The prospect of disposing of old IT equipment -- PCs, servers, storage gear, and the like -- may very well fill your heart with dread. After all, you're putting a lot of faith in a third party that the machines will be thoroughly wiped of confidential information, resold for a fair price, and, when applicable, properly disassembled, recycled, and disposed of. If your partners' practices end up being sloppy -- or downright criminal -- you could find yourself in regulatory and PR hell as confidential data protected by HIPAA or SarBox ends up in the wrong hands or 500 of your PCs end up in a landfill or river somewhere.

The good news is, as the burgeoning ITAD (IT asset disposal) market -- estimated to be a US$5 billion industry -- grows, best practices are emerging to help companies choose the right service provider. In fact, IDC last week unveiled its ground-breaking GRADE (Green Recycling and Asset Disposal for the Enterprise) certification program through which the research company identifies ITAD providers that meet at least 75 per cent of a preset list of 34 ITAD-related functions and tasks, taking into account application offerings, onsite services, logistics, in-plant processing and post treatment. Of the 25 ITAD providers IDC reviewed since starting work on the certification four years ago, only five made the, well, GRADE: Dell, HP, IBM, Intechra, and Redemtech.

David Daoud, an IDC research manager who worked on the certification program, notes that the list of five is by no means exhaustive and that other ITAD companies may be equally suited to meet your every need. That loops back to the question, though, of how you might go about choosing, even from a short list. Following are some points to ponder as you shop for an ITAD provider.

1. Be sure the company does what it claims. The smooth-talking representative from 'We So Green' may speak convincingly to just how diligently his organization works with third parties to ensure your PCs and servers are purged of proprietary data before being disassembled and recycled in compliance with environmental regulations. But unless you check, those third parties' only tools might be sledgehammers for smashing machines and pickup trucks for hauling the debris to the local landfill.

"You should look at the quality of processes that the [ITAD] company provides," says Chip Slack, CEO of Intechra. "[You should be] going to visit on-site, looking at the certifications, looking at downstream audit process, validating the quality of what they're doing and what ultimately happens to assets. "

That's not to say that an ITAD provider that works with third parties isn't to be trusted, Daoud notes. Even some of the companies that have achieved GRADE certification "use outsourcing or third-party partners to do some of the work, like logistics or recycling operations. Typically, they put in place stringent auditing and monitoring processes that ... establish maximum security," Daoud says.

Other questions you might ask the provider include "How much carbon emission reduction has been achieved through this process?", "How are the toxic products treated?" and "Has anything been exported, and where?"

2. Ensure the process is secure. Never forget that when you're handing your computing equipment over to a third party, you could be taking a risk. You're effectively giving them confidential information stored on equipment containing hazardous material. If it ends up in the wrong hands or in the wrong place, you're in trouble.

Making sure your ITAD vendor properly purges your machines is a good start. For example, "potential providers should be able to demonstrate that they follow Department of Defense 5220.22-M standards for wiping data on any storage device, using a tool that flags when sectors are inaccessible and provides robust reporting of configurations and confirmation the wipe has been completed," as noted by a report by Intechra titled "Beyond the Basics: 6 Critical Requirements for Selecting the Right ITAD Provider."