The 5C Approach to ITAD Risk Management


Keep ITAD simple if you want to get executive buy-in

Effective IT asset disposition (ITAD), by its nature, crosses departmental boundaries. And its proper implementation not only mitigates IT risk but also addresses risk at other touch points throughout the organization. Everyone has a stake in the process.

While IT may have an in-depth understanding of the inherent compliance and data loss risks associated with an improperly executed ITAD program, in trying to promote the program the big hurdle IT often faces is executive buy-in.

ITAD Risk Management: The 5C Approach

ITAD can be complicated but, if you want to realize the benefits, you have to sell it. Chances are you may already be armed with specific internal or industry examples that you know of or have worked through. In general, though, ITAD risk management and mitigation is about compliance, code, cloud, cost, and consolidation — the 5Cs.

1C: Compliance

Data disposal, not only in highly regulated industries like finance and healthcare, carries serious liability issues if improperly executed. Just look at the City of Houston. Improper asset disposal led to them “selling private, personal information through online auctions of used government equipment.” This information consisted of:

  • Photos of driver's licenses and checks
  • Documents with social security numbers
  • Emails detailing city security procedures

Non-compliance practices like this could leave your business open to:

  • Data breaches
  • Environmental violations
  • Loss of investor and consumer confidence

ITAD addresses the tangible risks and risk mitigation associated with regulatory compliance.

2C: Code

The Code of Federal Regulations details the purpose, scope, and proper disposal of consumer information. Part 682 covers the key aspects of electronic data disposal that all businesses should be aware of. It sets forth the standard and key responsibilities for data destruction, disposition, your responsibilities, and the due diligence required when dealing with the proper disposal of electronic consumer information. This includes both internal disposition and third-party compliance.

3C: Cloud

It’s common, in the process, for companies to forget about the proper disposal of old hardware and software after moving to the cloud, and the risks associated with the reselling, recycling, repurposing, and disposal of in-house infrastructure have increased.

With so many new products and services living off-site, many businesses are faced with a surplus of hardware and old software installations that they’re unsure what to do with. Old equipment may just get put into storage, with software and corporate data still installed.

Making ITAD a part of your cloud migration strategy helps with compliance and also allows you to maximize your cloud ROI.

4C: Cost

An effective ITAD program manages risk across the board. More than just recycling hardware, it includes:

  • Ensuring assets are removed from property tax logs
  • Software license management
  • Internal cost accounting
  • Data management (e.g., legal holds on to hard drives)

While costs continually rise within the IT space, ITAD takes both a short-term and long-term stance. When properly implemented, money is saved through risk management and avoidance. In today’s climate of hypersensitivity, security awareness, and environmental activism we can’t afford to not do this right.

5C: Consolidation

Engineers and those of us in IT like to live by a principle of “Keep It Simple.” This is a design rule that states systems perform best when they have simple designs rather than complex ones.

Issues can arise when you spread your ITAD program among multiple providers. Consolidating your ITAD program with one trusted partner, improves transparency, increases understanding throughout the process, reduces time spent on tasks, and reduces complexities.


IT Managers and Directors are continually asked to do more with less. They’re tasked with providing innovation, increased uptime, always-on stability, and technological agility. As a result, they’re always evaluating opportunities that help them remain focused on strategic initiatives. ITAD is one such opportunity.

Use this 5C approach. Regardless of the provider you choose, do your due diligence. Choose a provider that will work with you, one that understands your organization and industry.

CompuCom has continuously been recognized as a trusted industry leader and managed workplace services provider. We are fully committed to environmental stewardship and sustainability and, as a result, we have achieved International Organization for Standardization (ISO®) 14001 Environmental Certification.

Comments are moderated and will be posted if they are on-topic and not abusive. For more information, please see our Comments FAQ.

Add new comment

The content and opinions posted on this blog and any corresponding comments are the personal opinions of the original authors, not those of CompuCom.

  • Jennifer Brooks's picture

    Jennifer Brooks

    Supply Chain Sr. Director of Operations

    Jen Brooks is a Supply Chain Senior Director responsible for CompuCom's Quality and Business Management Systems. Jen has years of experience Managing the Paulsboro Integration Center that performs MyStore Integration services.

[x] Close

Sign Up for Email