Savvy business leaders know to be skeptical when a service provider’s price seems too good to be true. Hiring the shredding service with the lowest rate might save you a few dollars today. It also might mean that you’re handing over boxes of your business’s confidential information to someone who has a history of financial fraud, or to a company that doesn’t have a security system installed in its shredding facility.
A shredding service with below-market rates probably isn’t certified by NAID (the National Association of Information Destruction). NAID is an independent organization that monitors confidential shredding organizations throughout the world. A document shredding service is awarded NAID “AAA” certification only after meeting strict operational protocols and procedures and demonstrating an ongoing commitment to data destruction best practices. Because NAID certification is optional, data destruction companies that can’t stand up to scrutiny don’t seek it out.
What Being NAID Certified Requires
Becoming NAID certified requires a shredding service to submit a lengthy application and supplemental documentation, complete on-site inspections by an auditor, be approved by an NAID review board and pay certification fees. An approved organization must renew its certification every year. All NAID certified locations are also subject to unannounced site visits at any time throughout the year.
Here is a brief list of NAID requirements:
- Employee background checks
- Secure storage of all incoming materials
- 48-hour processing for material received
- GPS tracking of all vehicles
- All material transported in locked bins / vehicles
- 24-hour video monitoring with 90-day backup recording at processing locations
- Access control specific to employees only
- Secure shred size for all material processed
- All processed paper-based materials require repulping only, and cannot be sold for other purposes, such as packing or animal bedding
Why NAID Certification Matters for Your Confidential Information
Working with a shredding service that’s NAID certified is always advisable for optimal data security. Always verify a shredder’s certification before trusting them with your confidential information in the form of paper documents, hard drives and other shreddable materials. A company’s certification status can reveal a lot about how seriously it takes data security.
- NAID certification tells you that a service provider has a systemized approach to protecting sensitive data. Mistakes happen when steps are skipped. You don’t want to trust your business’s confidential information to a shredding service with a “make it up as we go along” approach. NAID certified organizations have to prove that they have clear procedures and backup plans in place so that customer data is kept secure no matter what unexpected events may happen at the shredding facility.
- NAID certification requires shredding services to keep up with changing data security regulations. As technology advances and cybercriminals evolve, data security laws are frequently created and updated to safeguard data. NAID requires its certified organizations to update their policies and procedures in accordance with any relevant data security laws. For example, in 2019 after the California Consumer Privacy Act and the General Data Protection Regulation (governing the European Union) took effect, NAID required all AAA-certified providers to update their policy language to reflect any relevant requirements created by those laws. NAID also routinely issues its own guidelines and best practices that certified organizations must follow.
- NAID certification is important to your customers. Your business is careful about data security and data destruction, and your customers are too. They need to be able to trust you to safeguard their data at every moment—up to the moment of destruction. In a competitive market, your business needs every advantage it can get in order to attract and retain customers. You want to be able to tell them that you work with an NAID certified data destruction company to dispose of any sensitive documents, hard drives or other data-storing devices that hold private customer information.
- The potential cost of a data breach is just too great to take any risks. Entrusting your business’s confidential information to a shredding service that’s not NAID certified is like deciding to forgo insurance to save a little money. It’s a short-term decision that could come back to haunt you if something goes wrong down the road. Just one data breach can have severe repercussions for your finances and reputation.
Because certification has a cost, NAID certified shredding services tend to charge slightly higher rates than non-certified shredders. If that seems prohibitive, ask yourself: Is it worth the risk to save a few dollars and go with the lowest cost service provider, not knowing if your information is secure once it leaves your facility? Is it important that you can assure customers and employees that any sensitive data and confidential information they’ve entrusted to you remains secure until it’s totally destroyed?
Northeast Data Destruction is committed to providing safe, secure, and confidential data destruction. We advise anyone interested in contracting a data destruction service to thoroughly review the company’s policies and procedures and conduct a site audit. If you would like to learn more about our commitment to NAID compliance and certification contact me today.