All the vendors and most of the larger third-party services provide the customer with serialized reporting on each and every asset, including whether and when it was resold or recycled, and certificates confirming data destruction. In most cases the vendor recommends that the customer do at least one data wipe on its end and/or disable the disk with special utilities or by driving a nail through the hard drive. Then the vendor will transport the equipment to one of its own sites or partner sites and do subsequent wipes, including anywhere from three to seven wipes according to customer and Department of Defense specifications.

However, vendors are also open to providing data wipe services on the customer site for an extra fee. IBM and HP have their own recovery and recycling capabilities but also partner with third parties in several locations.

Proceed with caution

It can be tempting to look at asset recovery as a cost and choose the least-expensive vendor as an asset-recovery partner. However, experts agree that reducing risk should be the primary criterion when devising a strategy: the risk of fines, lawsuits, or damaged reputation. That's why in large enterprises, increasingly, responsibility for asset-recovery has moved beyond the department level and the IT division, to the CXO level -- often to the CIO, CFO, or even CEO. It makes sense for companies to have a centralized recovery strategy so that one department doesn't get the entire organization in trouble with the law or the media.

Due diligence means coming up with your company's own set of requirements for asset recovery, based on company philosophy and standards, as well as relevant local, state, and federal regulations, then investigating whether your recovery partner, and that partner's recovery partners, meet those requirements. A global enterprise will obviously have to consider policies and regulations abroad.

"You have to ask a provider questions like, 'How do you manage your partners and hold them accountable?' " says Joe Strathmann, Dell's senior manager of worldwide asset recovery. "What is your audit protocol for your partners and your partners' partners?" If the vendor has a high percentage of its own recovery and recycling facilities, that may be a key measure of comfort level.

It's also important to do your own checking. "We recommend that you go out and visit the providers and kick the tires," says James O'Grady, director of technology value solutions at HP. Even though Intechra has its own third-party auditor and auditing process, Union Bank does its own periodic audits, mostly for security purposes, to ensure that disks are being wiped properly.

Transportation is not only a cost, but a risk as well. It's important to understand what background checks are done on the persons driving the trucks the company uses. And it's worth checking what percentage of e-waste handled by your partner on average ends up as landfill. For example IBM claims that number is .78 percent. Slack claims that Intechra's goal is zero-percent landfill and jokes that there's more waste from the company's lunchroom than from its asset-recovery process.

Another aspect to consider is the efforts your PC vendor puts in at the manufacturing end to make its equipment easy to disassemble and recycle. Among other things, this means using as few screws and plastics as possible.

Finally, little things can make a big difference. LeDuc was sold simply on the professionalism of the people Intechra sent to its 320 bank branches to pick up equipment, which is important for bank offices with a high public profile. "It shouldn't be like calling a moving company," LeDuc says.

Whatever approach your company ends up taking to IT asset recovery, the benefits are clear: Organizations stand to gain peace of mind that they comply with today’s and tomorrow’s e-waste regulations and that the data on their retired systems won't fall into the wrong hands. There might even be a return on the asset recovery investment. The environmental benefits are green icing on the cake.