How to Perform IT Asset Disposal Vendor Due Diligence. Part I

Share Button

Part 1: Instituting a Master Service Agreement

Excess Logic will be publishing multiple blog posts to prepare organizations for audits around computer equipment disposal, environmental compliance, and data security for end of life media and storage assets.

AUDITSmaller

On this first series of posts we will be focused on advising organizations on how to develop a packet of documents that will provide auditors a clear explanation of the asset disposal process, the roles of the key stakeholders involved, and the responsibilities of internal and third party providers.

Your organization likely has an asset management system, decommissioning process, disposal vendor, and record keeping mechanism in place. It is important that these processes and responsibilities are documented in writing, responsibilities are understood across the organization, key stakeholders sign off on the process, and the information is archived and available when needed.

Having a Master Service Agreement (MSA) with a third party disposal provider is a critical aspect of being able to display the due diligence performed when selecting the IT asset disposal vendor being utilized. A MSA is a contract between two parties that will govern the future transactions between the parties.

At minimum a MSA should cover in detail the following aspects of a disposal program:

  • Vendor Insurance Coverage
  • Environmental Practices- Standard / Certifications for eWaste Recycling
  • Data Security- Data Destruction Standards and Approved Methods
  • Data Privacy- Confidentiality Policy Including Commitment to Disclose Breach or Threat of Breach
  • Overview of Service, Processes, Financial Obligations, Asset Reporting, and Billing Standards

The MSA allows an organization and third party vendor to maintain a clear understanding of what is expected for all service delivery. The vendor can provide statements of work or quotes in order to accomplish the goals of specific disposal and decommissioning projects.

If you have a MSA in place with a disposal vendor make sure to update the document as standards, policies, and industry regulations change. Having this agreement in place is an excellent beginning to documenting an organization’s disposal program. However, having a MSA is only one piece of the packet you need to build for a potential audit.

In the coming weeks we will be following this post with more on how to document your due diligence in sourcing downstream waste handlers, maintaining a secure data destruction program, and other important asset management, certification of destruction, and financial considerations to account for.

About Excess Logic

Excess Logic provides e-waste recycling services in San Jose, Santa Clara, Milpitas, Fremont, Sunnyvale, Mountain View, Cupertino, Palo Alto, Redwood City and SF Bay Area, California:

Your job is just to get your IT assets to your front door and call us 650-307-7553. Using our stringent environmentally ethical guidelines we ensure the best management of your e-waste and surplus electronics.

Source

Share Button

No Comments Yet.

Leave a comment