Risk managers look very closely at their enterprise’s operations and try to account for all the sources of uncertainty that may impede it from meeting its objectives or result in issues such as non-compliance, fines, or lost revenue. One area that should not get overlooked is what the enterprise does with its IT assets after they have completed their service to the enterprise. This process is referred to as IT asset disposition, or ITAD. At the completion of the IT asset disposition process, assets are usually either resold or recycled. How they reach this final disposition, however, is rife with risk, if the process is not planned properly. The following are three risks associated with IT asset disposition that enterprises should account for in their risk management planning.
ITAD Risk #1: Data Breach
When a company’s or its customers’ sensitive data reaches the outside world, a data breach has occurred. This is a serious concern because frequent data breaches—or even a single one—can erode customer and investor confidence and force a company to pay costly fines and legal fees. Companies can significantly reduce the risk of a data breach through their IT asset disposition process by partnering with an ITAD vendor that has received AAA certification from the National Association for Information Destruction (NAID), the most respected third-party certification in the U.S. for secure and documented data sanitization.
ITAD Risk #2: Non-Compliance with Industry Regulations
Regulatory standards come in a variety of different flavors, depending on the industry: HIPPA/HITECH, PCI, SOX, FACTA, and so on. The unifying factor is that they generally value the privacy of consumer (and employee) information and have strict requirements for data security. Without an ITAD procedure that results in detailed, auditable records, companies lack important tools for defending themselves if/when they face an audit.
ITAD Risk #3: Environmental Violation
Even those who know nothing else about IT asset disposition are familiar with the stories of obsolete, toxic equipment stockpiled in landfills and being disassembled overseas under deplorable working conditions. It can be very costly when companies are found violating environmental laws or responsible recycling practices; the risks include having to pay fines, paying for cleanup efforts, and harmful negative publicity. Even if your company partners with an IT asset disposition vendor, your company could still be liable if your ITAD partner doesn’t do the right thing. The risk-avoidance strategy here is to look for IT asset disposition providers that have achieved either (or both) of the two leading certifications for responsible and legal environmental practices: e-Stewards and R2/RIOS.
ITAD risk, in-depth
Here we gave a brief overview of each of the potential sources of risk from IT asset disposition. For an expanded discussion, including more risk-avoidance strategies, download our free guide, “Guide to Minimizing the Risk of IT Asset Disposition.”
