Ingram Micro | Professional Services IT Asset Disposition (ITAD) John Redman | Ingram Micro Ted Tilden | US Micro July 19, 2013 Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 121202_1 Agenda ■ Introduction to IM Link ■ The ITAD Landscape ■ US Micro and US Micro Services ■ ITAD Best Practices ■ Selling ITAD Services ■ What’s in it for me? ■ IM Link Resources Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 121202_2 NEW! IMLink service providers services customers VAR Resellers MSP Vendors IM Professional Services Plan Benchmarking Assessment Planning Strategy Design Certification Pre-Sales Tech Support Implement Benchmarking Installation Configuration Tuning Testing System Integration H/W-S/W Upgrades Application Development S/W Customization Migration Manage Support Benchmarking Administration Asset Management Systems Management Performance Tuning Production Control Back-up and Archiving Replication Help Desk Remote Infrastructure Management Relocation Benchmarking Warranty Asset Disposition Break-Fix Hardware Support Software Support Business Recovery Training/Certification RecyclingRemarketing < I M L i n k > IM Reseller Partner Network IM Vendors Partner Network Staffing Partners Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 121101_3 Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 121202_4 Surveying the ITAD landscape In the news: Data breaches In 2012, the Identity Theft Resource Center (ITRC) documented 447 breaches in the United States, exposing 17,317,184 records. In the first half of 2013, there have so far been 255 incidents, exposing 6,207,297 records. Identity Theft Resource Center In 2011, data breaches in the U.S. cost companies $194.00 per compromised record. Companies in the computer software, IT and healthcare sectors accounted for 93 percent of the total number of identities stolen in 2011. Theft or loss was the most frequent cause, across all sectors, accounting for 34.3 percent, or approximately 18.5 million identities exposed in 2011. 2011 Annual Study – U.S. Cost of a Data Breach, Symantec In Defense of Data Through 2016, the financial impact of cybercrime will grow 10 percent per year due to the continuing discovery of new vulnerabilities. Gartner Top Predictions for 2012: Control Slips Away The average value of a lost laptop is $49,246 and the data breach costs represent 80 percent of the total cost of a lost laptop compared to two percent for replacing the computer. Encryption on average can reduce the cost of a lost laptop by more than $20,000. The Billion Dollar Lost Laptop Study, Ponemon Institute and Intel Corp. Data breaches are attracting greater public and government scrutiny California strengthened data breach notification requirements Secure and Fortify Electronic Data Act passed a House subcommittee in July 2011 Surveying the ITAD landscape 6 To Better Understand USM Value Prop, Best to Understand State of ITAD Industry Historically, industry dominated by small, regional firms, undercapitalized with very little infrastructure (site visits should be critical when selecting an ITAD provider) Recent industry consolidation has been healthy, with Arrow, Avnet and Sims being major acquirers Historically, very little regulatory oversight and minimal standards and certifications still exist (example to follow of a “certified” ITAD company) Most ITAD vendors employ “reverse logistics” to recover customer assets…scary and dangerous! Most ITAD vendors use the consignment model which shifts financial and legal risk to the end user customer (most technology assets have easy to determine values at end of life) Sub-contracting and Out-Sourcing remains rampant, even by the OEM’s (to include the most critical functions of asset recovery, data sanitization and ultimate recycling) U.S. Micro offers a broad range of capabilities to provide the most secure, cost-effective and environmentally responsible disposition process in the industry. Guaranteed price upfront – no consignment that erodes equipment value and adds numerous service fees. U.S. Micro electronically reconciles equipment inventory at your location to account for all assets intended for disposal and emails a real-time report while onsite. Only U.S. Micro- trained employees control every step of the process – no subcontractors. You receive a final, system-generated realtime report verifying data sanitization on each piece of equipment before we leave your location. Assets certified as data free – ONSITE AT YOUR LOCATION. Even though assets are free of data, shipping is still handled by highly trained U.S. Micro employees. 8 Overview of U.S. Micro & U.S. Micro Services U.S. Micro views reusing IT assets as the highest form of recycling. We refurbish approximately 85 percent of equipment for resale and donation. U.S. Micro conducts another, final inventory audit after assets arrive at its facilities to verify that all equipment originally marked for disposition is accounted for and to confirm all data was destroyed. In addition to reselling equipment, we offer customers the option to donate a portion of their refurbished equipment to causes of their choosing. U.S. Micro works with customers to establish Employee Eco-Events to encourage employees to bring their outdated personal IT assets to work for proper disposal. This program provides your employees a valuable service and engages them in environmental stewardship initiatives. U.S. Micro has a 100 percent no landfill policy and offers a full range of recycling alternatives. 9 U.S. Micro complies with all relevant environmental, health & safety laws and regulations, including all federal, state, and local requirements. U.S. Micro meets or exceeds R2, ISO 14001, and other such industry guidelines. Some of our certifications include: Responsible Recycling (R2) processor vs. collector ISO 14001:2004 Microsoft Authorized Refurbisher (MAR) Payment Card Industry (PCI) Data Security Standard compliant IDC G.R.A.D.E. certified SOC2-SM certified Norcross Group quarterly and annual forensic audits 10 Examples of recent large projects completed by U.S. Micro Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 121202_11 650 branch refresh project with 7 pass D.o.D wipe Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 121202_12 Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 121202_13 ITAD Best Practices 1. Ensure data destruction occurs onsite at your location • Destroy data before shipping assets offsite • Produce verification of data destruction before shipment • Avoid vendors who use third party shippers 2. Employ an electronic tracking system • Eliminate human error element with electronic tracking system • Track each piece of equipment from pick-up to disposition • Validate confirmation of the drive wipe before shipment 3. Data wiping is for trained professionals • Help establish stronger procedures & controls • Eliminate cost of training employees & managing ITAD process • Must be bonded, insured vendors with proven track records 4. Remember overlooked devices • Copiers, smart phones, fax machines, printers, scanners and USB drives can all hold sensitive information ITAD best practices 5. Refurbish & recycle Know what happens to your IT equipment downstream Commit to a 100% no landfill policy Refurbish & resell all viable equipment to extend lifecycle Partner with a vendor that can process e-waste in-house 6. Maximize your profit Negotiate an upfront purchase deal with a qualified vendor Avoid consignment models that result in eroded value of equipment & service fees 7. Risk reduction Do not simply reply on corporate policies/edicts “We are 100% encrypted.” “We wipe all data bearing assets ourselves.” “We use our install vendor to verify encryption or wipe the hard drives.” Do not rely on non-ITAD vendors and/or internal resources who are typically already strained 15 Potential account qualification questions Does your organization purchase or lease new IT hardware? If both, what assets are leased vs. owned? # of desktop PCs (“DT”) in the organization # of laptop PCs (“LT) in the organization # of tablets or smart phones in your organization How often does the organization refresh their DT and LT? Does your company encrypt all data bearing assets such as DT, LT or smart phones, etc? Does the organization have a policy that the asset needs to be wiped before the asset leaves the original user’s location? If the asset is required to be wiped at the original user’s facility – who wipes it – internal employee or external vendor? Do you currently use an IT Asset Disposition (“ITAD”) provider? Who is your current ITAD provider? Is your current ITAD provider either R2 or e-Steward certified? What other certifications do they possess? Does your current ITAD program provide a positive or negative cash flow for your company? Does the organization aggregate assets before they are disposed? If the asset is required to be wiped at the aggregated facility – who wipes it – internal employee or external vendor? How many total locations (original user locations and aggregated locations)? For “owned” IT assets, does your current ITAD provider purchase these assets outright, or sell them on consignment over time? Can the organization provide any historical data (reports) regarding volumes and monies returned/charged for previously disposed IT assets? Does your current ITAD vendor provide timely, accurate and auditable reporting, such as ROI, certificates of data destruction and physical destruction/recycling? How does your current ITAD vendor handle IT asset recycling for older assets and assets such as CRT monitors, batteries, etc that require EPA complaint recycling? Specifically, does your ITAD provider maintain physical facilities and machinery to process e-waste inhouse as opposed to contracting this function to downstream vendors? 16 Questions? Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 121202_17 IM Professional Services IM Link IM brokered solution provider network Standard hourly rates for labor services IT Staffing Services Permanent or temporary positions Flexible Staff Augmentation Solutions Onsite Professional Services Category and Vendor Specific Services SKU’s and Customizable SOW’s 3rd Party Warranty Services Private label product protection Variety of Coverage Options IT Asset Disposition Services Remote System Admin Services Secure and responsible disposal Removes liability for information Save a truck roll Outsource support and development System Integration Services Compliment Cloud Services sales Customizable to end-user environments Ingram Micro Training Academy Classroom or Online – guaranteed to run Can be resold to end users Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 121101_18 Getting Linked Up with IM Link For access to IM Link… www.ingrammicrolink.com For help with professional services sales opportunities, getting enrolled as a Customer of IM link, or help using IM Link… ProServices@ingrammicro.com 1 (800) 456-8000 ext 67247 To become an IM Link Service Provider… IMLink@ingrammicro.com 1 (800) 456-8000 ext 66686 | 1 (800) 235-4128 John.Redman@ingrammicro.com | x67014 Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 121101_19 Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 121202_20