“Chain of Custody” is a phrase that’s often thrown around in the ITAD industry, but what does the term mean exactly? It is about reducing risks to your company. These risks can include financial, environmental compliance, data compliance, data security, and your company’s reputation. That’s a big burden to shoulder, but you can reduce this substantial amount of risk with one good process.
Many people consider chain of custody as something that their ITAD vendor needs to provide because they are concerned about the asset traveling from the enterprise location to the ITAD vendor location. However, asset tracking should start well before that point.
The first link in the “chain” is when someone decides that an asset is to be retired, leading to it being decommissioned and disconnected from your network. At the moment of this disconnect, who is responsible for that asset and who keeps track of it? An asset not connected to any network is much harder to track.
Whether you move decommissioned assets across the hall or across the country (or globe) as part of your asset retirement process, you should have a good process for documenting that movement. Just having someone send a spreadsheet saying they delivered the laptops or PCs to another location may not be enough. A person must validate that the items received at the new location match what was on the list..
If you store retired but not yet disposed-of assets in a storage area or room, do you know exactly what’s stored, who has access to it, and if any of it gets moved?
Some firms recommend the implementation of RFID tags for tracking assets, which can be a reliable tool. Like any other aspect of IT Asset Management, you need a solid process for using the tool, in addition to a strong adherence to the process and use of the technology by the people using it.
If you carefully track your decommissioned assets to the moment that your ITAD vendor is collecting them, you will have an accurate record of what your vendor has collected. If you don’t have perfect tracking up to that moment, a helpful and relatively cost-effective solution is to have the ITAD vendor scan and record every asset as they pack it. With this process, you have the ability to observe the process and ensure that everything was scanned, and that everything you intended to be taken has been packed onto the truck. You should then keep a copy of that list of assets that you can confirm, in an audit, have been transferred to your vendor.
An additional check can be added. The vendor can also do an immediate validation or comparison of each asset scanned against a list of assets that you intended to have removed. You can require that only assets that match your list are removed, and any assets that show up in the vendor scan but not on your list be left behind or get approval for disposition. This is a good way to identify assets that have been added to the disposition pile, or those that have been removed, prior to the ITAD vendor leaving the premises.
Once the items are secured in the truck, you can require that no other vendor’s material is picked up and added to the truck, ensuring point-to-point transport of your assets. If the location only has a few pallets worth of assets, this can be significantly more expensive, but may be worthwhile to meet your security requirements.
The final link in the chain is when the assets are received at your ITAD vendor’s secure facility and a report of the assets received is validated against either the one you provided yourself or one generated at the time of packing.
