Before you sign a contract with an ITAD vendor, you need answers to these questions. Print this list, bring it to vendor meetings, and don't sign until you're satisfied with every answer.
1. Are you R2 or e-Stewards certified?
This is pass/fail. If they say "we follow the R2 standard" but aren't actually certified, that means nothing — anyone can claim to follow a standard. Ask for their certificate number and verify it on the SERI registry or e-Stewards registry.
2. What data destruction methods do you use, and do they follow NIST 800-88?
You want specific answers: "We use Blancco software for NIST 800-88 Clear/Purge level sanitization and industrial shredders for Destroy level." If they give vague answers like "we wipe the drives," dig deeper. Ask about failed drives specifically — what happens when a drive can't be wiped?
3. What documentation will I receive?
At minimum, you need: serialized certificates of data destruction (listing every drive by serial number and method), a certificate of recycling, and a chain-of-custody report. Ask to see sample reports before signing.
4. Will you sign a Business Associate Agreement (BAA)?
If you're in healthcare, this is required under HIPAA. If the vendor doesn't know what a BAA is, they don't have healthcare experience. Even non-healthcare organizations should understand whether the vendor is willing to accept contractual liability for data handling.
5. How do you handle downstream vendors?
Certified vendors are required to vet their downstream processors. Ask: "Where do the circuit boards go? Where do the plastics go? Can I see your downstream vendor documentation?" A good vendor will be transparent about this. A bad one will be evasive.
6. What is your value recovery / remarketing program?
If your equipment has resale value, you should benefit from it. Ask: "What percentage of resale revenue do I receive? How do you determine fair market value? Can I see a sample value recovery report?" Be cautious of vendors who promise high values upfront — they may be inflating estimates to win your business.
7. What geographic areas do you service?
If you have multiple locations, confirm the vendor can service all of them. Ask about their logistics network — do they have their own trucks, or do they subcontract transportation? If subcontracted, how is chain of custody maintained?
8. What insurance do you carry?
Look for: environmental liability insurance, errors and omissions coverage, and general commercial liability. Ask for certificate of insurance. If they don't have environmental liability coverage, that's a red flag.
9. Can you provide references from companies in my industry?
A vendor who's worked with companies like yours will understand your specific requirements. Healthcare needs BAAs and HIPAA compliance. Financial services needs SOX documentation. Government needs NIST compliance. Industry-specific references prove they can deliver.
10. What happens if there's a data breach or environmental incident?
Ask about their incident response process. How quickly would you be notified? What remediation do they provide? What does the contract say about liability? Certified vendors should have documented incident response procedures as part of their certification.
Once you have satisfactory answers to all ten questions, you're ready to evaluate pricing and terms. Find certified ITAD vendors in our directory → or request competitive quotes from verified facilities.