We commit to:
- Provide Certificates of Destruction for all shredding performed.
- Provide documentation of an annual audit certifying the procedures employed by our firm for the destruction of documents and media.
- Provide locked security containers for the collection of all documents to be shredded.
- Place and lock your confidential material in our secure containers when handed to us. They will always be accompanied by one of our staff members until they have been shredded.
- Shred all documents before leaving your location.
- Never touch your documents once they have been placed into our secure container.
- We will never separate your documents before shredding.
- Have the customer sign the required documentation provided by Secure Records Solutions at the end of the shredding experience.
We take seriously the responsibility for safeguarding our clients’ records in transit, transmission, storage, and destruction. In order to ensure we comply with regulatory bodies and laws across multiple industries, we hold several certifications of our facility, team members, and processes. We explain those accreditations in more detail below.
NAID AAA Certification for Shredding
The National Association for Information Destruction, Inc. (“NAID”) is the standards setting body for the information destruction industry. It is the only consumer watchdog association that audits the qualifications of data destruction providers. NAID has developed the AAA Certification Program, a voluntary program for NAID member companies. The AAA accreditation process establishes testing and auditing requirements for clients’ protection. The NAID AAA Certification verifies the qualifications of certified information destruction providers through a comprehensive scheduled and surprise, unannounced audit program. NAID reviews more than 20 areas of operational and security requirements including particle size, employee screening and training, transport, access control, video surveillance, procedures and record keeping. Companies must renew their certification each year. If a company has multiple locations, each location must pass the audit to be certified. NAID members who receive certification must specify the location certified in company literature when referencing the NAID Certification program.
SRS is NAID AAA certified in both plant-based and mobile shredding. SRS’s custodial services – records storage, online backup and scanning/images – are all certified as well.
Prism Privacy+ Certification for Storage
In 2020, SRS obtained the PRISM Privacy+ Certification. The PRISM Privacy+ certification is focused on secure records management. In order to obtain the certification, SRS passed a stringent audit that reviewed 10 different areas of the business, including organization and management control, information security policy, human resources, vendor management, environmental controls, physical access controls, logical access controls, electronic access, and network security.
Both the PRISM Privacy+ and NAID AAA certifications are considered the highest certification possible for their respective functions. In addition, both are now under the iSIGMA umbrella following the merger of NAID with PRISM in 2018. In fact, Chief Problem Solver Christopher Jones recently completed his term as President of iSIGMA and remains on the board of directors. Also, both certifications are subject to unannounced audits at any time.
Georgia Bureau of Investigation GCIC Accreditation
Secure Records Solutions is accredited by the Georgia Bureau of Investigation’s GCIC (Georgia Crime Information Center). This Accreditation allows SRS to handle the state’s most sensitive judicial and law enforcement records.
For more on the importance of these accreditations, watch this video.
How do these accreditations impact clients?
These third-party verifications enable clients to fulfill their regulatory requirements of due diligence for the safety and storage of sensitive information. This provides an additional layer of security and protection.
The Privacy+ and NAID AAA certifications meet or exceed requirements for the following organizations:
Health Insurance Portability & Accountability Act (HIPAA)
HIPAA was enacted in 1996 and the mandatory compliance date is April 14, 2003. All hospitals, doctors, pharmacies, health plans, medical billing companies and any other business entity involved in the healthcare industry must comply. The rules apply to all protected health information. The Standard for Privacy of Identifiable Health Information requires that covered entities put in place administrative, technical and physical safeguards to protect the privacy of protected health information. One example given of a safeguard for the proper disposal of paper documents containing protected health information is that the documents be shredded prior to disposal.
The Fair and Accurate Credit Transaction Act (FACTA)
In general, the Act amends the Fair Credit Reporting Act (“FCRA”) to enhance the accuracy of consumer reports and to allow consumers to exercise greater control regarding the type and amount of marketing solicitations they receive. FACT Act also establishes uniform national standards in key areas of regulation regarding handling and disposal of consumer information in the possession of all companies and organizations.
Economic Espionage Act of 1996 (EEA)
The Economic Espionage Act is a very powerful law which helps with the enforcement of properly handling information. This law is the first federal law that defines and severely punishes misappropriation and theft of trade secrets. However, according to this Act, the government will only protect companies who take “reasonable measures” to safeguard their information.
The Family Educational Rights and Privacy Act (FERPA)
The Family Educational Rights and Privacy Act (FERPA) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education.
FERPA gives parents certain rights with respect to their children’s education records. These rights transfer to the student when he or she reaches the age of 18 or attends a school beyond the high school level. Students to whom the rights have transferred are “eligible students.”
Federal Privacy Act of 1974
This law was established in 1974 to ensure that government agencies protect the privacy of individuals and businesses with regard to information held by them and to hold these agencies liable for any information released without proper authorization.
Gramm-Leach-Bliley Act (GLBA)
The Gramm-Leach-Bliley Act requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data.
Sarbanes-Oxley Act (SOX)
The legislation came into force in 2002 and introduced major changes to the regulation of financial practice and corporate governance. Named after Senator Paul Sarbanes and Representative Michael Oxley, who were its main architects, it also set a number of deadlines for compliance.
Federal Trade Commission (FTC) “Red Flags Rules“
The Red Flags Rule requires many businesses and organizations to implement a written Identity Theft Prevention Program designed to detect the warning signs – or red flags – of identity theft in their day-to-day operations.
American Institute of Certified Public Accountants (AICPA) SSAE No. 16 Type 1
System and Organization Controls (SOC) is a suite of service offerings CPAs may provide in connection with system-level controls of a service organization or entity-level controls of other organizations.
HOW CAN CLIENTS FIND OUT MORE INFORMATION?
Visit the iSIGMA’s member directory on its website and select Privacy + certifications. It will also show you if a provider has a NAID AAA as well. Currently, SRS is the only independent provider within a 200-mile radius of our Thomasville, GA service area to have both a NAID AAA and a Prism Privacy + certification. You can also look for this seal on any provider’s website. Remember, for a provider with multiple locations, each location must be individually certified.
Christopher Jones explains the importance of third-party verifications and accreditations in the video below.