Why You Should Care About NAID® AAA Certification

NAID Certification

With data breaches and identity theft on the rise, businesses and their customers face constant reminders of the consequences of poor data management.

To counter this growing threat, many businesses are investing heavily in security and infrastructure to ensure that their sensitive data is properly protected.

However, processes for properly destroying unnecessary data when it is no longer needed are often overlooked, creating a significant gap in data security.

One easy way for businesses to fill this gap is to hire a third-party information destruction company to oversee the proper disposal of unnecessary data. Hiring a professional moves the responsibility off the shoulders of the business onto the provider, an excellent option for businesses that need secure information destruction on demand but lack the staff, equipment, or expertise to do the job themselves.

But how do you know if you can trust your service provider with your sensitive documents? After all, handing over your records to a complete stranger is a harrowing experience.

NAID® AAA Certification is the answer. In this article, we will explain everything you need to know about NAID, their AAA Certification program, and why you should choose a AAA Certified information destruction service.

NAID Certified Logo
NAID Certified Logo

Who is NAID?

NAID (The National Association of Information Destruction) is a non-profit trade association responsible for setting standards and best practices for the information destruction industry. 

Established in 1992, NAID’s stated mission is to educate the public about the importance of properly destroying sensitive data, and to convey the benefits of outsourcing the process to a reputable and qualified service provider.

In 2000, NAID’s role in the industry evolved with the introduction of their AAA Certification program. While NAID membership is and always has been open to all shredding companies, AAA certification is a voluntary program for NAID members who wish to demonstrate their ongoing commitment to ethical standards and secure information destruction processes. 

As of 2018, NAID is now a division of the International Secure Information Governance and Management Association (I-SIGMA.)

What is NAID® AAA Certification?

NAID® AAA Certification is a certification awarded to document shredding companies who continuously validate their services’ compliance with data protection laws through a series of third-party audits.  

These random, unannounced audits are completed by trained and accredited independent Certified Protection Professionals® (CPPs), and are designed to ensure continuous adherence to data security best practices. 

Company facilities, equipment, vehicles, and processes are all subject to evaluation during these audits to ensure top to bottom compliance with the strict standards set by NAID. 

In exchange, certified providers gain access to numerous educational and support materials, the ability to advertise as an AAA Certified provider, and become eligible to provide information destruction services for businesses and government agencies who require this credential. 

More than 1,000 information destruction companies have received their NAID® AAA Certification, including mobile, paper, and computer destruction services across five continents. 

What are the requirements for obtaining NAID® AAA certification?

NAID® AAA Certification is the most trusted and widely accepted certification for data destruction companies worldwide. Companies wishing to become AAA certified must meet incredibly stringent requirements, including rigorous security audits, documented company incident response policies, facility security standards, equipment inspections, and more.

Rigorous Security Audits

Service providers must submit to both regularly scheduled security audits and unscheduled, surprise audits by trained and accredited security professionals. Providers will not know when these audits occur, which can be a great motivator for ongoing compliance. All providers must maintain a passing grade to maintain their certification status. 

A customer may request an audit to monitor a particular service provider to ensure they meet the regulatory risk assessment requirements, and may monitor compliance by subscribing to email notifications of the service provider’s certification renewal, audit, or lapse.

Employment Records

Service providers must maintain detailed and up-to-date employment related records including:

  • Background screening and training programs
  • Employment history verification
  • Drug/Substance Screening Results
  • Signed confidentiality agreements 
  • Drivers license verification 

Documented Company Policies

Service providers must maintain written company policies and procedures manuals to ensure incident response preparedness and regulatory compliance.

Facility Security

Service providers must maintain a well-secured facility, meeting specific standards set by NAID. This includes monitoring all main access points with a closed circuit camera system, a fully operational facility-wide alarm system, and a secured area within the facility devoted solely to information destruction processes. 

Companies must also document their protocols for customer visits and employee access policies to secured areas.

Equipment Inspections

Service providers must use commercial grade destruction equipment. The resulting byproduct must meet specific particle size requirements to ensure destroyed information is impossible to reproduce. 

Documentation of Services

Service providers must provide customers with a certificate of destruction with every service. This important document can be used to prove that records were  destroyed in compliance with data privacy regulations

Secured Transportation

All vehicles used to transport confidential data must be fully insured and inspected. Vehicle cabs and boxes must be locked at all times, and drivers are required to have two-way communication devices. Drivers must document all transfers to maintain a secure chain of custody. 

Company Requirements

In order to maintain NAID® AAA Certification, companies must be legally registered and in good standing with the state of incorporation. Businesses must also have general liability insurance at all times. 

Companies with multiple locations must maintain separate certifications for each of their locations. That’s because different locations have different employees and managers. When a NAID certified company references their certification, they must specify the location to which it applies.

View the i-SIGMA Certification Specifications Reference Manual for additional details and requirements.

What are the benefits of NAID® AAA certification?

AAA Certified document shredding companies are thoroughly vetted and verified by NAID to ensure that the services provided comply with all relevant data privacy protection laws and regulations, as well as information destruction best practices.

Other benefits include:

Stay Compliant

Businesses that possess personally identifiable information (PII), personal health information (PHI) and other sensitive materials are required by law to make every reasonable step to protect the sensitive data in their possession. 

That means that before any data is handed off to a third party, a business must do everything in its power to ensure that service providers are fully compliant with data privacy protection laws like HIPAA, HITECH, and FACTA

Fulfilling this important regulatory requirement can put an unnecessary burden on the business, as it must thoroughly research their service provider before it can hand off any records. 

When an information destruction company is NAID® AAA Certified, due diligence is completed by NAID itself, in far more detail than any business could ever dream of. NAID handles all of the effort of continuously monitoring each certified business to ensure that best practices and protocols are followed consistently.

For this reason, choosing a NAID® AAA Certified provider is a widely accepted method of meeting your business’ due diligence requirements. Requiring in your policy that your information destruction vendor must be NAID® AAA Certified, and choosing one that is, satisfies that legal requirement and protects you and your business.

Privacy and Security

Businesses are required to store a lot of sensitive documents. Whether it’s employee records, client information, or proprietary data, most of these records need to be kept on file for an extended period of time.

But what happens to this data when it is no longer needed? You could hang on to everything forever, but this exposes your data to unnecessary risk, and could lead to identity theft, or worse. And very few businesses can survive a data breach, especially one caused by sheer negligence. 

Choosing a NAID® AAA Certified data destruction company is the most secure way to rid your organization of the sensitive information in your possession, while ensuring the privacy of your data is not compromised in the process. 

Not only are AAA Certified shredding companies required to train employees how to handle sensitive documents, but every part of their destruction process, down to shredding particle size, is reviewed to ensure that confidential information processed cannot be reconstructed.

What is i-SIGMA?

i-SIGMA (International Secure Information Governance & Management Association)  is a non-profit watchdog organization formed by the merger of two well established trade associations, the National Association for Information Destruction® (NAID®) and PRISM International™ (Professional Records and Information Services Management®).

Formed in 2018, i-SIGMA enforces standards and ethical compliance for more than 2,000 information destruction providers internationally, and currently maintains the most rigorous and widely accepted third party security compliance certifications in the world. 

What Comes Next?           

If you’re looking for a NAID® AAA Certified information destruction company, look no further. SecureScan has been providing ultra-secure mobile document shredding services throughout the Northeast since 2003.

Our team is ready to help you rid your organization of sensitive documents while protecting the confidentiality of your data. Visit our quote page to request more information from one of our information destruction technicians.

To view our certification status, visit directory.isigmaonline.org. Type “SecureScan” into the company name field and review the result.

   

Read More

For many businesses, managing invoices can feel like an uphill battle. Paper invoices pile up on desks, while digital ones are lost in a sea of email threads. Keeping everything organized and efficient is no easy task, but invoice scanning can make it a whole lot easier. Invoice scanning is a straightforward yet effective way

Read Article

Scanning photos is a great way to preserve cherished memories and document family history. For many people, photo albums hold decades of captured moments, and gathering around them to relive these memories has long been a shared tradition. But as we all know, photographs don’t last forever. They fade, can be easily damaged by water

Read Article

Libraries and government agencies are responsible for managing massive collections of records, and for decades, microfiche was the go-to solution for storing them. From historical documents to public records, microfiche helped these institutions save space while preserving large volumes of information. However, as technology has evolved, so have the ways we share and access data.

Read Article