Whether you are a government, a retailer, financial or technology company, an educational or healthcare institution, or other industry organization, protecting your assets and the privacy of your information must always be top of mind. Today, more and more concerns are being raised about privacy with the widespread use of mobile devices in practically every corner of the planet. This means organizations have more pressure placed on their senior management than ever to take a highly responsible and secure approach to mobile phone asset recovery and recycling. In fact, many organizations might not even be aware that there are services available to assist in these areas.
The Records Information Management and Secure Data Destruction Industries are specifically focused on these areas of security and recycling, offering wireless asset recovery and recycling services designed to protect your wireless data. They are also focused on safeguarding the environment, while allowing organizations to turn used mobile technologies into new revenue. Finding these companies can be a challenge if you don’t know where to look, and that is where becoming a NAID member comes in.
What is NAID?
The National Association for Information Destruction (NAID) is a division of the International Secure Information Governance and Management Association™ (i-SIGMA™). It has been the international watchdog for the secure data destruction industry since the mid-1990s, instigating advocacy to set a standard of best practices.
NAID information destruction standards apply to both paper and electronic data. They are a consumer protection organization that examines information destruction service providers to ensure they have the proper qualifications to perform their services. They also continue to conduct research in the industry to meet the changing needs of consumers in order to refine processes. NAID works to enhance optics for the information destruction industry to improve recognition of the industry and the vital role it plays for all organizations. The association has over 2,000 member companies and strives to improve their sales efforts by offering compliance tools designed for all known data protection regulations.
What is the purpose of NAID?
NAID is the integrity and professional standards gatekeeper for companies in the industry. They understand that security of documents is only as strong as their weakest link. They try to meet the needs of senior management across organizations in all industries in the highly volatile information protection security field. Although laws vary, NAID helps to ensure organizations are doing everything in their power to safeguard personal information. This means that the destruction of documents and records cannot be taken lightly. This process requires careful attention to ensure everything is protected during the destruction process. If data destruction is not handled properly, it presents significant risk to personal information, and the reputation of the organizations who do not use secure destruction techniques.
Protecting Information
Today, it is impossible for organizations across all industries in both the public and private sectors to not have a strategy to store and manage personal information and data. This information requires not only secure storage, but safe record destruction following a strict policy. Even incidental business records should be protected. It is not enough to simply recycle. Instead, formal data destruction is a must. This information cannot be entrusted to internal personnel, but instead should be placed in the hands of a designated company to handle the process securely. NAID provides both a professional outlet for people requiring services, as well as a professional resource for proper training and certification of its members.
AAA NAID Certification
As the standard-setting body for the industry, NAID also provides certification. Certification is required across thousands of government and private services; however, the program is voluntary. This means that not all NAID members are certified. If it is necessary for you to use a company with AAA NAID certification, then you have to make sure the companies you consider have this designation.
NAID members with certification will undergo audits for mobile and/or plant-based operations for all data destruction services. This helps to ensure organizations are following data destruction best practices and allows companies in the industry to remain in good standing. The audits are both scheduled and unannounced to help members meet the regulations and laws protecting confidential information, as well as keep companies compliant with special contractual obligations they might hold with their customers. The rules and regulations vary based on the industry.
NAID Audits
Developed by highly respected information security professionals, the program is recognized globally by private and governmental organizations. The auditors for the program are Certified Protection Professionals from ASIS International. They undergo extensive training in order to ensure they are well versed in audit procedures and requirements. Their job is to ensure protocols are met, from handling to storage and transportation to the physical destruction of data. Precautions include a screening of individuals to ensure they do not have criminal records. The unannounced audit program keeps certified companies on their toes, as they know they can be audited at any time. This keeps companies motivated to remain compliant. Any company that is found non-compliant will see immediate action taken to ensure compliance is met. Fines and removal of certification is possible for those with repeat or more serious infractions.
Avoiding Fines and Penalties
Many industries have rules stipulating that consumer information cannot be disposed of without being properly destroyed. Civil penalties for misconduct can be applied, which is why it is so important for organizations to look for a NAID member provider. Some industries are extremely strict in their rules about data destruction, right down to hard copies having to be crosscut shredded or even incinerated. Locks are often required on data bins, and data contained on electronic media must use secure deletion, degaussing, and data wiping protocols. By working with a NAID-certified provider, you will have proof that you took every precaution to ensure you were following data destruction industry regulations. You reduce risk and prove you have acted in good faith to ensure all confidential and sensitive information was handled with care.
If you would like more information on data destruction services, call eCycle Solutions toll free at (888) 945-2611 or contact us here at our website.
Leave a Reply