So far this is the advice I have for you
My advice here is to charge them for the parts needed (RAM, hard drive, external media, etc.) and tack on a fee to purchase them if you select and purchase parts.
I would have 2 pricing structures:
- Flat rate for a common job
- Typical job time+ Part cost+additional cost on top of the base price (the base price and added cost are put into a single line)
- For difficult or complicated jobs WITHOUT a predictable average, hourly rate plus parts.
- Most techs charge $75/hour, but this varies and some charge less. It depends on the area and tech, but this is the generally accepted hour rate. Charge what you think is ideal for an hourly rate rather then follow an industry baseline if this is too high for you.
What I will do for budget conscious clients is allow them to buy the specified parts and only charge labor. The catch is I'm not responsible for the parts they purchase and make them sign a waiver stating that they have to deal with the manufacturer if something happens (unless it's your fault). Once they arrive, the client arranges a day to do the job.
I've also done some unconventional things like accepting the old hardware in exchange for a discount if the system is being replaced, just to name an example. While I am open to this I only accept it for this if it meets a few requirements I don't budge on:
- The system is worth enough to bother (at least $100)
- The hardware needs to be relatively modern (At least Ivy Bridge)
- No BIOS passwords. No exceptions here whatsoever (even if I KNOW how to remove it).
- No serious hardware issues
- Missing hard drives are fine, but I NEED to see the SATA bus works if at all possible.
If you consider it, you will get paid and get a system you can use for yourself or a project. This is one of the ways I acquire hardware for my guides as well, just to name an example. Most of my equipment is acquired this way and what I get depends on the client and area (but I get more laptops then desktops at this point). A lot of this hardware is good but is just a few years old and can still be used. It's usually due to an upgrade rather then a hardware fault.
DO NOT cover parts this way; labor only. There's a chance the system has a hardware issue that's beyond repair, multiple hardware issues or a BIOS password you can't get rid of without hardware or a motherboard (mainly 2010+ Inspirons with the Dalles EEPROM, ThinkPads and ToughBooks). In many cases, these systems are scrap due to the cost to fix it rather then repairing it.
ONLY do this if you have to... You're assuming liability for their data. Either put it on media they own and authorize you to use or use a drive (USB drive or external hard drive) you buy and bill them for (Cost+acquisition cost). Pay for it in cash and give them the receipt to make warranty easy for the client.
If you must use your own media, DO NOT use personal media. Wipe it to the extent you can after you use it with a full drive erasure at some point as well.
This is how I deal with it; take what you want from here. Base this on the risk factor you want to deal with.
- Home clients: I typically offer them a choice and let them decide as these systems are generally less of a concern on the client end (on your end, treat them as you would anyone else in terms of security). It largely depends on the client, so offer options. I offer these options to home clients:
- Drive erasure (No onsite)
- Drive removal and return (Onsite if needed)
If you get the drive, try and rescue the factory image before erasure. In some cases, OEM's pull the drivers after a certain amount of time so this may be your only option for weird drivers (Ex: HP does this when a system is ~10 years old on the consumer side).
For business clients, the game is different. Treat them accordingly.
- Standard business clients (no privacy law problems to be concerned with):
- Drive erasure (Onsite if required, but discouraged)
- Drive removal and return (Onsite)
- Most of these clients are likely to want the drive back for security, so learn how to pull it from common Dell, HP and Lenovo business systems.
- Privacy law clients (doctors, lawyers, etc.):
Yes, this is my only solution for these clients. I'm not equipped for certified erasure (nor want to deal with the headaches) so it's literally easier for me to pull it and tell them to put it in a safe or something equally as secure. Some of these clients WILL expect you to sign auditing paperwork; note you returned the drive to the client or have them do it. Standard procedures for normal business clients just do not work for these privacy laws.
In order to do certified erasure I CANNOT use ATA Secure Erase; I need to use a tool like Blancco and do a 4kb read test to certify an erasure. I do not want to deal with the cost to do this because it doesn't make sense for the quality you get out of a 3-5 year old hard drive left on 24/7.
- I do not guarantee 100% drive erasure to anyone. Outside of using them for target practice or drilling holes in the platters, this is not possible. I am upfront with clients about this and say this: I cannot guarantee 100% erasure, since it is impossible; retain or destroy the drive for 100% secure disposal. However, the methods I use (ATA Secure Erase and DoD Short) are nearly 100% secure.
- Be honest and don't sell them on false security. DoD Short uses 3 wipes+blanking, so while it's not the best it is the fastest in terms of balancing time and security.
- Most hard drives aren't worth salvaging. Many have high hours/power on counts or SMART errors.
- Most drives that I disqualify have heavy use or SMART problems. Determine what you are willing to tolerate and stick to that standard.
- DO NOT REUSE THESE DRIVES IN CLIENT SYSTEMS.