Take a Look Inside the NAID AAA Certification Process
As most of our customers know, we are proud to be a NAID AAA certified operation for on-site and mobile document destruction, as well as hard-drive destruction. But, did you know that our organization works year-round to ensure that we maintain the strict requirements of this certification as we work to improve and streamline our processes?
That’s right, our NAID AAA Certification requires us to keep information security top-of-mind in our organization, each and every day.
WHAT IS NAID?
The National Association for Information Destruction, NAID for short, is the international trade association for those organizations providing information destruction services. Their mission is to help promote the information destruction industry as well as the standards and ethics of its member companies. This organization developed and maintains the AAA certification process through a series of scheduled and unannounced audits of its members throughout the year.
Since September of 2009, Augusta Data Storage has been a NAID AAA certified service provider for secure document destruction, and in October 2016, we received the same certification for our hard-drive destruction processes.
THE NAID CERTIFICATION PROCESS:
These certifications come with a strict set of rules and requirements for various parts of our process and facility, from screening employees to maintaining restricted facility access, installing closed caption surveillance systems, documenting the destruction and more. When an audit takes place, whether announced or unannounced, there is a list of over 50 items that will be monitored to ensure the highest level of security is maintained within our operations.
Here is a snapshot of some of the items that make this certification process so robust:
EMPLOYEE REQUIREMENTS
- Employees handling records or hard drives for destruction must have an up-to-date employment history
- On-going drug screening and criminal background checks
OPERATIONAL SECURITY
- In-depth policies and procedures manuals for our destruction processes are required
- Employees must be trained on NAID-AAA compliant procedures for destruction and information handling
- Proof of destruction documents must be provided to all customers
- All collected materials must be protected from loss due to tipping, wind, or other weather conditions.
- Facility visitors must ALWAYS check-in and receive a visitors badge and be escorted by an Access Employee at all times.
- Items waiting for destruction must be kept in a designated secure, restricted access area.
- Monitored Alarm System on required destruction facilities.
- Closed Caption Surveillance with a backlog of 90 days of footage is required
THE DESTRUCTION PROCESS
- There are strict requirements for the final shredded size of paper going through our shred plants and mobile operations
- For hard-drives and digital media, specific information must be tracked and reported to the customer for proof of destruction
- Agreements for Reasonable Disposal of the Materials
- Transfer of Custody Documentation
COMPANY REQUIREMENTS
- Business License
- Proof of General Liability Insurance
WHY IS THIS CERTIFICATION IMPORTANT?
Apart from providing additional layers of security for your information throughout the destruction process, the NAID AAA certification process is specifically designed to meet a variety of the requirements outlined in the numerous laws and regulations developed to protect confidential customer and consumer information. These laws include:
- FACTA Final Disposal Rule requires the destruction of all consumer information before it is discarded. Covered entities must monitor compliance of any organization contracted to destroy consumer records.
- The FACTA Red Flags Rule requires audits of data-related vendors with access to personal information of customers.
- Under HIPAA, covered entities may be subject to civil penalties for misconduct of its business associates that lead to a security breach. Working with a NAID certified vendor reduces the risk.
- Business associates of covered entities must comply with technical, administrative and physical safeguard requirements under the HIPAA Security Rule. For more information on HIPAA, see “Common misconceptions about HIPAA and data destruction.”
- The media destruction specifications of PCI compliance require the following, all of which NAID certification requires and verifies:
- 9.10.1.a: Verify that hard copy materials are crosscut shredded, incinerated or pulped such that there is reasonable assurance the hard copy materials cannot be reconstructed.
- 9.10.1.b: Examine storage containers used for information to be destroyed to verify the containers are secured. For example, verify that a to-be-shred container has a lock preventing access to its contents.
- 9.10.2: Verify that cardholder data on electronic media is rendered unrecoverable via a secure wipe program in accordance with industry-accepted standards for secure deletion or otherwise physically destroying the media (e.g., degaussing).
[ Information provided by the National Association for Information Destruction ]
ENSURING CONTINUED SECURITY OF YOUR INFORMATION
The security of your information, whether paper or digital, should be a high priority for any business, especially in today’s world of increased data security threats. One of the best ways you can ensure that your information is safe is to work with third-party vendors who maintain the same belief in the value of securing information as you do.
As a long-standing member of NAID and a AAA Certified member, Augusta Data Storage recognizes the importance of maintaining the security of your information throughout the lifecycle of your paper and digital records. Our operation is designed to ensure that your records stay secure until they are completely destroyed, according to industry standards. Our employees are uniformed, trained, and insured to provide the maximum level of security and service when handling your confidential records.
If you are interested in learning more about our organization or how our secure destruction process can help you, contact us today.