The SEC's new cybersecurity disclosure requirements spotlight unresolved IT assets and conflicts of interest in ITAM-ITAD processes, making it essential for organizations to address these issues.
Segregation of Duties (SOD) between ITAM and ITAD is imperative.
You scratch my back. An unspoken agreement between ITAM and ITAD providers relies on shared expectations and a common understanding of mutually assured destruction. SOD between ITAD management and ITAD providers is imperative.
ITAM should never share inventory with a downstream ITAD provider. Providers have a temptation to tell you what you want to hear, not what you need to hear.
Managing the complexity and conflicts of ITAD is far beyond the control of any individual.
Nobody cares about ITAD until everyone cares. By then, it is too late. Everybody wants to be responsible for ITAD's success; nobody wants to be accountable for the exposure.
With the SEC paying whistleblowers millions of dollars for tips, the risks to ITAM and ITAD practices are no longer linked to the classic data breach disclosure. This includes anyone who knows of a potential vulnerability, like inventory discrepancies, including current or past employees, current or past service providers, jealous or disgruntled, job applicants, or temporary contractors. Up until now, many organizations have relied on an employee not knowing enough about risky practices to report them.
ITAM may have created the problem, but it cannot solve it. ITAM is disqualified because of conflicts. Furthermore, a firefighter who commits arson typically does not want to be caught.
The new ITAM-ITAD paradigm means missing assets must be taken seriously.
The new ITAM-ITAD paradigm means every missing asset must be taken seriously. The new ITAM guy is taking missing assets very seriously.
Employees may feel shame when they act against their standards or cognitive dissonance when they face new information that challenges their assumptions. Both can cause employees to hide problems from others, which can have negative consequences. It is important to recognize and address shame and cognitive dissonance by reframing negative situations as opportunities for growth and seeking help from experts.
Veterinarians hide medicine in dog treats to make it easier to administer. Just as giving medications to dogs can be challenging, changing conventional ITAM-ITAD can be difficult. Those affected may be uncooperative or unwilling to change on their own. A spoonful of sugar helps the medicine go down.
The IT Asset Disposition Society ("ITAD Society") is dedicated to promoting best practices and fostering ethical conduct in the field of IT asset disposition ("ITAD"). Our organization firmly opposes conflicts of interest and duty, striving to create a transparent and accountable environment for all stakeholders involved in the disposal of IT assets.
We are committed to advancing responsible and sustainable practices in the industry, emphasizing the proper management of electronic waste and protecting sensitive data. Through collaboration, education, and advocacy, we aim to shape a future where the disposal of IT assets is carried out with utmost integrity, environmental consciousness, and respect for data privacy.
Our mission is to:
Address Conflicts of Duty: We recognize the importance of upholding fiduciary duties and obligations within the IT asset management ("ITAM")-ITAD process. We call for a segregation of duties between ITAM and ITAD management. We strive to mitigate conflicts of duty by promoting clear guidelines and ethical frameworks that prioritize the best interests of clients, organizations, and stakeholders.
Combat Conflicts of Interest: We vehemently oppose conflicts of interest, advocating for transparency and impartiality in all aspects of ITAD. Our society works to eliminate any influence that compromises the integrity of the ITAD management process, safeguarding the interests of both the client and the ITAD provider.
Promote Best Practices: We actively encourage adopting industry-leading practices and standards to ensure IT assets' secure, efficient, and environmentally friendly disposition. By providing guidance and resources, we empower organizations to make informed decisions throughout the entire asset lifecycle.
Achieve Regulatory Compliance: Adhere to all laws, regulations, and industry standards that govern the proper handling, disposal, and data sanitization of electronic devices. Compliance involves following established protocols to protect sensitive information, safely recycling or refurbishing equipment, and maintaining comprehensive records of the disposition process.
Ensure Data Privacy: We advocate for robust data privacy measures throughout the ITAM-ITAD process. Our society emphasizes the secure erasure or destruction of sensitive information, protecting individuals and organizations from potential data breaches. We work alongside industry experts to develop and promote reliable data sanitization techniques and compliance with relevant regulations.
Foster Sustainability: We are committed to minimizing the environmental impact of ITAD. Our society promotes adopting eco-friendly practices, such as recycling, refurbishment, and responsible e-waste management. By prioritizing sustainability, we aim to preserve natural resources and mitigate the negative consequences of improper disposal.
The ITAD Society strives to be a trusted resource and a driving force for positive change in the ITAD industry. Together with our members, partners, and stakeholders, we seek to shape a future where ethical conduct, sustainability, and data privacy are integral components of every ITAD practice.
The ITAD Society promotes the principles of the Doctrine of Defensible IT Asset Disposition (the "Doctrine").
The Principles are:
There must be a separation of duties (SOD) between ITAM and ITAD management.
There must be SOD between ITAD management and ITAD providers.
Use disposal tags
There must be a Zero-Trust approach to ITAD management.
Critics usually have a conflict or cognitive dissonance.
Copyright © 2023 Kyle A. Marks. All rights reserved.