01 / WHY THEY FAILThe failure is in the scope section
When ITAD RFPs go wrong, the autopsy almost always finds the same cause: the buyer didn't say precisely what the job was, so each bidder priced a different imaginary job. One assumed palletized single-site pickup; another priced forty-branch logistics. One included certificates per serial; another per batch. The bids arrive in different currencies, procurement compares the bottom lines anyway, and the award goes to whoever included the least — with the gaps surfacing later as change orders or, worse, as missing evidence. Everything below exists to prevent that one failure: making the bids land in the same currency.
02 / SCOPEReal numbers, or bidders will invent them
The scope section needs figures, not adjectives. Counts by device class — laptops, desktops, servers, monitors, loose drives, network gear, imaging equipment — estimates are fine, but state them. The data-bearing fraction, since serialized handling is the workload. Locations: how many sites, dock access, floors, and whether a remote/work-from-home fleet needs mail-back handling. Lock status: what share is MDM-enrolled or activation-locked, and who releases (why this decides both timeline and value). Destruction location: on-site witnessed, facility-based under seal, or split by media class (how to decide). Timeline: hard dates if they exist — lease end, audit — so bidders schedule against reality. Every blank you leave here returns as a pricing assumption you can't see.
03 / REQUIREMENTSEvidence as a hard requirement
State these as conditions of award, not preferences. Certificates of destruction per serial, naming the NIST 800-88 method used, reconciled to the intake manifest. Chain of custody: numbered tamper-evident seals, signed handoffs, seal verification at receipt, exceptions treated as reportable events. Certifications matched to what they actually cover — NAID AAA for destruction process, R2v3 for recycling and downstream accountability (what each certification covers) — plus proof of insurance. Downstream documentation for everything that doesn't remarket. Reporting: what documents arrive, when, in what format. The requirements section is where your future audit answers are being written; draft it as if the auditor is a co-author.
04 / PRICING STRUCTUREOne model, itemized, or the numbers mean nothing
This is the highest-leverage instruction in the document: mandate the pricing structure. Pick the model — per-device pricing with a defined treatment for scrap streams is the common choice for data-bearing fleets — and require every bid in that shape, with inclusions itemized: logistics, packaging, lock handling, certificates, reporting, and any minimums. State plainly that nonconforming formats are nonresponsive. Without this, one per-pound bid and one per-device bid will sit side by side looking comparable while describing different products (what each model incentivizes). Require value-recovery terms in the same breath: the split, the grading standard in writing, settlement timing, reporting cadence, and audit rights on the settlement.
05 / EVALUATIONWeighted criteria, published, decided in advance
Decide how you'll score before bids arrive, and tell bidders. ITAD's catastrophic failure modes are evidence failures — the drive that surfaces, the waste that traces back — and their costs dwarf any spread between quotes, so weight accordingly: evidence and process quality around 40%, certifications, insurance, and references around 25%, price around 25%, value-recovery terms around 10% is a defensible shape; the exact numbers matter less than committing to them on paper. Then apply the one-document test as a threshold check: require a sample certificate of destruction with every bid. Per-serial, method named, dated, reconciled — or the bidder has shown you their evidence culture before you've paid them anything.
06 / MISTAKESThe five recurring ones
Comparing across pricing models — solved in section 04; it can't be solved at evaluation time. Accepting “free” bids without the evidence chain — a bid funded by your resale value is a revenue-share bid and must be evaluated as one, with the split and certificates in writing (the economics of free). No written change process — counts will move on pickup day; decide now how deltas reprice, or the low bid renegotiates itself at your dock. Letting the incumbent write the spec — requirements drawn from one vendor's brochure disqualify better answers. Skipping references from your regulatory context — a healthcare buyer should hear from healthcare clients. The Vault's ITAD RFP template has all six sections pre-drafted — built to force the comparability this article is about — and the due-diligence guide covers everything the RFP hands off to the DDQ.
07 / FAQITAD RFP FAQ
What should an ITAD RFP include?
Six things, at minimum: a scope section with real numbers (device counts by class, media mix, locations, the data-bearing fraction, lock status); hard requirements for evidence (per-serial certificates naming the NIST 800-88 method, chain of custody with seals, downstream documentation); certifications and insurance; a mandated pricing structure so all bids arrive in the same model; value-recovery terms including grading standards and settlement reporting; and evaluation criteria published to bidders with a written change process.
Should we ask bidders for pricing in a specific format?
Yes — it's the single highest-leverage line in the document. If one bidder quotes per device, another per pound, and a third a flat fee with resale offsets, the numbers can't be compared and the cheapest-looking bid usually just includes the least. Mandate one structure (per-device with a defined scrap treatment is the common choice for data-bearing fleets), require every inclusion itemized — logistics, packaging, lock handling, certificates, reporting — and state that nonconforming price formats are nonresponsive.
How should we weight price against everything else?
Deliberately, and on paper before bids arrive. ITAD's failure modes are evidence failures, not price failures — the cost of a data or disposal incident dwarfs any spread between quotes — so mature evaluations weight security, evidence quality, and certifications at least as heavily as price. A common shape: evidence and process ~40%, certifications/insurance/references ~25%, price ~25%, value-recovery terms ~10%. The exact split matters less than deciding it in advance and scoring against it.
What's the fastest way to sort serious bidders from the rest?
The one-document test: require a sample certificate of destruction with every bid. A real certificate lists individual serials, names the sanitization or destruction method per NIST 800-88, is dated, and reconciles to a manifest. A vendor whose sample is a batch-level letter — “one pallet, destroyed” — has told you what their evidence will look like on the day you need it in front of an auditor. It's a two-minute check that predicts the entire engagement.