PROCUREMENT · RFPs

How to Write an ITAD RFP That Gets Comparable Bids

Most ITAD RFPs fail before the first response arrives: vague scope in, incomparable bids out, and the award goes to whoever included the least. The sections that make bids land in the same currency — scope, evidence, pricing structure, value terms — and the two-minute test that sorts the field.

By Brian Boynton Published 8 min read

STRAIGHT ANSWER

How do you write an ITAD RFP?

Force every bidder onto identical scope and one pricing structure. Give real numbers — device counts by class, media mix, locations, data-bearing fraction, lock status — and make evidence a condition of award: per-serial certificates naming the NIST 800-88 method, sealed chain of custody, documented downstream. Mandate the pricing model, itemize inclusions, publish weighted evaluation criteria, and require a sample certificate of destruction with every bid.

TL;DR

An ITAD RFP succeeds by forcing every bidder onto identical scope and one pricing structure — that's the whole trick. Give real numbers: device counts by class, media mix, locations, data-bearing fraction, lock status. Make evidence a hard requirement, not a preference: per-serial certificates naming the NIST 800-88 method, sealed chain of custody, documented downstream, settlement reporting on recovered value. Mandate the pricing model so quotes arrive comparable, itemize inclusions, and publish weighted evaluation criteria that don't let price outvote evidence. Then run the one-document test: a sample certificate of destruction with every bid.

  • Vague scope is the root failure — bidders price their assumptions, and every bidder assumes differently.
  • Nonconforming pricing formats should be declared nonresponsive up front.
  • Weight evidence at least as heavily as price; ITAD's disasters are evidence failures.
  • A written change process beats a vaguer quote — scope will move; decide now how it reprices.

01 / WHY THEY FAILThe failure is in the scope section

When ITAD RFPs go wrong, the autopsy almost always finds the same cause: the buyer didn't say precisely what the job was, so each bidder priced a different imaginary job. One assumed palletized single-site pickup; another priced forty-branch logistics. One included certificates per serial; another per batch. The bids arrive in different currencies, procurement compares the bottom lines anyway, and the award goes to whoever included the least — with the gaps surfacing later as change orders or, worse, as missing evidence. Everything below exists to prevent that one failure: making the bids land in the same currency.

02 / SCOPEReal numbers, or bidders will invent them

The scope section needs figures, not adjectives. Counts by device class — laptops, desktops, servers, monitors, loose drives, network gear, imaging equipment — estimates are fine, but state them. The data-bearing fraction, since serialized handling is the workload. Locations: how many sites, dock access, floors, and whether a remote/work-from-home fleet needs mail-back handling. Lock status: what share is MDM-enrolled or activation-locked, and who releases (why this decides both timeline and value). Destruction location: on-site witnessed, facility-based under seal, or split by media class (how to decide). Timeline: hard dates if they exist — lease end, audit — so bidders schedule against reality. Every blank you leave here returns as a pricing assumption you can't see.

03 / REQUIREMENTSEvidence as a hard requirement

State these as conditions of award, not preferences. Certificates of destruction per serial, naming the NIST 800-88 method used, reconciled to the intake manifest. Chain of custody: numbered tamper-evident seals, signed handoffs, seal verification at receipt, exceptions treated as reportable events. Certifications matched to what they actually cover — NAID AAA for destruction process, R2v3 for recycling and downstream accountability (what each certification covers) — plus proof of insurance. Downstream documentation for everything that doesn't remarket. Reporting: what documents arrive, when, in what format. The requirements section is where your future audit answers are being written; draft it as if the auditor is a co-author.

04 / PRICING STRUCTUREOne model, itemized, or the numbers mean nothing

This is the highest-leverage instruction in the document: mandate the pricing structure. Pick the model — per-device pricing with a defined treatment for scrap streams is the common choice for data-bearing fleets — and require every bid in that shape, with inclusions itemized: logistics, packaging, lock handling, certificates, reporting, and any minimums. State plainly that nonconforming formats are nonresponsive. Without this, one per-pound bid and one per-device bid will sit side by side looking comparable while describing different products (what each model incentivizes). Require value-recovery terms in the same breath: the split, the grading standard in writing, settlement timing, reporting cadence, and audit rights on the settlement.

05 / EVALUATIONWeighted criteria, published, decided in advance

Decide how you'll score before bids arrive, and tell bidders. ITAD's catastrophic failure modes are evidence failures — the drive that surfaces, the waste that traces back — and their costs dwarf any spread between quotes, so weight accordingly: evidence and process quality around 40%, certifications, insurance, and references around 25%, price around 25%, value-recovery terms around 10% is a defensible shape; the exact numbers matter less than committing to them on paper. Then apply the one-document test as a threshold check: require a sample certificate of destruction with every bid. Per-serial, method named, dated, reconciled — or the bidder has shown you their evidence culture before you've paid them anything.

06 / MISTAKESThe five recurring ones

Comparing across pricing models — solved in section 04; it can't be solved at evaluation time. Accepting “free” bids without the evidence chain — a bid funded by your resale value is a revenue-share bid and must be evaluated as one, with the split and certificates in writing (the economics of free). No written change process — counts will move on pickup day; decide now how deltas reprice, or the low bid renegotiates itself at your dock. Letting the incumbent write the spec — requirements drawn from one vendor's brochure disqualify better answers. Skipping references from your regulatory context — a healthcare buyer should hear from healthcare clients. The Vault's ITAD RFP template has all six sections pre-drafted — built to force the comparability this article is about — and the due-diligence guide covers everything the RFP hands off to the DDQ.

07 / FAQITAD RFP FAQ

What should an ITAD RFP include?

Six things, at minimum: a scope section with real numbers (device counts by class, media mix, locations, the data-bearing fraction, lock status); hard requirements for evidence (per-serial certificates naming the NIST 800-88 method, chain of custody with seals, downstream documentation); certifications and insurance; a mandated pricing structure so all bids arrive in the same model; value-recovery terms including grading standards and settlement reporting; and evaluation criteria published to bidders with a written change process.

Should we ask bidders for pricing in a specific format?

Yes — it's the single highest-leverage line in the document. If one bidder quotes per device, another per pound, and a third a flat fee with resale offsets, the numbers can't be compared and the cheapest-looking bid usually just includes the least. Mandate one structure (per-device with a defined scrap treatment is the common choice for data-bearing fleets), require every inclusion itemized — logistics, packaging, lock handling, certificates, reporting — and state that nonconforming price formats are nonresponsive.

How should we weight price against everything else?

Deliberately, and on paper before bids arrive. ITAD's failure modes are evidence failures, not price failures — the cost of a data or disposal incident dwarfs any spread between quotes — so mature evaluations weight security, evidence quality, and certifications at least as heavily as price. A common shape: evidence and process ~40%, certifications/insurance/references ~25%, price ~25%, value-recovery terms ~10%. The exact split matters less than deciding it in advance and scoring against it.

What's the fastest way to sort serious bidders from the rest?

The one-document test: require a sample certificate of destruction with every bid. A real certificate lists individual serials, names the sanitization or destruction method per NIST 800-88, is dated, and reconciles to a manifest. A vendor whose sample is a batch-level letter — “one pallet, destroyed” — has told you what their evidence will look like on the day you need it in front of an auditor. It's a two-minute check that predicts the entire engagement.