Security FAQ for Finding a Document Management Company
The 2018 Cost of a Data Breach Study from IBM Security reported that the average cost, globally, for each lost or stolen confidential record is $148 per record. That comes out to a global average cost of $3.86 million per data breach. Over the last several decades, the need for secure data destruction has grown dramatically, both to satisfy client privacy demands on their confidential information and to meet increasingly stringent regulatory requirements. When searching for document management, shredding, or scanning companies, it may be hard to distinguish one company from another. After all, everyone says they are “the best” or “world- class” solutions. If your company handles secure information, it is not enough to simply hire the lowest bidder. You must do your own due diligence as part of your duty to your clients and their confidential information. How do you know who to trust?
SRS Chief Problem Solver Christopher Jones discusses our approach to security in this brief video.
In addition, we’ve put together answers to some of our clients’ most frequently asked questions to help assist you in your due diligence process:
How do I know my documents are secure?
At Secure Records Solutions, we don’t just say we’re secure. We have a NAID AAA Certification to back it up. SRS also carries the Georgia Bureau of Investigation (GBI)’s GCIC Accreditation, a partnership requirement for any vendors working with law enforcement and judicial organizations.
What does NAID AAA Certification mean?
The National Association for Information Destruction, Inc. (“NAID”) is the standards setting body for the information destruction industry. It is the only consumer watchdog association that audits the qualifications of data destruction providers. NAID has developed the AAA Certification Program, a voluntary program for NAID member companies. The AAA accreditation process establishes testing and auditing requirements for clients’ protection.
How does a company get NAID AAA Certified?
The NAID AAA Certification verifies the qualifications of certified information destruction providers through a comprehensive scheduled and surprise, unannounced audit program. NAID reviews more than 20 areas of operational and security requirements including particle size, employee screening and training, transport, access control, video surveillance, procedures and record keeping. Companies must renew their certification each year. If a company has multiple locations, each location must pass the audit to be certified. NAID members who receive certification must specify the location certified in company literature when referencing the NAID Certification program.
If I choose offsite shredding instead of onsite, will my documents still be secure?
Yes, SRS is NAID AAA certified in both plant-based and mobile shredding. SRS’s custodial services – records storage, online backup and scanning/images – are all certified as well.
Does your company meet HIPAA standards?
A NAID AAA Certification covers many of the Health Insurance Portability and Accountability Act (HIPAA) patient privacy standards. In addition, we undergo regular audits and staff training meet HIPAA regulatory standards.
What other regulatory groups are covered with a NAID AAA Certification?
A NAID AAA Certification also meets the regulatory requirements for the following:
- FACTA (Fair and Accurate Credit Transactions Act)
- Payment Card Industry Data Security Standards (PCI-DSS).
- FTC Financial Services Modernization Act
- Securities and Exchange Commission Reg S-P
How can I find out if my current provider is NAID AAA Certified?
It’s simple. The NAID website offers a tool to find either a specific vendor or all vendors within a geographic area. Simply filter by “NAID AAA Certified Members” to find accredited providers in your area. You can also look for this seal on any provider’s website. Remember, for a provider with multiple locations, each location must be individually certified.
Please let us know if we can answer any other questions as you conduct your own due diligence.
