Managing Large-Scale IT Asset Refresh: A Guide for ITAD Providers 

 The world’s IT asset disposition (ITAD) providers are about to experience a record number of retired endpoints. This situation has been building for over three years, and when the date of Microsoft’s official discontinuation of support for Windows 10 passed (October 2025), the tidal wave became reality. Now that we are in early 2026, the ITADs face a volume of retired endpoints for which they have no historical precedent to base their projections. The IDC and Gartner estimate that the number of devices running Windows 10 (that cannot upgrade to Windows 11) is between 240 million and 300 million worldwide (both corporations and consumers). The corporation has been managing those devices. These devices continue to sit in lease-return piles, in server rooms, waiting to be picked up, or in IT departments that failed tocomplete refresh projects before October 2025 and are now facing the same consequences! Reassuring clients about your capacity to handle this surge can build trust and reduce concerns about service reliability. 

  For ITAD providers, there is simultaneously the largest business opportunity the industry has ever had, as well as one of the greatest operational stress tests it will ever see. The provider that successfully navigates this will build long-term client relationships, expand its market share, and develop the infrastructure to prepare for the next decade. 

If handled poorly, an organisation can incur reputational damage, miss R2/e-Stewards audit cycles, and leave margin on the table. 

 The purpose of this guide is to help you properly handle your organisation’s assets. 

Looking at the Scope of the Work: Why This Refresh Cycle Will Be Different. Emphasizing surge volume management is crucial here, as it directly impacts operational planning and success. 

 It is nothing new for enterprises to refresh their hardware; they do so every 4 to 6 years. When that happens, however, the most important factor in determining the success of the new refresh cycle will be its simultaneous nature.  

Typically, during a refresh cycle, companies phase out their hardware based on lease terms and depreciation schedules. As an example, one of your major clients will phase out their equipment during the first quarter, while your other major client will phase out their equipment during the third quarter. Separating the refresh schedules will allow ITAD providers to complete their inventories before the next inventory cycle begins. 

There was no ability to stagger the phases of the refresh cycle that resulted from the Windows 10 end-of-life event. Microsoft released its schedule that everyone in IT and across every enterprise was aware of. As all of the IT departments were looking at the same schedule, and when all of them, for the most part, added purchases (when many of them purchased large quantities of devices in 2020 and 2021 to equip the workforce with remote devices) at the onset of the pandemic, and then trying to remove the devices at the end of the 12–18 months will create two waves of devices reaching the end of their service lives within that same window of time. 

Important Statistics:

Microsoft Windows 10 had about 1.4 billion users at its peak. Estimates suggest that between 240 million and 300 million commercial devices do not meet the TPM 2.0 or processor requirements for Windows 11, so they are too old to run it. Therefore, the number of devices that ITAD providers can capture, even within a compressed time period, is an extraordinary operational challenge. 

In addition to the sheer volume of these devices, other factors will compound the operational challenges faced by ITAD providers. The age of the devices will diminish their resale value. The devices being retired from Windows 10 were primarily purchased between 2016 and 2019, making them 7-9 years old. Even the devices that will still function properly will not have much market interest. Recognizing these challenges can help you plan effectively and feel supported in managing expectations, especially when a greater percentage of device volume will be allocated to recycling rather than remarketing. 

Client expectations have increased. Clients, particularly large enterprises that make up the majority of ITAD service buyers, have evolved as sophisticated buyers. Clients are now expecting real-time tracking portals to see where their retired assets are, certified data destruction with serialized certification, reporting that aligns with ESG requirements for sustainability, and accountability documentation for the chain of custody of assets throughout the downstream flow for audit purposes. Meeting client expectations at three times the volume will create unanticipated operational challenges.   

The regulatory burden has also increased, with the number of violations in recent audits highlighting the need for strict compliance. The R2v3 and e-Stewards standards have increased, and data destruction regulations at the state level have multiplied in the United States. 

The European Union’s WEEE regulations have undergone some changes in recent years. These changes will affect how ITAD providers operate as they process devices at surge volumes, ensuring compliance and completing all processing tasks simultaneously. 

Building The Operational Capacity To Handle Surge Volume  

ITAD providers need to be completely honest about the limitations of their existing processing capabilities—meaning they need to be aware of what they can actually process professionally. This adherence means they want to ensure they can process devices without compromising data security, the chain of custody documentation, or the quality of the processed devices. 

Logistics and Delivery 

Typically, the intake operations of ITAD providers experience their first increase in burden during peak volumes. Processing lines created to handle normal volume will find themselves blocked in processing lines when clients ship ten (10) times the number of devices to them, and the devices are arriving in shorter lead times. Therefore, providers must work to invest in several operational areas simultaneously to prepare for this type of surge. 

• Full-scale Flexible Warehouse Capacity: Consider some form of partnership arrangement for short-term third-party warehousing before you experience the peaks, rather than during. Having a signed agreement with the partner before the surge allows you to absorb the surge without turning clients away or creating a backlog of devices at the time of receipt, thereby extending the time clients’ devices are exposed to security risks. Planning ahead can help you feel more in control during unpredictable surges.
• Make an investment in automation for intake processes: Utilise conveyor-fed scanner stations to automatically capture your assets, and implement a digital intake manifest that interfaces directly with your ITAM solution.    
• Establishing dedicated client staging areas. Commingling devices from several clients during intake creates a chain-of-custody risk that can be closely scrutinised by auditors, as well as a challenge to maintain separation between devices as their volumes increase. Design your intake floor with client staging zones that are clearly defined and include measures to enforce separation through your tracking solution and not solely through physical space.    

Data Destruction at Scale 

Data destruction is the most important component of every ITAD engagement, and it is also where quality failures occur most frequently under high-volume pressure. It is essential to stress-test all aspects of your data destruction processes (overwriting throughput, degaussing capability, physical destruction rates, and certificate generation workflow) against your projected surge volume, not just at normal operating volumes.    

Key Consideration 

Many ITAD Providers do not account for the bottleneck in certificate generation. Certificates of data destruction must be serialised and tied to the individual asset record, verified by an unattended method of destruction, operator ID, and date/time of destruction. Manual certificate generation processes that are acceptable as part of normal business volume become severe bottlenecks as you attempt to provide certificates at 5x your normal business volume. Invest in automated certificate generation integrated with your ITAM system before an anticipated surge in work.  

For functional drives, the best practice is to continue using software-based overwriting as your most flexible option. 

Verify that your overwriting solution license validity supports concurrent sessions equal to your peak load. Document the overwrite standard used (e.g., NIST 800-88, DoD 5220.22-M, or as specified by client). Use automated reporting for drives that have failed overwriting, rather than relying on a technician’s judgment.   

Your physical destruction capacity should be adequate to accommodate all drives that have failed software overwriting, whether by shredding or crushing. On average, 8-15% of storage devices will fail or will be unable to be reused due to physical damage during a typical enterprise refresh cycle. Therefore, if your project has 100,000 devices, you should prepare physically destroy 10,000 to 15,000 drives. Know your shredder’s capacity, then factor it into your planning and schedule additional shredder capacity if required.   

Staff 

Staffing is where most companies (especially ITAD companies) experience their greatest “surge-failure” within their workflow. Certified data security technicians are not interchangeable with general warehouse staff (i.e., do not assume they can do the same tasks). They require training in data security, handling protocols for each device category, and the rules governing documentation for the certification of processes.   

Develop your staffing strategy around a tiered structure: a core group of fully certified data security technicians who perform data destruction and quality signoff, and trained ancillary staff to handle data intake, physical sorting, aesthetic grading, repackaging, logistics, and all other required tasks. This method enables you to effectively balance your labour-intensive workflow (for example, physically separating devices) while still upholding the certified processes associated with your enterprise. 

The High-Volume Issue of Data Security Compliance: Where Providers Screw Up   

Data security is a key client requirement for ITAD providers. Still, more importantly, it is an overall risk for any company that has the opportunity to cause a single data breach by not following procedures properly during an ITAD process. At high volumes, the risk of losing or having a gap in the transmitted data is much greater.   

Three Common Failures Related to Data Security Compliance at High Volume 

•  Inadequate Chain of Custody for Devices while in Transit: When an employee of the logistics provider picks up a device from a company’s location, the Chain of Custody should be completed in real time, versus being reconstructed after the fact. Make sure to GPS-track, seal, and record the device container. Scan the electronic manifest at both pickup and delivery to the customer. Include liability for any breach of the chain of custody in the contract with the logistics provider.
• Shortcomings Related to Overwrite Verification of Data: When the ITAD provider is processing a very high number of devices, it will be tempting to sample verify that overwrite has occurred versus each device. This method can put the ITAD provider at risk of noncompliance with the overall NIST and R2 requirements, and will constitute a breach of the customer’s contract and agreement. Verify that overwritten devices are automated, so the decision to complete overwrite is not left to human factors under pressure to meet high volume.
• Vendor Qualification Failures Downstream: ITAD providers outsource the processing of devices they can process internally to third-party downstream vendors. 

The surge in volume impacts the downstream supply chain’s ability to deliver through compliance. Have you recently validated your downstream vendors’ certifications? Have you signed data security agreements with each of your downstream vendors? Does your auditor know the inclusion of your downstream vendors in your chain of custody? Missing any of this information could affect your ability to remain certified.   

Documenting Infrastructure 

To ensure a complete, accurate audit trail from intake to disposition, each device processed through your facility must have a date-stamped, tamper-proof audit trail. With the increased volume, the performance and reliability of your ITAM system and related documentation will need to be tested and validated for database performance, storage, and export capability based on your estimated peak surge volume; this includes the integrity of the auditable device(s) process through your facility. 

One simple thing many providers forget to do is inform their compliance teams and certifiers of their volume estimates before experiencing a surge in volume; therefore, your auditor needs to know in advance if you anticipate a tripling or quadrupling of your throughput so they can prepare to conduct an audit accordingly. Surprises during an audit can be unwelcome.   

Remarketing Old Devices 

The very uncomfortable commercial reality of the ITAD industry and the remarketing of whole units.  

An entry-level laptop manufactured in 2016 with an Intel Core i5 CPU and running Linux will attract low-end purchasers in developing regions. Still, it won’t be financially viable to sell to enterprise customers or general consumers who expect the latest technology. 

The devices with usable secondary markets are from Lenovo ThinkPad, Dell Latitude, HP EliteBook, and similar commercial brands, all made between 2018 and 2020. Aggressively pursue these. 

Diversification of Channels 

IT asset disposition (ITAD) companies that depend exclusively on one or two channels of remanufacturing/re-marketing to generate secondary-market revenue will find these channels saturate quickly as demand surges. Become proactive and diversify.   

• Direct to Institution – Public school districts, non-profit organizations, libraries, governmental institutions, etc. often have access to grant funding or predetermined budgets which incentivize them to purchase working older equipment at discounted prices. Building these types of relationships takes time, so begin developing relationships today.

• Export Markets – Secondary markets in Southeast Asia, Sub-Saharan Africa, Latin America, Eastern Europe, etc., absorb large volumes of older commercial-grade hardware. Verify that all export documentation, data erase verification, and audit trails are compliant with the import requirements of your target export market, and verify that all export compliance requirements for e-WASTE under paragraph 3 meet the European Union’s (EU) Basel Convention requirements.

 Recovering value from functional components such as RAMs, SSDs, CPUs, displays, and batteries can yield profit when companies cannot sell the device as-is. These parts harvesting activities will involve a significant investment in additional processing infrastructure, but the potential to improve blended recovery rates for older device cohorts can be substantial.    

Using online auction platforms, B2B IT equipment auction providers enable sellers to liquidate large volumes of similar IT assets to a broader buyer pool without developing and maintaining one-to-one relationships with each buyer. The efficiency of auction platforms is enhanced when selling similar IT assets with similar conditions and documented specifications.  

To achieve the best resale return on your IT assets, your organisation must consistently provide accurate cosmetic grading. If you undergrade your asset(s), you will realise lower recovery rates than you should for your asset(s). If you overgrade your asset(s), you will create buyer disputes, returns, and damage your reputation as a trusted asset seller. However, when dealing with the volume of IT assets typically traded in the current marketplace, it is very common for grading quality to suffer unless you implement specific measures.   

• Consistent lighting at visual grading reference stations: Standardised lightbox stations greatly reduce the grading inconsistencies that result from the various forms of inconsistent lighting.  

• Photographing all assets at the grading station: Taking photographs at the time of grading will create an electronic audit trail of each asset and provide documentation to help resolve buyer disputes and train new graders against your grading standards.

• Periodically conducting inter-rater reliability assessments: Performing an inter-rater assessment in which two graders independently grade the same asset and then reconcile any discrepancies, in addition to tracking your graders’ grading consistency on your operational KPIs, will greatly help enhance the overall grading quality at your company.

Device Age vs. Remarketing Strategy: A Quick Reference 

 Utilizing the Company’s Compliance to Customer Value Proposition through ESG Reporting and Sustainability 

The growth of sustainability reporting within companies has advanced very rapidly in the last three years. Corporate IT departments are increasingly required to report their environmental impacts from IT disposal processes to their CFOs and sustainability officers. Companies that can provide accurate, audit-ready ESG reports are winning contracts from those that cannot. 

What Enterprise Clients Need from ITAD Providers to Do Their Sustainability Reporting 

• CO2 Equivalent Emission Savings From Device Reuse vs. Manufacturing a New Device
• Tonnes of E-Waste Diverted From Landfill or Incineration
• Verified Recycling Percentages by Material Type for Downstream Recycle Centers
• Percentage of IT Devices Remarketed vs. Responsibly Recycled
• Certification and Downstream Vendor Certifications Webpage
• Social Value Metrics: Number of Devices Donated and Communities Served.  

If you cannot generate these metrics directly from your processing system, you are leaving significant value for your client on the table. Depending on how your client’s sustainability reporting obligations change over time, you could potentially lose your contract to another ITAD provider that can provide ESG metrics directly from its processing system.  

Opportunity: The largest ITAD refresh cycle in history is also the biggest opportunity for creating impactful ESG Impact Reports.  

For every device that is remarketed instead of repossessed or recycled, there is an associated CO2-avoidance benefit to the environment, as it avoids the need to manufacture a new device. You should quantify this for your clients’ reports and help them communicate it in their sustainability disclosures, as part of positioning your service as a sustainability enablement service (not just a compliance box). 

 Please set expectations with clients regarding communication during peak season. 

 A common and easily avoidable failure experienced by ITAD providers during high-volume periods is failure to communicate effectively with enterprise clients, sending out up to three times the number of devices. Since clients often do not realize they are putting pressure on your operations, the damage to the relationship caused by unmet SLAs, delayed certificates, or unresponsive account managers can persist longer than the spike in shipment volume. 

 As a best practice, ITAD providers should proactively inform clients of any capacity constraints and changes to lead times. If processing lead times are extending because of increased volume, you should proactively notify your top clients before they ask. Provide an estimated timeline for device processing and details on how you will manage the increase in volume. Clients who receive information from you proactively will build loyalty towards your services, while clients who feel surprised will look elsewhere. 

Visibility through Client Portal  

Real-time tracking portals have evolved from something that offered distinguishing features to an expected foundation offering for large enterprise customers. During volume periods, the value of client portal visibility becomes increasingly significant. Clients experiencing a real-time view of their device inventory’s movement through the processing phases reduce client anxiety regarding their compliance risks and mitigate their frequent status inquiries to your account team. 

 If your client portal does not have real-time device tracking, you should invest now to include that capability before the next surge, rather than as an after-the-fact recommendation.  

 Renegotiate SLAs  

If your normal processing impacts your timelines genuinely during your next peak volume period, you should renegotiate the SLAs with your enterprise clients before exceeding those timelines, rather than after. Most enterprise clients will generally accept extended timelines, but only if negotiations are carried out professionally and with plenty of advance notice. They will not accept an SLA that has exceeded, followed by retrospective explanations.  

Technology & Automation: Surviving the Surge 

Those ITAD providers who can navigate this refresh cycle effectively will not necessarily be the largest, but they will be the most automated. At higher surge volumes, manual processing methods, including paper- and spreadsheet-based processes, quickly become liabilities. 

By investing in IT asset management (ITAM) platforms, automated asset tracking, integrated data destruction verification, and digital certificate generation, businesses will be able to process more volume with fewer compliance errors and at lower per-unit costs. 

 Key Technology Investments to Achieve Scale 

• Integration of ITAM Platform: The asset tracking solution must be able to manage the entire asset lifecycle from intake scanning to final disposition without requiring manual data entry at any stage of the process. Manual re-entry creates points in the process where there is a risk of error, as well as increasing the time it takes to complete the process. If you are utilising multiple, disconnected systems for intake processing, data destruction, and remarketing, the increase in volume associated with your IT asset management process will test the limitations of these systems and expose gaps.
• Automated RFID and Barcode Scanning: For every event in relation to Device Touch, there should be a timestamped record created in the system without requiring the technician to input this data into a spreadsheet manually. You should invest in an automatic scanning infrastructure.
• Integrated Reporting of Data Destruction: Your data destruction solution needs to automatically provide the results of a data destruction process to your ITAM system without requiring any manual action; thus allowing the ITAM system to automatically generate draft certificates requiring only review and authorisation as opposed to having to create each certificate manually. As device volumes increase 10-fold, manual certificate creation will no longer be an option.

Client Portal Integration: An API that connects your client’s IT Asset Management (ITAM) or Computerised Maintenance Management Systems (CMMS) with your disposals platform enhances customer ease of use and provides a competitive edge through its functionality. Clients want to see their equipment in their ITAM or CMMS without having to reconcile the data manually; as such, they remain loyal to vendors that offer this integration. 

• Automated Listings & Pricing: Devices listed for sale on remarketing channels are quicker to turn into cash when there is a system in place to pull device specifications from ITAM and push those specifications to the remarketing channel. During peak sales periods, an automated approach will help you turn your inventory quickly and efficiently.

Opportunities for Specialisation Events have provided a basis for all ITAD providers to develop specialisation opportunities, enabling them to offer customers a distinct competitive advantage that can endure over time.    

You can develop additional areas of expertise within your organisation and gain market share through these events. 

Sector Expertise: Healthcare, Banking & Finance, Legal, and Public Sector. Customers have specific device-disposal needs that exceed the average enterprise’s requirements. They include specific data shredding requirements, additional chain-of-custody procedures, and industry-specific compliance documentation. Specializing in one vertical allows you to secure long-term repeat business that cannot be easily commoditised. 

• Management Refresh Programs: Instead of waiting for customers to contact you regarding device disposal, start offering managed refresh programs. You will track their devices’ ages, predict when they need to be collected, and schedule their disposal in coordination with their device purchasing cycle. This process will elevate your status from transactional vendor to strategic partner.

• Data Destruction Consultation Services: Many enterprise-level IT departments are upgrading their data destruction policies and procedures as part of their refresh cycles. ITAD solution providers that provide consultative advice on data destruction procedures, policies & standards selection, and compliance documentation requirements will develop long-term relationships with their customers. 

Building Infrastructure for the Next Refresh Cycle   

The current refresh cycle will eventually come to an end. Those ITAD solution providers that invested in processing capabilities, technology, people, and customer relationships during this surge will look very different from those who just made it through. 

AI workstation upgrades, moving away from x86 architecture for enterprise computing, and eventually refreshing the devices that organizations are buying now and will replace their Windows 10 devices, will create volume peaks in the future. So don’t just focus on the present; build for the future as well.   

ITAD Surge Readiness Checklist   

This checklist will help you evaluate your organization’s readiness for large-scale ITAD operations: 

Conclusion

 The largest IT refresh cycle in history isn’t something that will happen in the future; it’s happening today, and there is still more to come. For ITAD vendors, the questions are whether the volume will arrive at your facility; whether your operational, technology, compliance, and client relationship capabilities are ready to meet the standards your clients expect and require certification. Those providers who approach this event with solid operational discipline, transparent communication to their clients, and strategic investment in automation will emerge from this surge with a stronger business than they entered. They would have improved their workflow through real-time experience, developed deeper client relationships that have enabled them to perform under high pressure, and created a foundation to turn a cyclical event into a sustainable competitive advantage. 

Trying to handle the increased volume the same way you have in the past will make it more challenging than you think to manage your ITAD (Information Technology Asset Disposition) operations. The quality issues that arise in ITAD are permanently damaging to the service and your relationship with customers — one incident of inadequate data security or a history of missing SLA (Service Level Agreement) times is enough to destroy years of establishing mutual trust.