what goes into calculating the cost of their services so everyone is on the same page.
If you have questions about ITAD, we are happy to answer them for you. Contact us online or by calling 763.432.3117 to learn more!