The Crown Blog
NAID Membership Does Not Necessarily Mean NAID Certified
Your Information Management Experts Explain the Difference
The international trade association for information destruction service providers, National Association of Information Destruction (NAID) is essentially the standards setting body for secure disposal of paper and electronic data. In addition to conducting process improvement research and creating global recognition for the information destruction industry, NAID protects the interests of consumers by setting strict guidelines for its member companies. The association also offers the AAA Certification, a systematic and thorough evaluation process that audits whether the applicant company meets the stated legislated requirements and security specifications of information disposal.
So what is the difference between membership and certification? Does every member need to apply for AAA certification? How do they get audited? At Crown Information Management, we have first-hand experience of being AAA certified, and understand the criticality of this accreditation, especially in the face of continually evolving and magnifying information security threats. Read on to know more about this process and why you should rely on a NAID AAA Certified company for all your paper and digital media shredding needs.
Key Differences between NAID Membership and NAID AAA Certification
NAID Membership: Any company that is in the business of information destruction can subscribe to become a paid member of NAID. Being a member would typically mean:
- Getting access to the association’s publications, research and security guidelines
- Being featured as an affiliate on the NAID site for the purpose of promoting their business
- Receiving the NAID member logo for use on office stationery and other promotions.
While member companies have to abide by the association’s Code of Ethics and Bylaws, they are not required to commit to the stringent security protocols and measures stated under the AAA Certification. Even if they do follow these standards, an independent, unbiased auditor has not monitored or certified their business, which means they are only self-policing.
NAID AAA Certification: Certification signifies that the company adheres to the highest ethical and security standards for irretrievable destruction of paper and electronic data. As part of the evaluation process, their business is subject to intense scrutiny by an objective auditor who is accredited by ASIS International as Certified Protection Professionals (CPP). The company is audited in over twenty different operating areas, including:
- Shredded particle size
- Access controls
- Surveillance and security measures during storage and transportation
- Screening and training of staff (an extensive 3-level background check to ensure that individuals with a past criminal record do not handle confidential information).
- Presence of formal, documented security measures, and more.
Even after the third-party auditors have verified that all the expected protocols are in place, certified companies are subject to comprehensive, surprise audits on a routine basis. This is a powerful motivator to ensure that their compliance measures do not slacken at any time.
Why Choose a NAID AAA Certified Company?
NAID AAA Certified companies go through a rigorous process to showcase how they meet, and exceed, not just the stringent standards stated by NAID, but also numerous other customer confidentiality protection laws and regulations.
- Remain Compliant: Whether your business is covered under FACTA, HIPAA, PCI Compliance (for media destruction), or other industry-specific information disposal laws, a certified service provider will help you remain compliant on all your legal and contractual obligations.
- Present Auditable Proof: The certificates of destruction issued by NAID AAA certified companies are admissible as proof of secure disposal, when your business is subject to any internal, external or statutory audits.
- Protection during Lawsuits: If your company is ever sued over an information breach during the records disposal stage, the certificate of destruction issued by a certified service provider can help reduce your risk and liability. Acting as a gesture of ‘good faith’, it proves that you took the necessary precautions for safe disposal of information.
Choose a NAID AAA Certified Service Provider for Your Record Destruction Needs
With fraud, identity theft, and data breaches on the rise, it is imperative to ensure secure destruction of any confidential information pertaining to your business, employees or customers. After all, you do not want to expose your business to unnecessary risks, such as fines, sanctions, bad publicity, or losses due to your trade secrets falling into the wrong hands. Ask to see the shredding company’s NAID Certification. Ideally, you should see it displayed on their website and promotional materials.
For all your paper and digital media disposal needs in and around central Florida, rely on Crown Information Management. As a NAID AAA and PCI Certified company, you can take advantage of our secure document destruction services, including lockable security consoles, built-in liability insurance, and bonded and licensed destruction technicians.
Call Crown Information Management at 800-979-9545 or contact us online to request a free estimate.