IT asset management (ITAM) should be a no-brainer. It manages procurement, keeps inventory, tracks hardware and software assets and manages licences, maintenance, warranties and so on. It also involves the management of contracts related to leased IT assets.
ITAM, says Gartner, is a fundamental discipline that enables improved cost control and better understanding of IT's business value. “With 80% of the average IT budget spent on maintaining existing applications, ITAM remains one of the most fertile opportunities for continued IT cost reduction,” the company says.
The above paragraphs, which opened the ITWeb ITAM feature last year, are just as relevant today. In fact, we could rerun last year's feature as is and it would still be accurate and relevant. Instead, we're going to look at the consequences of not having your IT ducks in a row, particularly with regard to the disposal of obsolete IT equipment.
Tracker
As discussed in previous features, not keeping track of IT assets can be an expensive hobby. Says principal consultant at CA Africa's service management practice Patrick Price: “According to industry experts, organisations that systematically manage the life cycle of their assets will reduce the cost per asset by as much as 30% in the first year alone. Yet today, many organisations have little or no insight into exactly what assets they own, let alone how they can optimise them throughout their life cycle, from requisition to disposal.”
Aside from the cost savings, not managing assets means equipment may be lost, stolen or abandoned in a cupboard without anyone noticing or being able to track it if they do notice. Secondly, rental companies will charge for equipment not returned at the end of the lease term. Lastly, your financial director, having paid for the equipment, is going to want to know where it is before he allocates budget for new equipment.
More than this, however, is the value of the data on any machine that is lost (via whichever means) or improperly disposed of. In today's environment, where corporate governance, risk and compliance are top of mind, companies not effectively keeping track of equipment could be said to be acting highly irresponsibly.
Data on devices needs to be secured, and it needs to be cleaned off devices before these are decommissioned, recommissioned or destroyed. Much written and anecdotal evidence abounds of laptops being left on trains or PCs being sold to second-hand dealers with a drive full of company information.
Says Dell environmental programme manager for EMEA Marcus Albers: “Studies have shown that few companies care what happens to used equipment, and the data on that equipment in particular.”
Magix Integration director Amir Lubashevsky says the more we move towards a mobile workforce, the more information is sitting unmanaged on laptops and other devices or moveable storage media. “One form of intellectual property people always forget is the database of customers and content that sits on cellphone SIM cards. Most employees have customer information, e-mails, contact details on their cellphones. SIM cards are easy to duplicate. There is no management of the data thereon, no commissioning or decommissioning process. Guys move from company to company with this database on their cellphones. Remember the case with IS and Verizon?”
Says CA's Price: “Governance issues related to asset management include software licence compliance [see sidebar] and hardware disposal. A BSA piracy study concluded in 2007 reported that South Africa had a software piracy rate of 34% amounting to losses of $284 million to the software industry.
“The disposal of hardware assets at the end of their useful life is a governance issue that needs to be addressed from both an environmental and a social conscience point of view to ensure usable assets are donated to charities and unusable assets are disposed of with no negative impact to the environment,” he states.
“The Electronic Product Environmental Assessment Tool (EPEAT) programme was launched in 2006 to help purchasers identify environmentally preferable electronic products. By 2007, 25 electronics manufacturers had registered their products on the programme, which will result in a massive reduction in the use of primary materials in the manufacture of desktops and laptops, a massive reduction in the use of toxic materials, including mercury and, as a result, drastically reduce the disposal of tons of hazardous waste. Organisations are being urged to procure new hardware assets produced by these registered manufacturers.”
Waste not
A destruction certificate is not legally acceptable.
Johnny Clegg, director, African Sky
Organisations are also being urged, by the likes of African Sky's Johnny Clegg, to give serious thought to where and how they dispose of their IT assets.
Speaking at the keynote address on the first day of the Gartner Symposium held in Cape Town in August, Clegg said South Africa produces an estimated 50 000 tons of e-waste annually. Ninety-five percent of this, he says, can be recycled.
“There are two components to recycling. The first happens at a separation plant, which separates the components and ships them to various recyclers. The second is at the recycling plant itself. South Africa lacks properly recycling facilities, although it does have many separation facilities. A big question mark for companies is where components from separation plants go. We don't know.
“Most e-waste companies are not compliant with even the basic standards, in this case ISO14001. And the onus is on the companies disposing of the waste. If your stuff is found on an illegal site, the legal framework points to the source of the waste.”
Clegg notes that there are many illegal dump sites in agricultural areas (hidden behind high walls), where casual labour is employed to strip and burn waste, at considerable health risk to themselves and environmental risk to the land the waste sits on, and the ground water beneath it.
“If you're reselling a hard drive, what is your policy regarding the data on that drive? We've found drives being sold to second-hand dealers (who use them to build machines) with the data left on it. Sterilising a hard drive is costly,” he added. “And what is your process for tracking and auditing e-waste? Most providers will give you a destruction certificate. This isn't good enough. You need to make sure through site inspections and other measures that destruction has taken place. A certificate is not legally acceptable.”
Corporates are legally liable to ensure that equipment they auction off to scrap dealers, which will strip and recycle components for the value of the materials such as gold, is disposed of in a compliant manner [see sidebar]. One ton of circuit boards can yield six ounces of gold. While some dealers will give companies a letter stating they accept liability for what happens to the equipment, this is not legally valid, says Clegg.
“The law makes provision for clean-up costs,” he warns, noting that these are higher than the fines posed for breaching environmental legislation (R5 million or 10 years in jail) as a clean-up can take five years and cost hundreds of millions of rand.
SA had a software piracy rate of 34% amounting to losses of $284 million [in 2007].
Patrick Price, principal consultant, CA Africa
At present, as Clegg notes, there is no e-waste specific legislation. There is also no specific 'data eradication' law, but there are broader laws related to environmental affairs, and the duties of responsible corporate citizens that corporates need to bear in mind.
Green IT and security are both high-profile topics, which regularly make headlines. Companies claiming ignorance are likely to get very short thrift.
Share