IT Asset Disposition Vendors Should Be Risk Mitigation Partners

August 18, 2017

Risk mitigation is the biggest driver of IT asset disposition. For most companies there is a myriad of concerns including compliance issues, control of assets, process considerations and financial considerations, to name a few. The biggest concern of all is a data breach that can be very expensive no matter how you define it. According to the Ponemon Institute, the average cost of a data breach in the US is $217 per record, and $6.53 million per incident. The largest cost of a breach is loss of business. Other losses may include damaged brands, loss of trade secrets, personnel records, financial information, etc.

Risk management, compliance and security are all vital aspects of IT asset disposition as well. There are many regulations to consider including HIPAA, HITECH, PCI, etc. There are environmental regulations that come into play with electronics. Electronics contain heavy metals such as cadmium, lead and mercury that are highly toxic. Corporate compliance or sustainability groups, in particular, will want to ensure that the equipment is handled properly and not go to a landfill. The last thing your company needs is bad press when it is discovered that your equipment is involved in an EPA cleanup operation.

Risk assessment will likely play a role in any IT asset disposition, and the smart play for almost any company is to err on the side of well-informed caution. Anyone who pays attention to the business section of their newspaper or favorite website is aware of the rising number of instances where companies are being hit with fines for sloppy disposition. And those are the businesses that get off easy when compared to those who suffer the multiple ramifications of data breaches: loss of information, reputation, and business. There are too many examples of companies suffering huge damages, who never even knew they were doing anything wrong or they took the least expensive path versus designing asset management practices, disposition processes and training that were appropriate to the needs and financial considerations of their company.

Cyber security initiatives and budgets often obscure the importance of IT asset destruction best practices. It’s also hard for any company to keep up with all the latest regulations “do’s and don’ts”. Your ITAD partner should help you sort through your risk assessment questions:


  • How are assets moved and managed?
  • Is device encryption before shipping to an ITAD vendor sufficient, or does data erasure need to be done before devices are shipped?
  • Is onsite destruction of hard drives a necessity?
  • When is the chain of custody?
  • How is IT equipment to be stored prior to going to the ITAD vendor?
  • What are the logistics in moving the equipment?


When disposing of old IT assets, risk should be weighed against practicality, compliance considerations, organizational competency, and financial considerations amongst other things. Allowing your ITAD partner to remarket equipment can lower costs and maybe even pay off your disposition costs. You usually get what you pay for and IT asset destruction should not be the place where you cut corners. Working with a vendor like Maxxum will assure that your entire IT asset disposition is done in the most strategic manner possible.