This post was originally shared on the IT Asset Knowledgebase of IAITAM. Read the original post here.
Google, “hacks to improve” and you will find a million shortcuts to improve almost any aspect of your life – your credit score, public speaking, or memory to name just a few. Finding ways to make your organization’s IT Asset Disposition (ITAD) program effective is not as easy, so we created them for you.
Experience with clients across a wide variety of industries has taught us that effective corporate ITAD programs contain common characteristics. Employing these best practices overcomes typical barriers and empowers IT Asset Management (ITAM) to achieve ITAD program success. Equally as important, these best practices help ITAM secure resources necessary to sustain success.
We learned these “hacks” by studying our last 8,000 projects and observing how the most effective clients approach the management of ITAD. Although each trait is important, the order listed does not indicate priority or recommended sequence for implementing. Drumroll is not required but encouraged.
- Name It Something Besides ITAD
- Vendor-Agnostic, Multi-Vendor Approach
- Project Management Mindset
- Centralized ITAD Program Management
- Best-Practices Mindset
- Two-Key Tracking™
- Plan-For-The-Worst Thinking
- Expectation Management
1. Name It Something Besides ITAD
What’s in a name? Apologies to Shakespeare, but Juliet’s argument certainly applies to ITAD. A rose by any other name might smell much sweeter.
Besides sounding weird and unfamiliar, the term “ITAD” does not convey the contribution that IT asset managers make to the process. Not surprisingly, the most effective organizations do not refer to ITAD as ITAD.
The acronym ITAD isn’t even unique. ITAD also stands for Integrated Telephone Answering Device, International Tropical Architecture Design, and many more unrelated things.
ITAD vendors don’t like the acronym, either. They are forced to explain what they do with a myriad of other words – recovery, recycling, disposal, remarketing, retirement, etc. The term ITAD has not helped the industry. It has given the industry an identity crisis.
Organizations with effective ITAD use a name for it that helps non-ITAM colleagues understand, appreciate, and follow the process. Like Procurement, the management of ITAD is a special step in the lifecycle of an asset – a complex management function that demands dedicated policy, procedures, professionals, resources, and a name of its own.
What you call ITAD is not as important as calling it something consistently. Descriptive names work better than ambiguous acronyms. IT asset disposition, IT disposition, IT disposal, corporate asset disposition all work better than ITAD. If an organization refers to ITAD as ITAD, it should be prepared to explain the meaning to the uninformed and uninitiated. Making it easy for people to understand and recognize will also make them more comfortable and likely to embrace the process.
The “Final Check-Out” is a name that refers to the final step of effective ITAD management. Asset managers are masters at check-out/check-in. Final Check-Out is a unique one. Assets are not returned, and ITAD vendors don’t behave like employees.
Final Check-Out is not meant to describe the entire scope of ITAD management. That involves numerous additional activities — setting policy, developing procedures, selecting vendors, billing, auditing, etc. — which is why the ITAD function needs a name. Anything but ITAD, please!
2. Vendor-Agnostic, Multi-Vendor Approach
What do OEMs, IT service providers, and ITAD vendors have in common? The answer is they all outsource ITAD activities to other ITAD vendors. What’s the result of this outsourcing? Margins get stacked, transparency gets clouded, and chain-of-custody is weakened.
Developing a vendor-agnostic, multi-vendor approach to ITAD saves your organization money, improves service, better ensures compliance, and will future-proof your ITAD program.
Gartner recommends considering a “best-of-breed” approach when it comes to vendor selection. Many large enterprises already came to that conclusion years ago; no single ITAD vendor owns the capabilities to provide cost-effective ITAD service for every project, every location, every single time you will need it.
Besides capabilities, several other reasons support a multi-vendor approach. Putting all your eggs in one basket is just risky. Anyone involved with ITAD knows how once-trusted vendors can become unresponsive, get acquired, get into trouble, or simply go out-of-business.
Cost savings is another significant advantage of a multi-vendor approach. Leveraging regional vendors can save a nationwide organization up to 40% on logistics. Managed effectively, a multi-vendor approach can let you enjoy next-day service nationwide without sacrifices.
Lastly, competition among vendors is a good thing. Working with multi-vendors allows you to compare performance and optimize. With the right system, it is easy to compare data about tracking, costs, remarketing, and service-level agreement (SLA) attainment. Having accurate comparison data will improve your decision making and allow you to negotiate better deals.
3. Project Management Mindset
While ITAD seems like a continuous business-as-usual operation, no two projects are the same. Projects involve different locations, different people, and of course different assets.
ITAD is a process comprised of multiple discrete projects. Therefore, the most effective ITAD programs incorporate fundamentals of Project Management to keep everything flowing smoothly.
Project Management is a mature discipline with numerous methodologies. The traditional approach involves initiating, planning, executing, controlling, and closing the work of a team to achieve specific goals and meet specific success criteria.
Involving a certified Project Manager in only one ITAD project can produce eye-opening results and time-saving tactics. Minimally, you should have a Project Manager help create a detailed work definition template document which ITAM can reuse for planning, monitoring, and controlling any ITAD project.
Project Managers are experts at bringing projects in on-time and on-budget. Project Management brings a unique focus shaped by the goals, resources, and schedule of each project. Even ITAD projects. Their knowledge, skills, tools, and techniques can be applied to ITAD then reused again and again.
4. Centralized ITAD Program Management
Centralized management allows for control and visibility of the ITAD management function without hampering local disposal activities. It is also the critical audit point for compliance.
It may seem obvious to anyone involved with ITAM why ITAD should be a centralized function. Unfortunately, not all stakeholders agree. Implementing central management is easier said than done.
Even organizations with established centralized ITAM still have different business units and remote locations that then, in turn, handle ITAD their “own way.” Some business units may adhere to the corporate program for certain device types (e.g. PCs and laptops), but handle other types of equipment locally as e-scrap. Others go rogue, regardless of what they are told or encouraged to do.
The most effective ITAM programs have all, or most, decision making done by a central ITAM group. Outlining an exact approach to achieving centralized ITAD management is beyond the scope of this article. However, we observed that centralized management of ITAD generally occurred in one-of-two ways: evolution or imposed.
Nothing unifies an organization like a data security incident. Corporate policies can change in an instant when an organization suffers a potential breach. ITAM should be ready to step in when this happens with a proven solution.
Since you cannot predict when a significant security event will occur, ITAM should prepare for a change to happen in an evolutionary way. IT asset managers have become skilled at selling the benefits of ITAM to upper management. Selling the benefits of centralized ITAD management is similar, but there is one added advantage.
ITAD is the most overlooked aspect of data security. Enlisting the help of the CISO, compliance, and risk management can accelerate the adoption process. Of course, education is key. Gaining buy-in for a policy of best practices is an important first step.
5. Best-Practices Mindset
Organizations with effective ITAD programs adopt best practices and leverage purpose-built tools to prevent costly problems and improve productivity. Here are a few examples:
They don’t share inventory. — Teachers don’t give answers to students for a reason. Don’t share serial numbers with an ITAD vendor. Your inventory is YOUR inventory. Require ITAD vendors to capture an independent inventory of what they receive.
They don’t allocate. — Allocating does not establish accountability. Distinguish between assets that are Retired, Disposal Pending, and Disposed. Demonstrate to risk managers that ITAM has a deep understanding of the privacy issues.
They trust but verify. — Trusting too much equals trouble. Effective ITAM programs conduct “man overboard” drills where they plant fictitious “test” assets to confirm controls are working properly.
They leverage the right tools. — Reconciling inventories is a tedious task. Effective organizations utilize purpose-built applications to automates inventory reconciliation. The right tool can also achieve consolidated reporting which is particularly useful when you are responsible for numerous locations or use multiple ITAD vendors.
They destroy data before a move. — Better safe than sorry. No ITAD vendor can destroy data if an asset isn’t received. 99% of problems happen before an ITAD vendor touches your equipment.
They don’t rely on one policy. — Encryption can blind executives to the bigger risk and can lead to a breach when the need for other safeguards is ignored. Encryption as a policy is wise, but not a silver bullet.
They establish and enforce SLAs. — What gets measured gets done. Effective ITAD programs contractually subject ITAD vendors to financial penalties when they don’t perform.
They retain every document. — Without evidence, everything is just hearsay. Organizations with effective ITAD programs are digital packrats. They save every document, email, fax, and report for each project. They leverage a specific system or platform to save bill-of-ladings, driver sign-off sheets, receiving reports, etc. Anything that can become crucial evidence in a case.
6. Two-Key Tracking™
To be indemnified from the downstream risks requires an unbroken chain-of-custody is needed. Chain-of-custody is not a catchphrase. Rather, it is the foundation for a transfer of liability.
Asset tracking requires the custody of every single asset verified. The most common method used to track asset custody is reconciling disposal inventories by matching manufacturer serial number.
The problem is, serial number matching is not reliable or scalable. A multi-year study of tracking data revealed only about half of serial numbers captured by ITAD vendors perfectly match against anticipated inventory.
A far better way to track assets compared to serial numbers is leveraging barcode tags. Instead of a 50/50 chance, barcode tags increase the odds of tracking to 99%. There is a reason airlines tag luggage and movers apply stickers to your furniture; it works.
Unless you are certain equipment has barcoded asset tags on 100% of the items, it is wise to apply a fresh disposal tag. Furniture movers won’t rely on old moving stickers. You shouldn’t either.
7. Plan-For-The-Worst Thinking
Mike Tyson famously quipped, “Everyone has a plan until they get punched in the mouth.”
Best laid plans of ITAD often go awry. Organizations with effective ITAD program don’t get knocked out when they do. They “cut the tail off at the head” and make sure any issue remains just an incident. In other words, no incident ever qualifies as a breach.
Organizations with effective ITAD programs take the time upfront to spell out the worst-case scenarios and then determine how to mitigate the risks. Discuss what-if scenarios with all stakeholders in your organization. There is a good chance senior management is not aware of the hidden dangers.
Use real-life scenarios to provide concrete examples. For example, when Coca-Cola suffered a data breach after 55 laptops were “borrowed” by an employee who happened to be responsible for the disposal of the equipment.
Discuss how to prevent a contract truck driver from taking an asset during transit. Unfortunately, laptops have legs. An IT disposal vendor will not be able to sanitize equipment it never receives. How do you mitigate the exposure?
Learn how an ITAD vendor might protect your organization, or not. Ask for specific examples of problems they have encountered. Have them explain the resolution. Qualified ITAD vendor will understand and appreciate your concerns for security and indemnification.
When ITAD programs are implemented, often they do not adequately anticipate failure despite the risks. Rather, they plan for the best-case scenarios driven by sponsor expectations and budgets.
ITAD projects fail for numerous reasons, which is why an effective escalation and incident management procedures should be in place. When it comes to ITAD, an ounce of prevention is worth many millions of dollars in cure.
8. Expectation Management
Getting buy-in from sponsors is essential to create an effective ITAD program. Ongoing communication is key to maintaining success. ITAM must set realistic expectations and continuously clarify to maintain momentum.
Executives become blind to threats when they never hear incidents. ITAM needs adequate resources to ensure the security of retired assets. It is important to guard against executives being lured into complacency or developing a false sense of security.
Airline pilots rarely receive praise for routine landings. It becomes easy to take the safety of commercial flight for granted. Let’s pray airline management does not feel the same way. It should not take a crash to renew their appreciation for safety or security procedures.
As a passenger, I may not need to hear about a maintenance issue or how close a wing came to the runway. Thankfully, pilots have skin in the game. Plus, pilots are required to report incidents. Unlike us passengers, airline management does not get the luxury of ignoring incidents. We need them to remain vigilant.
Accurate and complete ITAD reporting is the primary way for ITAM to educate executives. Objective tracking reports provide a realistic view for executives to see the challenges that ITAM must overcome to be successful.
When we put a positive spin or selectively share only favorable results, we unintentionally set unrealistic expectations. Management comes to believe ITAD is easy and without challenges.
Sugarcoating the situation will result in unrealistic budgets and inadequate resources. It is cliché to say communication is key, but it cannot but understated.
While studying traits that make certain organizations effective at ITAD, naturally we encountered those who weren’t implementing similar measures.
One noteworthy example came from a talented and frustrated asset manager at a regional healthcare provider. Like many, he struggles to get senior management buy-in to implement best practices. He shared a comment that seemed to summarize the situation many of us face; “Nobody cares until everyone cares. Everyone cares when it is too late.”
Effective corporate ITAD programs tend to be the opposite. Because they care, they are prepared.
We should also note, effectiveness was not an absolute measure. In fact, no organization we observed could claim to follow best practices for every project, every time. Every organization struggles with the same issues and has room to improve.
Educating senior management about the risks will help secure IT asset managers the resources they need to create effective ITAD programs.
This article was originally published in ITAK, the abbreviation for IT Asset Knowledgebase. ITAK is the magazine of IAITAM, The International Association of Information Technology Asset Managers. IAITAM is a much-needed educational source for IT Asset Managers, CIOs, CISOs, and CEOs.