Challenges with Conventional ITAM-ITAD
The SEC enacted cybersecurity rules and deemed ITAD cybersecurity a risk. Companies can no longer kick the can down the road.
The SEC's new cybersecurity disclosure requirements spotlight unresolved IT assets and conflicts of interest in ITAM-ITAD processes, making it essential for organizations to address these issues.
The conventional ITAM-ITAD paradigm is based on trust; the fox watches the hen house.
Segregation of Duties (SOD) between ITAM and ITAD is imperative.
The conventional ITAM-ITAD paradigm is rigged to skirt disclosure provisions. ITAM and ITAD vendors have each other's backs.
You scratch my back. An unspoken agreement between ITAM and ITAD providers relies on shared expectations and a common understanding of mutually assured destruction. SOD between ITAD management and ITAD providers is imperative.
ITAM allocates lost assets to ITAD. Instead of being investigated, missing assets are considered retired. Allocating is hiding.
ITAM should never share inventory with a downstream ITAD provider. Providers have a temptation to tell you what you want to hear, not what you need to hear.
Problems with conventional ITAM-ITAD are beyond the control of any individual.
Managing the complexity and conflicts of ITAD is far beyond the control of any individual.
It can be tempting for management to ignore the problems.
It can be tempting to sweep problems under the rug.
It can be tempting to take the canary out of the coal mine so you are not alerted of problems.
Transforming the conventional ITAM-ITAD can seem like a challenging task.
The SEC holds management accountable for being aware of incidents. Plausible deniability is not a justifiable excuse. Blaming others won't solve the problem.
Nobody cares about ITAD until everyone cares. By then, it is too late. Everybody wants to be responsible for ITAD's success; nobody wants to be accountable for the exposure.
Addressing the conflicts of interest inherent in ITAM-ITAD can be awkward and risky. Anyone can submit a whistleblower tip to the SEC.
With the SEC paying whistleblowers millions of dollars for tips, the risks to ITAM and ITAD practices are no longer linked to the classic data breach disclosure. This includes anyone who knows of a potential vulnerability, like inventory discrepancies, including current or past employees, current or past service providers, jealous or disgruntled, job applicants, or temporary contractors. Up until now, many organizations have relied on an employee not knowing enough about risky practices to report them.
Problems begin in ITAM, but effective ITAM is needed to help solve them.
ITAM may have created the problem, but it cannot solve it. ITAM is disqualified because of conflicts. Furthermore, a firefighter who commits arson typically does not want to be caught.
Effective ITAM is essential to preventing problems. Assets must be tracked from acquisition through disposition.
The new ITAM-ITAD paradigm means missing assets must be taken seriously.
Effective ITAM requires adequate resources and executive support.
The new ITAM-ITAD paradigm means every missing asset must be taken seriously. The new ITAM guy is taking missing assets very seriously.
Transforming ITAM-ITAD requires embracing change and engaging ITAD management specialists.
Employees may feel shame when they act against their standards or cognitive dissonance when they face new information that challenges their assumptions. Both can cause employees to hide problems from others, which can have negative consequences. It is important to recognize and address shame and cognitive dissonance by reframing negative situations as opportunities for growth and seeking help from experts.
ITAD disposal tags are like vets hiding medicine in dog treats. Disposal tags discreetly address issues, deter theft, and provide chain of custody. You'll wonder why they weren't used before.
Veterinarians hide medicine in dog treats to make it easier to administer. Just as giving medications to dogs can be challenging, changing conventional ITAM-ITAD can be difficult. Those affected may be uncooperative or unwilling to change on their own. A spoonful of sugar helps the medicine go down.
Effective ITAM means providing ITAM with the resources necessary to protect every asset.
The IT Asset Disposition Society ("ITAD Society") is dedicated to promoting best practices and fostering ethical conduct in the field of IT asset disposition ("ITAD"). Our organization firmly opposes conflicts of interest and duty, striving to create a transparent and accountable environment for all stakeholders involved in the disposal of IT assets.
We are committed to advancing responsible and sustainable practices in the industry, emphasizing the proper management of electronic waste and protecting sensitive data. Through collaboration, education, and advocacy, we aim to shape a future where the disposal of IT assets is carried out with utmost integrity, environmental consciousness, and respect for data privacy.
Our mission is to:
Address Conflicts of Duty: We recognize the importance of upholding fiduciary duties and obligations within the IT asset management ("ITAM")-ITAD process. We call for a segregation of duties between ITAM and ITAD management. We strive to mitigate conflicts of duty by promoting clear guidelines and ethical frameworks that prioritize the best interests of clients, organizations, and stakeholders.
Combat Conflicts of Interest: We vehemently oppose conflicts of interest, advocating for transparency and impartiality in all aspects of ITAD. Our society works to eliminate any influence that compromises the integrity of the ITAD management process, safeguarding the interests of both the client and the ITAD provider.
Promote Best Practices: We actively encourage adopting industry-leading practices and standards to ensure IT assets' secure, efficient, and environmentally friendly disposition. By providing guidance and resources, we empower organizations to make informed decisions throughout the entire asset lifecycle.
Achieve Regulatory Compliance: Adhere to all laws, regulations, and industry standards that govern the proper handling, disposal, and data sanitization of electronic devices. Compliance involves following established protocols to protect sensitive information, safely recycling or refurbishing equipment, and maintaining comprehensive records of the disposition process.
Ensure Data Privacy: We advocate for robust data privacy measures throughout the ITAM-ITAD process. Our society emphasizes the secure erasure or destruction of sensitive information, protecting individuals and organizations from potential data breaches. We work alongside industry experts to develop and promote reliable data sanitization techniques and compliance with relevant regulations.
Foster Sustainability: We are committed to minimizing the environmental impact of ITAD. Our society promotes adopting eco-friendly practices, such as recycling, refurbishment, and responsible e-waste management. By prioritizing sustainability, we aim to preserve natural resources and mitigate the negative consequences of improper disposal.
The ITAD Society strives to be a trusted resource and a driving force for positive change in the ITAD industry. Together with our members, partners, and stakeholders, we seek to shape a future where ethical conduct, sustainability, and data privacy are integral components of every ITAD practice.
The ITAD Society promotes the principles of the Doctrine of Defensible IT Asset Disposition (the "Doctrine").
The Principles are:
There must be a separation of duties (SOD) between ITAM and ITAD management.
There must be SOD between ITAD management and ITAD providers.
Use disposal tags
There must be a Zero-Trust approach to ITAD management.
Critics usually have a conflict or cognitive dissonance.
Copyright © 2023 Kyle A. Marks. All rights reserved.