Converge ITAD Podcast Transcription

Transcription of the Converge "Understanding IT Asset Disposition" podcast (12:35)

Paul Gillin:
Everyone enjoys the experience of getting a shiny new PC installed on their desktop or slipped into their briefcase. But what’s not as pleasant is figuring out what to do with the old equipment that’s going out the door.

Businesses have used a variety of creative approaches for redeploying old equipment over the years. They hand it down to junior employees, they sell it at auction, and maybe they even donate it to a charity. Asset disposal isn’t typically an issue that’s preoccupied IT professionals, but rules are changing: new government and regulatory rules around privacy and data protection are making the process of IT disposal more complex.

Some companies are finding out the hard way that data stored on long-forgotten computers is actually a liability – maybe even a criminal one. The stakes are increasing, and that’s making it more and more important than ever that businesses be able to recycle or dispose of computers in a way that gives them maximum visibility into the process, as well as liability protection.

Hi, I’m Paul Gillin. Welcome to this Converge podcast on the topic of IT Asset Disposal. My guest is Chris Adam, director of the IT Asset Disposal division at Converge. Chris is an expert at helping customers navigate this new territory. And in this interview, we talk about the factors businesses need to consider in making an asset disposal decision that gives them piece of mind.

Well Chris this term ‘IT asset disposal’ was kind of a new one to a lot of people, I suspect – can you define it?

Chris Adam:
It is a new issue within enterprise. But very simply stated, ITAD is an acronym for IT Asset Disposition, and it includes a strategic set of activities that ensures the compliant disposal of end-of-life IT equipment that’s coming out of an enterprise.

And these set of services really cover a wide range – anything from secure logistics and transportation right all the way through asset sanitization, data erasure services, recycling, remarketing, and detailed reporting. It’s fairly comprehensive.

Paul Gillin:
Well now I understand this is a relatively new industry – why has the need for IT asset disposition become so pressing, in recent years?

Chris Adam:
It definitely has been increasing in visibility over the last few years, and really based on a handful of elements: the first being just the vast amount of e-waste that is accumulating in enterprise organizations all over the world, and also with the increased data security risks that are facing an enterprise, the amount of environmental obligations that companies have to ensure that their e-waste doesn’t contribute to polluting the environment, either in the U.S. or in other parts of the world, and then of course there’s an opportunity to maximize any residual value that resides in the end-of-life equipment.

Paul Gillin:
Well you mentioned a growing e-waste problem: how much equipment do experts estimate will reach end-of-life in the next, oh, three or four years?

Chris Adam:
The experts estimate that nearly a billion PCs are going to be reaching their end-of-life over the next three to five years. And the interesting part about that number is that is just the number of desktops, laptops, or servers – it doesn’t include any other IT-related equipment such as faxes, printers – even cell phones and PDAs are not included in that number.

Paul Gillin:
Well Chris, historically I know a lot of companies have simply sold off old equipment or they donated it to charity, but I believe that your point is that there are some risks in that approach – what are they?

Chris Adam:
There are quite a few risks and companies don’t quite understand that they are still very much accountable for what happens downstream with that asset. But the primary risks are focused on if the asset was properly prepared or properly tested, and the data was properly protected before dispositioning. Transfer of title doesn’t necessarily mean that the liability that’s wrapped around those assets is transferred as well. The improper disposal by a third party could still trigger these liabilities, if a third party - once they’re done with that piece of equipment - if they improperly dispose of the equipment, the liability could still be traced back to the original title owner, in this case, the enterprise.

Paul Gillin:
Now we can all imagine the environmental risks of disposing of computers in landfill and such, but I think that you’re talking, when you say downstream risks, you’re talking about some more basic financial and legal problems. What are the vulnerabilities there?

Chris Adam:
Environmental risks are just simply part of the equation, but what we have found is the No. 1 reason why enterprises seek the strategic ITAD solutions is because of the financial and the legal implications of improper data security or data breaches of their end-of-life information. And deploying the services of an ITAD provider will mitigate the enterprises’ exposure and will provide them liability protection that the companies need to steer clear of these deep penalties, and also damages to their brand image.

Paul Gillin:
Now if data can put you at risk, then shouldn’t you just delete the data, delete the sensitive files or reformat the hard disk? Why isn’t that enough?

Chris Adam:
Unfortunately it’s not that easy. Reformatting or deletion of files doesn’t remove the data. Those techniques only remove the directories, still leave the data behind, and that data can still be easily accessed through fairly standard recovery software tools.

Paul Gillin:
Now I know that there are guys with trucks who will offer to come up to your loading dock, take all of your old equipment, and make it go away. Is that ITAD, or are those people doing something else?

Chris Adam:
Well that’s more of a recycling play, and there are definitely people that provide that service out there. Converge’s approach is more of a process-driven approach, and it hinges on providing a documented solution that protects our customers from the liability that’s associated with disposing of this end-of-life equipment. And having the ability to track these assets through the entire disposition process, and being able to view compliance documentation for each asset, is really a critical, critical component to proving compliance.

Paul Gillin:
Compliance, I understand, also involves documentation, and I’m not familiar with some of these documents that you need to file. What are they, and where do you get them?

Chris Adam:
Having documentation -- what ultimately happens to all of your IT assets -- is a critical component to proving that your assets were handled properly. And those documents typically include certificates of proper data erasure, certificates of compliant recycling, or even certificates of destruction. And this is something that Converge issues to its clients, once the appropriate work is performed on a particular set of assets.

Paul Gillin:
Now a lot of computer vendors, I see, are getting into this market: they’re offering to take back old equipment. Is that approach fundamentally different from yours, in any way?

Chris Adam:
It is, and take-back programs can certainly be convenient; unfortunately they’re typically tied to the acquisition of new equipment, and rarely do these computer vendors ever process the equipment directly themselves – they typically will outsource these activities to a third party, such as Converge, and every company’s requirements are quite different. So a direct relationship with a competent ITAD service provider is clearly the best bet, to have a flexible ITAD solution that matches your specific organization’s requirements.

Paul Gillin:
Go into reporting capabilities a little bit more: what kinds of reporting capabilities do customers need to have to cope with all these legal and regulatory issues?

Chris Adam:
Reporting is really an essential component to an ITAD solution, and it’s the means to prove data security, environmental compliance, and many times our customers will use detail reports to properly retire an asset from their accounting books, which is a requirement for meeting Sarbanes-Oxley issues. But at a minimum, I would recommend that reporting include the solid chain of custody process -- the ability to track those assets through the entire process -- and having an on-demand access to all the compliance documentation, and having the ability to view financial supplements for the work being performed.

Paul Gillin:
With the new ITAD suppliers coming online now, I imagine evaluating these companies must be something new for many of your customers. What are some of the factors that they should consider in choosing an ITAD supplier?

Chris Adam:
Choosing the right ITAD supplier can be a tricky thing to navigate for enterprise because it is new. We recommend that companies look at providers through four primary areas, and those are: what are their operational capabilities, what type of quality certifications do they have, so that you know that the work can be performed on a high-level on a repeated basis.

But also from a financial perspective – how many years have they been in business? What is their financial strength? Where do they receive their funding?

And also you want to make sure you understand their environmental policies, and make sure that they have the appropriate permits to handle the e-waste, and that they have a clear landfill and exportation policy. You certainly want to make sure that your assets aren’t ending up in a landfill, or exported to other areas of the world for ultimate disposal.

And the fourth component that we would recommend looking at a provider is, from a liability protection perspective – what levels of liability protection can they provide to you? And are they going to be able to give you indemnification for any data security breaches, also indemnification for environmental compliance?

Paul Gillin:
Bottom line, Chris – how much is all this going to cost, and is there something you can do with that equipment that you acquire from the customer, that maybe can reduce their costs?

Chris Adam:
Costs can vary widely in this space, based on the level of services that an enterprise requires. But from a budgeting perspective, an enterprise should expect to budget $10.00 to $30.00 per asset for a comprehensive ITAD solution. But these costs can also be mitigated through some re-marketing activities, where we’ll prepare those assets to sell as a system, or to de-manufacture them and harvest the sub-assemblies for resale.

Paul Gillin:
We talked earlier about how to evaluate ITAD suppliers: what, in fact, are some of the key differentiation points between those of you who are in this market?

Chris Adam:
I will boil it down to three key differentiators. One: geographic reach – are they a local provider, a national provider, or can they provide these services on a global basis? Secondly, reporting capabilities – what level of reporting can they provide to you, and is it something that they can provide to you online? And third, what are their re-marketing capabilities – are they only able to sell on a system level, or do they have the ability to generate residual value through de-manufacturing and selling of components?

Paul Gillin:
Finally, Chris, you’ve mentioned that risk is an issue with choosing your service levels – what, exactly, do you mean by that, and how do you help clients to assess their own tolerance for risk?

Chris Adam:
When we talk about risk, we’re talking about a corporate tolerance for risk, and if your organization has a low corporate tolerance for risk, you may be more apt to deploy a very very high level disposal process, from a security perspective. An example of that would be deploying armored trucks that are escorting your material to your provider’s processing facility. A lower level of tolerance for risk would be loading your assets onto a secure locked truck without an escort, going to a processing facility.

So that’s one example of how level of services could vary, based on your corporate tolerance for risk. Also the level of data erasure that you require: whether you are willing to allow your assets to be re-marketed, or do you want all of your assets to be destroyed? Other examples are different service levels, based on a corporate tolerance for risk. And we help our customers get to those decisions by talking out and laying out all of the different disposal options that are out there, and matching them up with the tolerance for risk that they may have, and we’ll create a customized solution to match their level of risk, along with the level of services that are really required to meet their compliance obligations.

Paul Gillin:
Well thanks Chris Adam, director of the IT Asset Disposal division of Converge. And thanks to you for joining us for this Converge podcast on the topic of IT Asset Disposal. My name is Paul Gillin.

[End of Audio]