In a world where so many facets of our lives and the information we keep is held online, where we see passwords and security, hackers and scammers see opportunity. For a business, one way to avoid hackers is by keeping systems, processes, and passwords up to date. However, when it comes down to it, all of these things can fail with employee oversight, and simply not being able to spot a phishing email. So, what are some steps you can take today to protect your accounts from hacks? Here are some tips from the National Cybersecurity Alliance.

• Keep good records. Keep documentation of all orders and purchases. This will help you to detect bogus accounts and invoices.
• Most email platforms, including Google and Yahoo now allow you to unsubscribe from emails without clicking on any links within the email itself. If you never subscribed to the email to begin with, don’t click “Unsubscribe” at the bottom, but use your email platform’s Unsubscribe or Junk feature to remove the email.
• Be extra careful with payment procedures. Establish payment authorization procedures, including a multi-person approval process for transactions above a certain dollar threshold.
• Avoid some payment methods when possible. Wire transfers, pre-paid debit cards and gift cards are scammers’ preferred methods of payment. Always confirm that any requests for payment with untraceable methods such as these are verified by an authorized source. Also, try to pay by a written, company. That way, a paper trail has been created.
• Double-check vendors. Make sure that the business billing you is a business you’re familiar with and normally do business with. If not, question it. Get the name of the person you speak with, the company name, address, phone and website.
• Be careful what information you share. Do not give out information about your business unless you know what the information will be used for. Never provide personal information or financial details to anyone you don’t know.
• Protect your devices. Make sure you have proper computer protection software and a firewall. Don’t click on links inside unsolicited e-mails. They could spread malicious software or viruses.
• Spread the word. If your employees know about the scam, they’ll be more likely to spot it. Tell your colleagues too.

Should you receive any phishing emails, it is recommended that you forward these to the Anti-Phishing Working Group at reportphishing@apwg.org and the FTC at ReportFraud.ftc.gov.

The post Avoiding the Everyday Scam appeared first on i-SIGMA.

The answer is often YES! A shredding company may have the right to pursue lost income from an at-fault driver and the at-fault driver’s insurance company after an accident. The amount of the claim will depend on the length of downtime, as well as other circumstances and applicable laws. Here are a few points to consider:

Liability: To establish liability, be sure to gather evidence such as accident reports, witness statements, and video footage. Once fault is proven, demand payment for the repairs or totaled equipment, as well as the consequential damages. Consequential damage includes income lost while the shredder equipment was down.

Insurance claims: The shredding company should consider filing a claim with the at-fault driver’s insurance company right away. This adverse insurance company may be responsible for covering the direct losses resulting from the accident. These direct losses may include repairs or replacement of equipment, towing, hotel, rental of equipment, downtime, diminished value, etc.

Proof of losses: To support an insurance claim, the shredding company will need to provide evidence of the actual losses suffered. This evidence may include estimates and final repair invoices, out of pocket expense receipts, expert statements, financial records, business documentation, and other relevant records demonstrating revenue typically generated during the downtime period.

Legal proceedings: If the adverse insurance company disputes the claim or fails to provide a fair settlement, the shredding company may consider taking legal action to pursue compensation for all losses. Be aware: every claim has a ‘statute of limitation’. This is the time limit in which to bring legal action. Don’t let time run out!

It’s important to note that the specifics of pursuing insurance claims vary based on state law. Consulting with a lawyer experienced in accidents and insurance claims can provide shredders with the most accurate advice tailored to each specific situation. With your supporting documents and their help, you’ll be well on your way to reclaiming money that is rightfully yours.

About the Author: 

Attorney Kelsea Eckert, the driving force behind Eckert & Associates, PA, has been a legal advocate for small trucking businesses for most of her 35-year legal career.  As the firm’s lead attorney, she oversees all downtime claims handled by Eckert & Associates, PA. Working mainly with owner operators and small fleets, the firm provides invaluable counsel to countless small trucking businesses battling insurance giants.

Kelsea’s a big believer in the value of small business. She and her firm are adamant that owner operators and small fleets should receive the same treatment as the big guys. Kelsea’s passionate belief that even the smallest trucking companies deserve fair reimbursement for their repairs, downtime, and other out of pocket expenses is the foundation of her firm’s unwavering commitment to their clients. Kelsea’s tenacity, diligence, and belief in justice have made Eckert & Associates, PA a staunch ally of owner operators and small fleets across our nation.

Learn more about Eckert & Associates >>

The post Can a Shredding Company Recover Lost Profit After a Truck Accident? appeared first on i-SIGMA.

Running a business can be a daunting task, especially when it comes to ensuring compliance with various regulations and laws. Compliance is important not only for legal and ethical reasons but also for the efficiency of your business. By partnering with an i-SIGMA Certified Company who has obtained either their NAID AAA or PRISM Privacy+ Certification, your company is already leagues ahead in terms of compliance. The list below highlights ten things you can do to help run your business more efficiently, all of which are required of i-SIGMA Certified Providers. Find an i-SIGMA Certified Service Provider Here >>

Identify and prioritize compliance requirements

The first step towards efficient compliance is to identify and prioritize the requirements that apply to your business. Depending on your industry and location, you may need to comply with various regulations, such as data privacy laws, labor laws, and tax regulations. Make a list of these requirements and prioritize them based on their importance and impact on your business.

Create a compliance program

Once you have identified the compliance requirements, create a compliance program that outlines the policies and procedures for meeting these requirements. This program should be tailored to your business and should cover all relevant compliance areas. Ensure that all employees are trained on the compliance program, and make sure that it is regularly updated to reflect changes in regulations.

Hire a compliance officer

If your business is large enough, consider hiring a dedicated compliance officer who will oversee the compliance program and ensure that all employees are following the policies and procedures. The compliance officer should have a thorough understanding of the regulations that apply to your business and should be able to keep up with any changes in these regulations.

Use technology to automate compliance tasks

Technology can help you automate many compliance tasks, such as tracking employee hours, filing tax returns, and monitoring data privacy compliance. By automating these tasks, you can reduce the risk of human error and save time and resources. Consider investing in compliance software that can help you manage compliance more efficiently.

Conduct regular compliance audits

Regular compliance audits can help you identify areas where your business may not be meeting regulatory requirements. These audits should be conducted by an independent third party who has expertise in the relevant compliance areas. The findings of the audit should be used to improve the compliance program and make any necessary changes to policies and procedures.

Monitor regulatory changes

Regulatory requirements are constantly changing, and it’s important to stay up-to-date on these changes. Subscribe to regulatory newsletters and attend relevant conferences and events to stay informed about any changes that may impact your business. Update your compliance program and policies as needed to ensure that you are meeting the latest regulatory requirements.

Train employees on compliance

All employees should be trained on the compliance program and the policies and procedures for meeting regulatory requirements. This training should be provided on a regular basis and should cover all relevant compliance areas. Ensure that employees understand the importance of compliance and the consequences of non-compliance.

Implement a whistleblower policy

A whistleblower policy can help you identify and address compliance issues before they become serious problems. This policy should provide employees with a way to report any suspected violations of regulations or company policies without fear of retaliation. Ensure that all employees are aware of the whistleblower policy and understand how to use it.

Maintain accurate records

Accurate record-keeping is essential for compliance. Keep all relevant records, such as financial statements, tax returns, and employee records, organized and up-to-date. Use a secure storage system to protect sensitive information and ensure that only authorized personnel have access to these records.

Seek professional help

If you’re unsure about how to meet regulatory requirements or if you’re facing a compliance issue, seek professional help. Consult with a lawyer or compliance expert who can provide you with guidance and advice on how to meet regulatory requirements and avoid compliance issues.

Compliance is a critical aspect of running a business, and it’s important to ensure that your business is meeting all regulatory requirements. By following the ten steps outlined in this article, with the help of an i-SIGMA Certified Service Provider, you can help run your business more efficiently with compliance and reduce risk.

The post Efficiently Keeping Your Business in Compliance appeared first on i-SIGMA.

By: Gina Lentine of Legal Shred

“How can I help?” From a young age, this phrase was one of the most natural thoughts. Valuing altruism and giving back to others was an almost unconscious desire. I would volunteer as much as possible, and dreamed of being a professional volunteer if such a thing existed. Volunteer work as a career may not pay the bills in a traditional sense, but from another perspective, it pays more than any other job.

The benefits of volunteering go beyond what many imagine. Simply from a personal/psychological level, when people volunteer, they gain a new perspective, learning about and understanding experiences they may not otherwise encounter. There is also a sense of appreciation that you receive that is hard to get anywhere else. For example, a lot of the volunteer work I did when I was young was at a local hospital – I will never forget the gratitude and smiles received simply by delivering flowers or just being a distraction from everything that was going on around those there. That new perspective and knowing that you are needed can’t help but boost your self-esteem by knowing that you did something good, which can make you more productive in all areas of your life. In fact, similar to exercise, volunteering can release endorphins, and for anyone who has seen the movie Legally Blonde, you will appreciate “Exercise gives you endorphins. Endorphins make you happy. Happy people just don’t shoot their husbands…” All of these benefits when experienced by employees help to build the morale of a company and provide a sense of comradery. In addition, while volunteering, you can learn new skills and discover other interests.

When you take the benefits of volunteering and community involvement to the next level in business, the benefits are exponential. As previously mentioned, while you may not make the dollars while doing the volunteering, what you are doing is setting the dollars up to come. As most business people are aware the best way to build a business is to network and build social connections. Community Involvement is one of the best ways to do that. It puts you in the public eye, allows you to interact with others you may not otherwise have an opportunity to connect with and it provides you with a common ground. An afternoon of volunteering can open doors. By human nature, people feel a certain desire to reciprocate. On that very principle, when you give back to your community and they see what you are doing, the community wants to give back to you. Coming full circle, a business is then giving back to the community who supported it. If you are a new business, community involvement is an excellent way to let the community know you are there. Philanthropic activities will create a positive buzz for you and your business, something many are willing to pay for.

So what can you do to be involved in your community? Naturally, as the owner of a RIM or shredding company, when trying to come up with ways to give back to the community, the immediate thought is to host a shred day. In fact, at the time of original publication, we had recently partnered with The American Red Cross and a local business to host a shred day to raise funds for the victims of Hurricane Harvey (remember, this was first published in 2018). Shred days are a great type of event; they create awareness for the business, strengthen relationships with other local businesses, and provide an opportunity to meet new people and companies. However, I often wonder what else we can do as a business for community involvement aside from a shred day.

Before this article was published, the association conducted a survey asking members if and how they get involved with their local community. Most said their primary means followed a similar suit to my own of providing shredding services, a key way the information destruction industry has and will continue to give back.

Some different types of community involvement included walks and runs for charity. Through these, businesses can build a company team to fundraise for an existing cause, or create and sponsor a walk/run for a cause you feel passionate about. One member company has a non-profit they have worked with to provide monthly donations, and their employees volunteer with this organization on a regular basis.

James Elkins, Amarillo Regional Manager, best describes a program Document Shredding and Storage (DSS) recently created:

We teamed up with a local elementary school here in
Amarillo, TX, Arden Road Elementary, and worked with
the 4th grade leadership team (RAD Roadrunners) on a
recycling service project for two months. We provided
the shred bins and the students collected paper from all
the classrooms and offices each day. The kids even involved
their parents, by collecting paper at their homes and
bringing it to the school. At the end of the week, DSS would
go exchange the full bins for new empty ones. Each week they
filled at least two 64 gal bins and some weeks three or four.

At the end of the second month, the RAD Roadrunners far exceeded
their goal of collecting 2 tons of paper and finished the project
with 7,000 lbs (3.5 tons) of recycled paper, thus, saving
60 trees! Their reward was a field trip to DSS in which I
took the group (24 kids) on a tour of our facility. During
the tour, I stressed the security of our operation, which
included much of our NAID AAA Certification requirements
(e.g. visitor log in, locked secure shred room, employee
uniforms & name badges, CCTV cameras, secure vehicles,
the width of the shredded paper, and much more). They
got to see our full operation, including our shredding and
storage. My presentation included many stops at different
stations throughout our facility with explanations of each
station and time for question and answers from the kids.
One student asked if we ever got paper cuts! LOL! It was
a great educational experience for the students, and one
they will remember forever. The counselor in charge of
the group, Wendy Peeples, shared with me some of the
comments from the kids after the tour. One student,
Lindsey, said, “That was the best field trip ever!”

It was such an awesome way for the kids to see the “full
circle” process of how the paper they collected was shredded
and baled and then shipped to the recycler. In the end, we
all gathered in our showroom for a big pizza party as a
reward for a job well done. It was a great and
successful educational service project for the students,
and it gave DSS some great exposure in the area and
satisfaction of helping the kids do something meaningful
for the community.

In researching, I discovered additional ideas that secure data destruction businesses could incorporate to also get involved in the community.

One fun option was sponsoring a little league team. The children would wear your logo every game for all to see, and if you choose you can go to the games to cheer them on. Plus, if the team is really good, maybe you will even find your business name in the newspapers. “Adopt-a-road” is another excellent way to get involved with the community. As businesses in the information destruction industry strive to recycle and dispose of the destroyed materials in a “green” way, “adopt-a-road” is right in line with that mission. Your business would be on a road sign that people would drive past every day in the geographic area that you service. When they see how clean that section of the road is and volunteers wearing your logo working hard to help our environment, your business’s environmental stewardship will be recognized, making it evident the practices of your business align with its values.

It is apparent to me that the words of Robert Ingersoll, “We rise by lifting others” ring true. I hope you are inspired to give generously to your local community and that you’ll reap the rewards! Perhaps you already are doing something more. We would love to hear about it. If you have a story you want to share, please inspsire your fellow colleagues in the i-SIGMA Facebook Group, i-SIGMA Social.

The post Community Involvement: Where do You Stand? appeared first on i-SIGMA.

• Maximizing the Cares Act Incentives – Webinar
• Maximizing the Cares Act Incentives – Article

Following the webinar, i-SIGMA received a few member inquiries under our Ask the Professionals program and are sharing the responses.

Please Note: i-SIGMA is not a Certified Public Account and is not providing specific legal or accounting advice. We recommend that you reach out to your local tax professional to determine what specifically applies to your business in your local jurisdiction.

Question

Dear Ask the Professionals,

We are excited about adding ERC funds to the PPP money we already qualified for but I’m confused if these funds will be consider taxible income later on. Please advise.

Sincerely,

Tax Ignorant

Answer

Dear Tax Ignorant,

We reached out to CPA Kristina Morgan of Sechler Morgan CPAs PLLC, who advised us of the following:

Nonprofit entities will NOT have to file an amended tax return (other than the required payroll tax return).

For-profit entities WILL have to file an amended tax return for the years they claim the credit. Those amounts will increase the companies’ profits (or reduce losses or carryover losses) and will therefore be taxable.

i-SIGMA also discovered that if a business claims the credit and is not eligible but certifies that they are, this is considered tax fraud. As such, we advise our members to work with a professional to understand the many requirements and calculations that are involved, especially if they also received a PPP Loan(s).

Sincerely,

i-SIGMA & Professionals

Question

Dear Ask the Professionals,

I attended the webinar that i-SIGMA held regarding the Employee Retention Credit (ERC). We have a very small team with only a handful of employees. It seems that most firms want to work with large businesses and are focused only on revenue loss as a basis for applying for the credit. Do you have any information on the other ways of qualifying?

Sincerely

Small But Mighty

Answer

Dear Small But Mighty,

We followed up with Daniel Risen who did the presentation as well as spoke to other members applying for the credit. You are correct that initially, firms assess revenue. However, less than 5% of businesses that have received ERC have qualified under this criteria. (What qualifies? In 2020, if you saw a 50% drop in revenue, compared to the same quarter in 2019, you would be eligible for all of 2020. In 2021, if you saw a 20% reduction in revenue, compared to the same quarter in 2019, you would be eligible for that entire quarter in 2021.

More businesses qualify for ERC via the “Governmental Orders” criteria. If in your state or federally you were affected in your ability to conduct COMMERCE, TRAVEL, or GROUP MEETINGS by the pandemic under certain criteria, you could qualify. A few examples of qualifiers Daniel has seen within our industry in some states include:

1. Supply Chain Disruption
2. Requirement of the company to spend time and money on PPE to clean and sanitize equipment
3. Furloughed Employees
4. Sales were forced to go virtual (if you were unable to attend tradeshows or sales conferences)
5. Employees may not be “active” all day or were forced to perform work outside of their normal job duties

One member did share with us that while his CPA was reluctant to work with him, after approaching another CPA, their business is getting back $250K. His advice was to keep looking for firms who are willing to sit and take the time to work with you!

Sincerely,

i-SIGMA & Professionals

Important: Some experts contend that since our industry was mostly exempted from the shutdown, due to our industry being deemed essential, some businesses may not qualify. We advise our members to work with a professional to understand the many requirements and calculations that are involved with your specific business and local jurisdiction.

The post Ask the Professionals About the Employee Retention Credit (ERC) (US companies) appeared first on i-SIGMA.

Conventional media collection containers are provided as a convenience, not a security measure. And while they do serve to prevent access by unauthorized individuals, they were never intended to secure information from a malicious individual who could simply wheel the bin away, bust it open with a hammer, or slice it open with a razor knife.

The actual “security” stems solely from the controlled confines of the client’s building; it has locks on the front door, the watching eyes of employees, and the security alarm and CCTV of the building…and not from the container itself.

Understanding this is important for a number of reasons.

Key Control

It sometimes strikes clients as inappropriate (or unsecure) that the keys to their containers open containers placed at other clients. Doesn’t that mean those other clients could open their bins too?

The misconception here is that the “key” is the source of the security. It is not. If an unauthorized person is walking around their office opening bins, the problem is with the security of the building, not the container. As already mentioned, that same malicious unauthorized individual walking around the office could have gotten into the containers without the key.

The idea that a key that is exclusive to one client is more secure is both misguided and dangerous. No client should believe – or be led to believe – that anything but the security of the overall environment in which the containers are deployed is the actual source of the security.

Furthermore, from the service provider’s perspective, suggesting the key and container are the source of the security suggests that they – the service provider – are responsible for that security of material in the client’s office. It is extremely reckless, both for the service provider, and the client, to foster that belief.

Care and Custody

Clients sometimes believe (or act as if they believe) that custody of the media transfers to the service provider once it goes into the collection container. That is not the case. Regardless of who provided the collection container, the service provider is not responsible for the care and custody of personal information until they take possession of it. Again, the security of the environment is the important thing, and, as a result, it is very important that service providers do nothing that suggests otherwise.

Written by Bob Johnson, CSDS | 11 May 2022

The post Media Collection Containers, Key Control, & Custody appeared first on i-SIGMA.

In its role as a member-owned organization, i-SIGMA provides a robust repertoire of member benefits, including state-of-the-art contracts and agreements, marketing materials, regulatory intervention, and educational events. Find the full list and details of all i-SIGMA benefits on the association website, and all members are encouraged to review and make use of them.

Certifications: Included among the benefits of i-SIGMA membership benefits is access to information protection’s two leading service provider certifications, NAID AAA and PRISM Privacy+. With the overwhelming majority of its more than 1,200 member-locations holding one or both of those certifications, they are the most success programs i-SIGMA has offered to date.

By now, it is well known that i-SIGMA membership replaces NAID and PRISM International membership at the end of this month, and that going forward the use of NAID and PRISM will be limited to their respective certifications.

A Personal/Business Decision: Over the years, our surveys have consistently shown that the vast majority of non-certified members fully intend to become certified as soon as they can find the time. And whether now is the right time or not, it is critical for those members to know they are still benefiting from the association’s efforts and their contribution to the association continues to promote client education and adoption of their services.

It is also important, however, for non-certified members to take stock. In a matter of weeks, NAID and PRISM will only be associated with each respective certification program. If past surveys are correct, and certification is a future goal, there is no better time to do it than now; thereby maintaining your link to the two most recognized information protection brands in the world.

How to Become Certified: Becoming Certified is not as complicated as some may think.

1. Meet all required specifications as outlined in the i-SIGMA Certification Specifications Reference Manual
2. Submit a completed certification application
3. Successfully complete an initial scheduled audit verifying all aspects of compliance

Contact the i-SIGMA Certification Department for more information.

Written by Bob Johnson | 30 November 2021

The post If Certification is in Your Plans, Now is the Time! appeared first on i-SIGMA.

Those attending the i-SIGMA webinar on How to Overcome the Labor Dilemma in an Evolving COVID Economy w/ Tom Adams hear him say these tasks require the same focus, the same planning, the same intensity of effort as sales and marketing. In short, service providers can no longer afford to take it for granted.

With that in mind, i-SIGMA would like to share what we have learned since first starting this discussion, and, more importantly, hear what others are doing.

1. Hiring and retaining drivers is the most troublesome issue. Drivers are the face of the company. They need to be presentable and capable when dealing with clients and the inevitable issues that can arise in the field. In fact, the drivers our industry needs interact with clients far more than the delivery driver that knocks on your door and leaves a box.
2. Increasing compensation is a solution, but there are nuances. Of course, increasing pay will attract and keep employees, but bumping them up 20% in one stroke, could cause problems. Additionally, hiring a new driver (or other employee) at the same rate or higher than a long-time employee has a number of risks too, such as losing or de-motivating the long-time employee.
3. Paying higher wages and showing more appreciation is the least expensive strategy. Keeping a client is a lot less expensive than finding a new one… and the same can be said of good employees. Recruiting and training are expensive, even more so when you know how much effort it takes to find and attract new people. A bad interaction with an under-trained employee can cost you customers.
4. Poaching (especially drivers) is okay but should be strategic and discrete. Let’s face it, the person sitting at home who’s benefits just ran out might not be the best choice. Better is someone who is working (and working hard). Water delivery services and appliance delivery are two industries providing a good source of drivers who are used to hard work and dealing the public but finding them and luring them requires tactical diligence. Keep in mind, this is a two-way street. While i-SIGMA does not condone poaching among its members, good, hard-working employees—no matter where they are presently—are at a premium. There is a good chance someone is eyeing yours.

We know there are more ideas and considerations out there. Some readers might disagree. PLEASE COMMENT! We want to hear from you. In fact, your comment may end up in a more complete examination of this issue printed in an i-SIGMA publication.

Share Your Comments in the i-SIGMA LinkedIn Group Post Now >>

The post The Struggle to Hire & Retain Good Employees appeared first on i-SIGMA.

Why Did i-SIGMA Create This Service?

All data protection regulations require clients to demonstrate initial and ongoing due diligence when selecting third-party service providers to process personal information. The key word there is “demonstrate.” In fact, when a large investment firm was recently fined after its discarded electronics exposed personal information about its clients, the judgment was based on the fact that they failed to employ “adequate due diligence in selecting a vendor and monitoring its performance.”  This new, free service from i-SIGMA helps organizations fulfill that regulatory obligation by sending out comprehensive compliance reports detailing the qualifications of vendors offering records storage, imaging, scanning, secure shredding, and electronic media recycling.

Of course, the challenge to clients (such as the investment firm) of complying with such regulations is that, 1) they rarely have the bandwidth to perform such due diligence and, 2) even if they did have the bandwidth, they can hardly be expected to know what to look at. Enter i-SIGMA certification programs, which are not only designed to review the relevant regulatory and security overlap, but to do so on an ongoing basis. 

By obtaining the automatic reports issued by the i-SIGMA Compliance Monitoring Service, the client has evidence by which they can demonstrate both initial and ongoing compliance of their service provider. In short, the client themselves gets the tangible benefit of being able to demonstrate their own vendor-selection compliance requirements. 

“We began the service when customers requested that we email them alerts when their service provider renewed or lapsed,” says i-SIGMA CEO Bob Johnson.

“Now, we’ve taken that concept a step further. The service is based on the fact that many data controllers are required to demonstrate initial and ongoing due diligence when they use data-related service providers,” Johnson continues. “And, because NAID AAA and PRISM Privacy+ Certifications address the relevant security vulnerabilities and regulatory overlap, the information verified during audits mirrors what that due diligence should look like.” 

“Essentially,” Johnson added, “they’re supposed to do it, but often don’t what to look at or don’t take the time, so we can do it for them even better than they can.” 

Clearly, any client will see the value of obtaining this free report, and once they are aware it is available will come to insist on it. 

Users of the service will first be brought to a welcome screen, and next will be able to choose their provider that they wish to monitor (as shown below). If the user does not have a provider in mind, they can also find a local service provider.

Once the user has selected their service provider, all they have to do is enter their email address (stored anonymously). The report will show up in the user’s inbox within minutes. Future reports will be sent annually as each company renews its certification and whenever they make changes in their serviceswhich may impact the details of their certification on file.

i-SIGMA is very excited to announce and roll out this eagerly awaited program. For information on certification programs, contact: certification@isigmaonline.org. For technical assistance regarding this tool, please contact: webhelp@isigmaonline.org.

Use the Compliance Monitoring Service Now >>

The post The i-SIGMA Compliance Monitoring Service Has Arrived appeared first on i-SIGMA.

And, in this regard, it is also understandable that their initial focus is determining the appropriate particle size for the media they wish to destroy.

Unfortunately, when searching for such guidance online, the only information available often pertains to government classified information, resulting in unnecessary expense and often a high degree of unnecessary inconvenience.

Here are a few things to consider:

• No data protection regulation in the world specifies a particle size for destroyed paper or electronic equipment. They simply mandate the information be reasonably inaccessible and not reconstructible.
• Most particle size specifications issued by and for government agencies must anticipate that the materials are not controlled after the destruction process.
• Unnecessarily meeting a very small (and irrelevant) particle size can cost 5 to 10 times what would be reasonable by regulators.
• Because of the factors above, requiring an unnecessarily small particle size may discourage compliance by front line employees, which, ironically, ends up putting the organization at greater risk.

Also consider:

• NAID AAA Certified media destruction services are required to demonstrate they prevent access to destroyed particles after the destruction process.
• Commercial media destruction firms destroy large amounts of material from multiple sources, all of which is co-mingled prior to being baled and securely recycled or responsibly discarded.
• Hundreds of thousands of organizations around the world rely on NAID AAA Certified service providers to meet the security and regulatory media destruction requirements.

i-SIGMA is a global, non-profit association dedicated to the proper destruction of discard information for more than 27 years and believes that organization is ultimately responsible for the protection of personal and competitive information in its possession.

The advice above is simply provided to help organizations decide what particle size best meets their needs, while avoiding the expense and risks of acting without a complete perspective.

NAID AAA Certified Company Marketing Resources

Companies who are NAID AAA Certified should use the following resources to use as marketing material for clients asking questions pertaining to particle size:

“What is the Correct Particle Size for Your Destroyed Media?”

“What is the Correct Particle Size for Your Destroyed Media?” – ANZ & UK

Please Note: It is acceptable for Certified members in good standing to also translate this file into other languages

Written by Bob Johnson | 29 July 2021

The post What is the Correct Particle Size for Your Destroyed Media? appeared first on i-SIGMA.