As a managed IT provider, you are responsible not only for managing your customer's IT network and answering the help desk phone, but also for their hardware. Needless to say, from time to time you need either to upgrade legacy solutions or simply change broken hardware components. But what should you do with the leftover parts?
In this guide, we will discuss whether or not you should provide your customers with IT asset disposal services, which possible compliance standards you should be aware of, and the best practices to follow with regard to these compliances and disposing of hardware in general.
Do Your Clients Expect You to Dispose of Assets?
It really depends on the level of services you provide to your clientele. If, for example, you provide them with basic remote management and phone/help desk, you might simply make recommendations to them on the best way to dispose of their assets and which recycler to choose. On the other hand, if you spend a lot of time doing advanced on-site projects for your clients, provide them with virtual CIO services, hardware maintenance, and replacement, you should add hardware disposal as well. In most cases, this won't bother your tech staff too much and you will just need to create a couple of new procedures; but your clients will be grateful.
In a way, disposing of your clients' assets might help you to strengthen their security and resilience. Some of the companies you provide services to might think that using outdated, legacy hardware is a better idea than investing in upgrades, so they may connect older PCs and servers to their network without your knowledge. And that is a huge security concern.
So, to put it in a nutshell, disposing of your clients' hardware assets is a good practice for your reputation and security.
Hardware Disposal Best Practices
Hardware disposal might sound like an easy task; you take the old equipment to the local recycler. Job done.
However, there are essential details to keep an eye on:
- Disabling old PCs and servers. Some of your customers may want to reuse the old equipment, which in many cases can be a huge security issue. The easiest way to stop them is to remove the hard drives from the machines in question and seal them.
- Preserving data. When you disable old machines, make sure that you have archived their data. Also, notify your customers that the old data on those machines will be destroyed after a given period of time (typically, it's 30-90 days, depending on your agreement with the customer). That will allow your customers time to ask you to recover or archive some of the data.
Further reading Data Archiving Explained
- Destroying the storage media. The biggest issue with IT asset disposal is the proper destruction of storage devices. Even if your clients do not fall under any compliance, their storage media can preserve corporate financial and sensitive personal information. So, it is not enough to simply purge data from the drives, since it can, at least to some extent, be recovered. So you should destroy the drives. Keep in mind that there are different destruction techniques for different media types . For HDDs, you will need a hard-drive punch; for SSDs, a special shredding machine.
- Remove identifying information, such as names, logos, brands, and IDs.
- Contact your local recycler. Depending on the asset in question, you can send the old hardware for recycling or reuse. Some old PCs and servers, for example, might be used by local charity organizations and they will even pay you for the hardware.
- Upgrade first. That might sound obvious, but you should first install and set up the new hardware and only then disable the old, in order to avoid downtime.
- Provide evidence. Your local recycling partner should provide you with evidence that the hardware has been disposed of or destroyed. Provide this to your customers.
Disposal as a Service: the Basics of ITAD
Proper IT hardware disposal provides an interesting and, in a way, surprising business opportunity. Many companies that manage sensitive data, including financial, medical, or legal records, fall under strict compliances that force them to protect that data up until the moment when the storage medium where sensitive information is located is disposed of and properly destroyed.
Such hardware disposal and destruction services should be carried out by certified companies. The common acronym for such activities is ITAD – IT asset disposal.
ITAD Compliance and Certifications
There are many certifications for organizations that want to become certified ITAD providers - R2 and E-Stewards, to name two of the most popular examples. To achieve these certifications, you need to implement special frameworks and pass exams to prove that your processes are thought through and streamlined. Also, depending on the businesses you will work with, you should be aware of the standards of IT asset disposal and compliances that your clientele fall under.
IT Asset Disposal Framework Development
Apart from developing frameworks, there are three strategic stages to implementing the ITAD framework within your managed IT provider:
- Clear documentation. You should create documentation with clear evidence of where the hardware assets are at each stage of the disposal process, who has and had access to the assets, and other necessary information.
- Applying data destruction frameworks. Disposing of hardware is not the most demanding task, until you face storage media. This can store various types of sensitive information, which needs to be archived and the media destroyed properly.
- The last stage is ensuring that health and safety regulations are adhered to by the book, and that environment-friendly recycling rules are complied with. Non-compliance with these regulations can result in fines.
How MSPs Can Offer IT Asset Disposal Services
Disposal as a service and providing ITAD should not be on your list of essential offers to your clients. Only medium-sized and large companies might need a proper disposal framework and pay you for these services. Here's what you can offer to such clients:
- Hardware audit and assessment. You should regularly check the state of the equipment, create lifecycles for it, and properly manage the inventory in order to ensure that the possibility of downtime due to outdated solutions is diminished.
- Apply a disposal framework. You should properly shut down, seal, dispose of, and destroy the outdated assets, providing your customers with clear reports.
- Create a strategic hardware plan. Here, you can mix the virtual CIO offering and the disposal offering to create a streamlined high-level strategy for switching to new assets, standardizing equipment, and upgrading solutions. To prove to your customers the need for changes, focus on the benefits their businesses will receive, including cost savings and growth in process efficiency.
Further reading Selling Hardware Upgrades to Your Clients
IT asset disposal provides you, as a managed IT provider, with several great possibilities. Now it's up to you to decide on the level of customer experience you are going to provide. Also, keep in mind that full-on disposal as a service is a demanding undertaking and will oblige you to buy additional equipment and get certification. Hence, it is only relevant if you are targeting enterprise-size clients.