After a disposal project is complete, reconciling your IT asset register against the disposal documentation is the critical final step that closes the loop. This reconciliation confirms that every device identified for disposal was actually processed, that the processing method matched the device’s security requirements, and that your register accurately reflects the current state of your IT estate.
Why Reconciliation Matters
Reconciliation is not just an administrative exercise. It is the process that confirms your data security obligations have been met for every disposed device. If a device appears in your register as “disposed” but does not have a matching destruction certificate, you cannot prove the data was destroyed. If a device was collected but does not appear in the processing report, you do not know what happened to it.
These gaps are exactly what auditors look for. Demonstrating a complete, reconciled record from asset register entry through to destruction certificate is the gold standard for data breach prevention through proper disposal.
The Reconciliation Process
Start with your pre-disposal inventory list, the document that recorded every device identified for disposal before collection. This is your source of truth for what should have been processed. Next, gather all disposal documentation from your ITAD provider: collection manifests, processing reports, destruction certificates, and remarketing records.
Match each device on your inventory list to a documented outcome. Every device should appear in one of these categories: data destroyed and certified (with individual certificate), remarketed after certified data sanitisation, recycled after data destruction, returned (for leased equipment), or excluded from disposal (with documented reason, such as reassignment to another use).
The device counts should balance. If your inventory listed 500 devices for disposal, you should have 500 documented outcomes. Any difference requires investigation.
Common Discrepancies and How to Handle Them
Discrepancies between the pre-disposal inventory and the processing documentation fall into several categories. Missing from processing means a device was on your inventory but does not appear in the provider’s reports. This is the most concerning discrepancy because it means a data-bearing device is unaccounted for. Investigate immediately by checking whether the device was mistakenly held back, if it was missed during collection, or if there is a reporting error.
Extra devices processed means the provider reports processing more devices than were on your inventory. This typically indicates that additional devices were found during collection (from desk drawers, storage areas) that were not on the original list. Update your register to include these devices and their disposal records.
Serial number mismatches occur when a device appears in both the inventory and the processing report but with slightly different identifying information. These are usually data entry errors and can be resolved by cross-referencing other identifying details like make, model, and asset tag.
Condition changes happen when a device listed for remarketing was diverted to recycling because it failed functional testing, or a device planned for software wiping required physical destruction because the wipe failed. These are legitimate processing decisions but should be documented and reflected in your register.
Updating the Asset Register
Once reconciliation is complete and all discrepancies are resolved, update your asset register to reflect the current state. For each disposed device, record the disposal date, the disposal method, the reference number of the destruction certificate or processing report, and the ITAD provider who performed the work.
Change each device’s status from “end of life” or “pending disposal” to “disposed” with the relevant details. This creates a clear historical record that can be retrieved if questions arise in the future.
Also update your register for any discoveries made during the disposal process. If the physical audit found devices not previously registered, add them. If registered devices could not be found, investigate and either locate them or flag them as missing with an explanation.
Automating Reconciliation
For organisations with large or frequent disposal volumes, manual reconciliation using spreadsheets becomes time-consuming and error-prone. Asset management platforms that integrate with your ITAD provider’s systems can automate much of the matching process, flagging discrepancies for human review rather than requiring manual line-by-line comparison.
Even without full automation, using consistent identifiers (serial numbers as the primary key) and standardised data formats between your register and your provider’s reports makes reconciliation faster and more reliable.
Ongoing Register Hygiene
Disposal reconciliation is also an opportunity to clean up broader register issues. Use the insights from reconciliation to identify and fix systemic problems in your asset management practices. If you consistently find unregistered devices during disposal projects, your registration process needs strengthening. If devices are frequently in different locations than the register shows, your transfer tracking needs improvement.
Treating reconciliation as a learning exercise as well as a compliance requirement makes each disposal cycle contribute to better asset management overall.