Challenges with Conventional ITAM-ITAD

The SEC enacted cybersecurity rules and deemed ITAD cybersecurity a risk. Companies can no longer kick the can down the road. 

The SEC's new cybersecurity disclosure requirements spotlight unresolved IT assets and conflicts of interest in ITAM-ITAD processes, making it essential for organizations to address these issues.

The conventional ITAM-ITAD paradigm is based on trust; the fox watches the hen house.

Segregation of Duties (SOD) between ITAM and ITAD is imperative.

The conventional ITAM-ITAD paradigm is rigged to skirt disclosure provisions. ITAM and ITAD vendors have each other's backs. 

You scratch my back. An unspoken agreement between ITAM and ITAD providers relies on shared expectations and a common understanding of mutually assured destruction. SOD between ITAD management and ITAD providers is imperative.

ITAM allocates lost assets to ITAD. Instead of being investigated, missing assets are considered retired. Allocating is hiding.

ITAM should never share inventory with a downstream ITAD provider. Providers have a temptation to tell you what you want to hear, not what you need to hear.

Problems with conventional ITAM-ITAD are beyond the control of any individual.

Managing the complexity and conflicts of ITAD is far beyond the control of any individual.

It can be tempting for management to ignore the problems.

It can be tempting to sweep problems under the rug.

It can be tempting to take the canary out of the coal mine so you are not alerted of problems.

Transforming the conventional ITAM-ITAD can seem like a challenging task.

The SEC holds management accountable for being aware of incidents. Plausible deniability is not a justifiable excuse. Blaming others won't solve the problem.

Nobody cares about ITAD until everyone cares. By then, it is too late. Everybody wants to be responsible for ITAD's success; nobody wants to be accountable for the exposure.

Addressing the conflicts of interest inherent in ITAM-ITAD can be awkward and risky.  Anyone can submit a whistleblower tip to the SEC.

With the SEC paying whistleblowers millions of dollars for tips, the risks to ITAM and ITAD practices are no longer linked to the classic data breach disclosure. This includes anyone who knows of a potential vulnerability, like inventory discrepancies, including current or past employees, current or past service providers, jealous or disgruntled, job applicants, or temporary contractors. Up until now, many organizations have relied on an employee not knowing enough about risky practices to report them.

Problems begin in ITAM, but effective ITAM is needed to help solve them. 

ITAM may have created the problem, but it cannot solve it. ITAM is disqualified because of conflicts. Furthermore, a firefighter who commits arson typically does not want to be caught.

Effective ITAM is essential to preventing problems. Assets must be tracked from acquisition through disposition.

The new ITAM-ITAD paradigm means missing assets must be taken seriously.

Effective ITAM requires adequate resources and executive support.

The new ITAM-ITAD paradigm means every missing asset must be taken seriously. The new ITAM guy is taking missing assets very seriously.

Transforming ITAM-ITAD requires embracing change and engaging ITAD management specialists.

Employees may feel shame when they act against their standards or cognitive dissonance when they face new information that challenges their assumptions. Both can cause employees to hide problems from others, which can have negative consequences. It is important to recognize and address shame and cognitive dissonance by reframing negative situations as opportunities for growth and seeking help from experts.

ITAD disposal tags are like vets hiding medicine in dog treats. Disposal tags discreetly address issues, deter theft, and provide chain of custody. You'll wonder why they weren't used before.

Veterinarians hide medicine in dog treats to make it easier to administer. Just as giving medications to dogs can be challenging, changing conventional ITAM-ITAD can be difficult. Those affected may be uncooperative or unwilling to change on their own. A spoonful of sugar helps the medicine go down.

Effective ITAM means providing ITAM with the resources necessary to protect every asset.

The IT Asset Disposition Society ("ITAD Society") is dedicated to promoting best practices and fostering ethical conduct in the field of IT asset disposition ("ITAD"). Our organization firmly opposes conflicts of interest and duty, striving to create a transparent and accountable environment for all stakeholders involved in the disposal of IT assets.

We are committed to advancing responsible and sustainable practices in the industry, emphasizing the proper management of electronic waste and protecting sensitive data. Through collaboration, education, and advocacy, we aim to shape a future where the disposal of IT assets is carried out with utmost integrity, environmental consciousness, and respect for data privacy.

Our mission is to:

The ITAD Society strives to be a trusted resource and a driving force for positive change in the ITAD industry. Together with our members, partners, and stakeholders, we seek to shape a future where ethical conduct, sustainability, and data privacy are integral components of every ITAD practice.

The ITAD Society promotes the principles of the Doctrine of Defensible  IT Asset Disposition (the "Doctrine"). 

The Principles are:

Copyright © 2023 Kyle A. Marks.  All rights reserved.