Sustainable device management guide

Direct link: TBC
Responsible agency: Digital Transformation Agency
Last updated: 24 June 2025

This guide supports non-corporate Commonwealth entities (agencies) to sustainably dispose of devices as part of the end-of-life process for ICT devices. For the full guide, see [TBC].

Sustainable disposal of devices supports government’s commitment to minimise waste, promote a circular economy and enable digital inclusion through the reuse of government devices. The guide provides best practices for sustainable retirement or end-of-life management processes for ICT devices (devices), including:

• disposal by donation
• reuse
• responsible recycling. 

Whenever possible, device donation should be considered as the preferred option for disposal, as it supports both environmental sustainability and digital inclusion efforts. 

Scope

While this guide provides key considerations, agencies should ensure their steps comply with the latest requirements, particularly for data cleansing and security.

The guide provides advice for the end-of-life management of devices that are: 

• owned by non-corporate Commonwealth entities
• suitable for donation, reuse or recycling
• classified as end-of-life for government use
• under the support and maintenance provided by the manufacturer. 

These guidelines are for:

• accountable authority delegates
• chief financial officers
• chief information officers
• procurement teams
• business services or corporate teams
• legal teams.

State, territory and local governments may choose to use this guide for managing their devices at the end of their lifecycle, though are encouraged to review their internal policies in the first instance. 

The device types that are in scope, include: 

• Laptops: Government-owned laptops that are no longer in use or have reached their end-of-life for government purpose.
• Tablets: Tablets that are part of government ICT assets, including those suitable for donation, reuse or recycling.
• Mobile phones: Government-issued mobile phones that are ready for disposal, whether for donation or recycling.

Devices that are sourced through Device as a Service (DaaS) are out of scope. 

Apply the guidelines 

These guidelines offer sustainable device management advice with specific considerations for donation and reuse.  

Plan for device end-of-life during procurement 

Agencies should: 

• Identify and specify the end-of-life disposal method at the procurement stage
  • Evaluate the environmental impact of disposal methods and prioritise options that minimise harm and promote sustainability, such as donation.
  • Investigate leasing arrangements and consider buyback options, opening new opportunities to donate.
  • Align the donation process with policies supporting the circular economy and the reduction of e-waste, contributing to Australia's net-zero emissions target.
• Consider the whole-of-life costs in the procurement process, including decommissioning, remediation and disposal costs
  • Determine the value for money justification to be presented to the delegate to approve.
  • Complete and assess cost and benefit analyses, considering required resourcing and management of a device donation program.
• Engage with organisations that facilitate device donation
  • Engage with organisations using innovative end-of-life solutions that commit to reducing environmental impacts.
  • Embed requirements within contractual arrangements for suppliers to provide end-of-life management plans.
  • Select vendors that support ethical and sustainable device disposal and ensure these are reflected in contractual arrangements. 

Further information

Device end-of-life management is an important part of the overall procurement strategy – plan for how devices will be disposed of or repurposed during procurement. 

Refurbishing and reusing donated devices extends their lifespan, reducing the need for new electronic products. It helps significantly reduce waste, enhance the circular economy and meet environmental regulations. Agencies should consider the end-of-life management as part of their overall device procurement strategy. 

Resources

• Commonwealth Procurement Rules
• Environmentally Sustainable Procurement Policy
• Sustainability Procurement Guide

 

Ensure security and sanitisation of devices before donation

Agencies must: 

• Implement a thorough sanitisation process involving multiple passes of overwriting data and verification.
  • Use approved sanitisation software to remove data from the device.
  • Ensure screens are inspected for burn-in and image persistence.
  • Document the sanitisation process, including the methods used and verification results.
  • Ensure removal of all security controls and encryption tools before handing over the device.
  • Ensure that the device is cleansed and no residual data remains before donation or disposal.
• Conduct a thorough risk assessment to identify any potential threats associated with the disposal process.
  • Maintain a record of the devices being donated, including the security measures undertaken prior to donation.
  • Implement protocols to handle any potential mismanagement by partners, including that partners are accredited and adhere to security standards.
  • Conduct a supply chain risk assessment that covers security standards and practices to ensure secure device transport processes are in place.
• Ensure that the condition of the devices are satisfactory for donation and does not pose any liability to the government.
  • Conduct a proper assessment during the refurbishment to ensure devices are safe and functional for donation and reuse.
  • Ensure devices are supported by the manufacturer with ongoing security and operating system updates mitigating the risk of scams, fraud, and data compromise.
• Adhere to the Protective Security Policy Framework (PSPF), including Requirement 0097 which mandates that technology assets are disposed of securely in accordance with the controls on the disposal of IT equipment outlined in the Australian Signals Directorate’s Information Security Manual.

Agencies should: 

• Consult with other departments and agencies to address any security risks associated with the donation of devices, such as the Australian Signals Directorate and Home Affairs.

Further information

Agencies are required to follow strict sanitisation requirements regardless of the end-of-life disposal option they are adopting. This ensures the security of government information.

When planning to donate or dispose of devices, agencies must safeguard data in compliance with security policies. This ensures all data is removed to prevent unauthorised access to sensitive information. Before donating or repurposing devices, agencies must inspect them to confirm that all security controls have been implemented correctly. 

This includes:

• the mandatory use of approved sanitisation tools and techniques
• adherence to structured protocols for data erasure
• verification of successful data destruction. 

Device cleansing options

Agencies have the option to self-cleanse their devices or procure the services of a partner organisation to cleanse the devices. Agencies must ensure proper sanitisation before relinquishing control. 

Proper sanitisation must take place before relinquishing control of a device, this includes sanitisation before any of the following:  

• donation
• disposal
• return under a leasing arrangement. 

Appropriate partner organisations

When choosing a partner organisation, agencies must ensure they meet all of the following requirements:

• they are based in and operate in Australia
• have the appropriate accreditation to handle the devices securely.

Agencies must assess and authorise the partner's ability to manage security classified data and perform sanitisation. These measures guarantee that no Australian Government data, especially security classified data, is at risk of compromised.

Resources

• Information Security Manual (ISM)
• Protective Security Policy Framework (PSPF)
• PSPF Release 2024 Requirements
• Guidelines for Information Technology Equipment

Comply with accountable authority instructions in the PGPA Act

Agencies must: 

• Ensure that a Minister or an official of a non-corporate Commonwealth entity is gifting relevant property (as defined in section 8 of the Public Governance, Performance and Accountability [PGPA] Act 2013) and confirm:
  • the property was acquired or produced to use as a gift; or
  • the making of the gift is: expressly authorised by law; or is authorised by the Finance Minister in writing; or is made in accordance with any requirements prescribed by the rules.
• Ensure that the gifting (donating) of devices aligns with the conditions set out in the ‘Disposals and gifting of relevant property document’ from the Department of Finance.
• Consider whether authorising in a particular gift/donation case would create an onerous or undesirable precedent.
  • Ensure the gift (donation) is publicly defensible and has objective grounds to justify favouring the person or organisation receiving the gift/donation, ahead of other potential recipients.
• Obtain a reasonable estimate of the market value of the relevant property proposed to be gifted (donated).
  • The delegate must use their discretion in assigning a notional value and must record the basis for determining the value of the property.
  • Follow the PGPA Act when disposing of relevant assets even when their depreciated value is $0.
• Involve legal, Chief Financial Officer or corporate functions as necessary.
• Engage with any social and partner organisations to facilitate the donation process and ensure that devices reach the intended recipients.
• Maintain accurate records and reports about the donation process, ensuring transparency and accountability in line with the PGPA Act requirements.
• Assess and mitigate any potential risks to the Commonwealth concerning liability for the use of the donated devices.
• Ensure that upon the gifting or disposal of their device that the agency will hold no further accountability.

Further information

When donating or disposing of Commonwealth devices, make sure the Public Governance, Performance and Accountability Act 2013 (PGPA Act) is followed to ensure proper use and management of public resources. 

Entities must ensure compliance with relevant accountable authority instructions and internal delegations. Section 66 of the PGPA Act sets out the circumstances where a gift of relevant property may be made by a minister or an official of a non-corporate Commonwealth entity. 

The Finance Minister’s ability to authorise gifts has been delegated to accountable authorities of all non-corporate Commonwealth entities. This delegation includes specific Directions in relation to authorising gifts. The latest version of the Finance Minister’s delegation to accountable authorities of non-corporate Commonwealth entities can be found on the Department of Finance’s website. 

Resources:

• Public Governance, Performance and Accountability Act 2013
• RMG-214 Disposals and gifting of relevant property
• Disposal and gifting of relevant property case studies
• Public Governance, Performance and Accountability (Finance Minister to Accountable Authorities of Non-Corporate Commonwealth Entities) Delegation 2022
• Public Governance, Performance and Accountability Act 2013 – SECT 107 Finance Minister
• Public Governance, Performance and Accountability Act 2013 – SECT 110 Accountable authority
• ACTS Interpretation ACT 1901 – SECT 34AAB Minister may authorise others to perform functions or duties or exercise powers on his or her behalf

Engage with social and partner organisations

Agencies must: 

• Ensure that upon the gifting or disposal of their device, the agency will hold no further accountability.
• Assess and mitigate any potential risks to the Commonwealth concerning liability for the use of the donated devices.
• Depending on the security and sanitisation steps being undertaken prior to relinquishing devices, ensure the partner adheres to required security standards.
• Assess capability and authorise the partner organisation's capability to handle classified data and perform thorough sanitisation.
• Apply PSPF Requirements for sharing security classified information with non-government stakeholders.

Agencies should:

• Research and engage with several not-for-profit organisations that facilitate device donation to ensure the best quality, price, and service tailored to agency needs.
• Understand the organisation’s history and previous successful device donation programs.
• Ensure the organisation has the infrastructure to handle the proposed scale of donations, including logistics and distribution networks.
• Carefully assess the needs of groups, such as low-income families, people in regional, rural and remote areas, individuals with disabilities, or First Nations communities, to maximise the impact of donated devices.
• Verify if the organisation can distribute devices within your desired regions, whether locally or globally and if any associated costs.
• Choose organisations that offer additional resources, such as those that provide:
• ongoing technical support and warranty for donated devices.
• reports and/or publish information on the use and impact of donated devices.
• transfer of title when devices are donated to minimise liability concerns.
• options for a trial period or an exit strategy, such as conducting a pilot program to test the partnership and process before making any long-term commitments.
• Select organisations that have robust e-waste recycling programs and partnerships with certified recyclers.
• Maximise the use of donated devices using partners who salvage usable parts from non-functional equipment.

Further information

There are a growing number of organisations dedicated to reducing the digital divide and promoting digital sustainability. Partnering with these organisations can advance your agencies’ sustainability and digital inclusion goals more effectively. 

By leveraging the expertise and networks of these organisations, your agency can deliver efficient refurbishment and distribution of devices to underserved communities. This enhances digital inclusion and eases the logistical burden on agencies. 

These partnerships contribute to environmental sustainability by reducing electronic waste through recycling and reuse initiatives. Selecting the right organisation for an agency’s device sanitisation and donation involves more than just handing over devices at the end of their lifecycle. It requires careful consideration of the organisation’s practices and overall impact in:

• data security
• reputation
• technical support
• sustainability.

By choosing an organisation with a comprehensive and ethical approach, agencies can ensure that donations make a lasting and positive impact.

Resources

• Corporate partnerships and charities | ACNC
• Governance Toolkit: Working with partners | ACNC
• PSPF Information Sharing

Meet reporting requirements 

Agencies must: 

• Meet the requirements of the Environmentally Sustainable Procurement Policy (ESP Policy), if procurement falls within scope.
• Understand at procurement what the end-of-life option is for the disposal of devices.
• Submit data, including device disposal details, to the Department of Climate Change, Energy, the Environment and Water (DCCEEW).
• Consider developing consistent reporting processes to effectively track the end-of-life status of devices.

Further information

Where procurements fall within scope of the ESP Policy, agencies are required to report on the end-of-life management of their device. 

Reporting must be in line with DCCEEW’s ESP Policy Reporting Framework. DCCEEW collects data on the number of assets disposed of, their reuse, and whether they are sold or donated. 

Resources

• ESP Policy Reporting Framework
• PSPF Section 11 - Information Disposal
• PSPF Section 13.7 - Technology Asset Disposal

Roles and responsibilities

Who	Roles and responsibilities
Australian Signals Directorate	The Australian Signals Directorate is responsible for:  the Information Security Manual which is a cyber security framework that an organisation can apply, using their risk management framework, to protect their information technology and operational technology systems, applications and data from cyberthreats.
Department of Climate Change, Energy, the Environment and Water (DCCEEW)	DCCEEW is responsible for administering the ESP Policy, including: providing guidance to support agencies and suppliers. building capability in environmentally sustainable procurement through education and advocacy. promoting and raising awareness of the policy. publishing whole of government performance against the policy. evaluating the policy's effectiveness using key performance indicators. creating performance metrics for procurement categories. assisting tenderers and suppliers in understanding policy requirements.
Department of Finance	The Department of Finance is responsible for:  managing frameworks and policies and providing advice to support the proper use and management of public resources. managing the Commonwealth Procurement Framework including the Commonwealth Procurement Rules and AusTender. providing advice to relevant agencies on the procurement framework.
Digital Transformation Agency (DTA)	The DTA is responsible for:  managing and maintaining the guide. providing guidance and support to agencies. promoting and raising awareness of the guide. leveraging DCCEEW's reporting framework to assess the effectiveness of the guide.
Department of Home Affairs	The Department of Home Affairs is responsible for: the PSPF, which mandates protective security requirements for all non-corporate Commonwealth entities, including on managing security risks in procurement and technology asset disposal.
Relevant Agencies	Relevant agencies are responsible for:  ensuring alignment to the ESP Policy and the guide. understanding at procurement what the end-of-life option is for the disposal of devices. Submitting data to DCCEEW which includes device disposal details.

Definitions

Term	Definition
Commonwealth entity	Has the same meaning as set out in the Public Governance, Performance and Accountability Act 2013.  The PGPA Flipchart is a reference of all non-corporate and corporate Commonwealth entities and Commonwealth companies.
Donation	Generally, a donation is understood as a gift given to a cause or organisation, often charitable, without expecting anything in return. For the purposes of Commonwealth entities, donations might be treated similarly to gifts, subject to the same rules and expectations for proper use and management of public resources.
End-of-life	"End-of-life" in this guide refers to the stage in a device's life cycle when it is no longer usable or needed for government use, and decisions are made regarding its disposal, recycling, or repurposing.  Manufacturers end-of-life is when tech companies cease providing software and security updates and the devices are no longer supported. We do not support devices being donated at the end of the manufacturer's life.
Gift	A gift refers to relevant property that is given to someone without payment.
Information	The PSPF defines information as: Physical documents/papers, electronic/digital data or intellectual information (knowledge) that is owned, managed or maintained by the entity. It includes details of methodologies, classified military/intelligence activities or operations, diplomatic discussions and negotiations.
Recycling	Recycling is the action or process of converting waste into reusable material.
Relevant property	Property (other than relevant money) that is owned or held by the Commonwealth or a corporate Commonwealth entity  Relevant property in this guide refers to all in scope devices even when its value has depreciated to $0, as section 66 would still apply.
Reuse	Reuse can have several definitions.  “Reuse” in this guide refers to devices are refurbished to be either donated or sold.  This gives a second life for the equipment. If devices are unsuitable for reuse, the device can still be recycled for parts.
Social organisation	Social organisations are organisations that operate with the primary goal of addressing social issues and improving community well-being. They often work in nonprofit sectors and focus on providing support and services to vulnerable populations. Examples include charities, nonprofits, and community groups. Reference to social organisation in this guide refers to organisations that facilitate the donation of devices to vulnerable community groups.
Partner organisations	Partner organisations are organisations that collaborate with other organisations (like government agencies) to achieve shared goals, particularly in projects requiring expertise or resources that a single entity may lack. Partners can be from various sectors, including private companies, nonprofits, and other governmental bodies. They play a crucial role in facilitating the implementation and success of joint initiatives. Reference to partner organisation in this guide refers to organisations where agencies have outsourced the sanitisation and cleansing process of devices.