2009 iaitam conference - stockman
DESCRIPTION
2009 IAITAM Conference Presentation: Best Practices in I.T. Asset CollectionTRANSCRIPT
IAITAM 2009 Annual Conference & Exhibition
Bringing Green Together
Best Practices: I.T. Asset Collection
Presented by
Shawn Stockman
IAITAM 2009 Annual Conference & Exhibition
Bringing Green Together
About ONEPAKONEPAK, Inc. is a reverse logistics
technology company, uniquely specializing in the new regulatory-driven niche of I.T. asset collection and logistics.
The Company manages nationwide packing, tracking, and transportation of used computers and other electronics at end-of-life or end-of-lease.
IAITAM 2009 Annual Conference & Exhibition
Bringing Green Together
What do you have to worry about?
IAITAM 2009 Annual Conference & Exhibition
Bringing Green Together
Federal Regulations
Require Secure Handling of Information Assets
AKA “The Superfund Law”
Any company who’s PC is found in a landfill will pay.
CERCLA Act (1980)
IAITAM 2009 Annual Conference & Exhibition
Bringing Green Together
Federal Regulations
Require Secure Handling of Information Assets
Requires “financial institutions” to protect their customers' data.
Title V of the Gramm-Leach-Bliley Act (1999)
IAITAM 2009 Annual Conference & Exhibition
Bringing Green Together
Federal Regulations
Require Secure Handling of Information Assets
Requires public companies to ensure the security of assets and the information stored on them.
Sarbanes-Oxley Act (2002)
IAITAM 2009 Annual Conference & Exhibition
Bringing Green Together
Requires health care providers to safeguard personal information.
Federal Regulations
Require Secure Handling of Information Assets
HIPPA
IAITAM 2009 Annual Conference & Exhibition
Bringing Green Together
Affects government agencies and contractors with HIPPA-like standards around internal controls and asset tracking.
Federal Regulations
Require Secure Handling of Information Assets
Federal Information Security Management Act of 2002 (FISMA)
IAITAM 2009 Annual Conference & Exhibition
Bringing Green Together
Disposal, Safeguards, and Privacy rules require the proper disposal of consumers’ personal information.
Federal Regulations
Require Secure Handling of Information Assets
FTC – FACTA (Disposal Rule, 2005)
IAITAM 2009 Annual Conference & Exhibition
Bringing Green Together
I.T. Asset Collection and...
Compliance Risk
IAITAM 2009 Annual Conference & Exhibition
Bringing Green Together
What are the risks & costs of data breach?
U.S. Cost of Data Breach Study: • $202/compromised customer record--up 40% since 2005.• Average per-incident costs in 2008 were $6.65 million, up
5% compared to 2007. • Third-party organizations accounted for > 44 % of cases
and are also the most costly.
• More than 88% of all cases in this year’s study involved
insider negligence.
IAITAM 2009 Annual Conference & Exhibition
Bringing Green Together
Mitigating Risk during
I.T. Asset Collection
Onsite packing
Pickup
Cross-docks & Hubs
Delivery / Audit
IAITAM 2009 Annual Conference & Exhibition
Bringing Green Together
It costs more to reduce risk
RISK
COST
IAITAM 2009 Annual Conference & Exhibition
Bringing Green Together
Best Practices: I.T. Asset Collection
Onsite packing
Pickup
Cross-docks & Hubs
Delivery / Audit
1. Make sure the crew is qualified.
2. Make sure they record every asset—digitally if possible.
3. Compare the client’s asset list to the Logistics Provider’s.
IAITAM 2009 Annual Conference & Exhibition
Bringing Green Together
Pickup
Cross-docks & Hubs
Delivery / Audit
1. Make sure the same company that packs also picks up—with one touch to the customer.
2. Get Proof of Pickup.
3. Get the driver’s name and signature.
4. Know what you are signing before authorizing a release of the assets.
Best Practices: I.T. Asset Collection
IAITAM 2009 Annual Conference & Exhibition
Bringing Green Together
Delivery / Audit
1. Track your assets online.
2. Ask which cross-dock facilities.
3. Ask about security at each facility.
4. Request machine-wrapping of your pallets.
Best Practices: I.T. Asset Collection
Cross-docks & Hubs
IAITAM 2009 Annual Conference & Exhibition
Bringing Green Together
Delivery / Audit
1. Make sure EP documents the condition of assets before unloading.
2. Get a Proof of Delivery from the Logistics Provider.
3. Match the Proof of Delivery with the Proof of Pickup and the audit report.
Best Practices: I.T. Asset Collection
IAITAM 2009 Annual Conference & Exhibition
Bringing Green Together
Get a Certificate of Collection
Best Practices: I.T. Asset Collection
IAITAM 2009 Annual Conference & Exhibition
Bringing Green Together
Document the Recovery Process
Recycler/Remarketer
In Transit
Certificate of Destruction
Cross-docks & Hubs
Certificate of Collection
IAITAM 2009 Annual Conference & Exhibition
Bringing Green Together
Protect data before you ship
• Encryption before transport – lowers liability
• Erasure before transport & DOD standard erasure afterward
IAITAM 2009 Annual Conference & Exhibition
Bringing Green Together
Packaging & Transport Options
• Dedicated secure trucks to certified shredder/recycler
• Remove and shred hard drives onsite
• Remove hard drives, ship unlocked by secure transport
• Remove hard drives, ship in lockbox by common carrier
IAITAM 2009 Annual Conference & Exhibition
Bringing Green Together
Resources
• National Association for Information Destruction (www.NAIDonline.org)
The NAID Certification Program establishes standards for a secure destruction process including such areas as operational security, employee hiring and screening, the destruction process, responsible disposal and insurance.
IAITAM 2009 Annual Conference & Exhibition
Bringing Green Together
Resources
OnePak’s Certified I.T. Asset Collection Services
• Certification Program guarantees only Certified I.T. Asset Handlers perform onsite packing according to strict SOP.
• Provides Proof of Pickup, Proof of Delivery and Certificate of Collection.
• All activities from uploaded asset list out of your asset management software, through delivery are viewable online.
IAITAM 2009 Annual Conference & Exhibition
Bringing Green Together
Questions?
Shawn Stockman
OnePak, Inc.
www.onepak.com
207.266.4362