In an age where data breaches make headlines and regulatory scrutiny is increasing across industries, NAID AAA Certified shredding companies offer a critical safeguard that many businesses still don’t fully understand—or value appropriately. Too often, vendors and prospects believe that simply “complying with security standards” is sufficient protection when it comes to data destruction. But as we know, there is a world of difference between compliance and certification.

NAID AAA Certified service providers not only understand the importance of third-party oversight—they live it. But if clients and prospects are not actively being educated about why NAID AAA Certification matters, there is a risk of being lumped in with providers who self-attest to standards without any external validation. Now, more than ever, it’s imperative to champion this message: There is no substitute for NAID AAA Certification.

The Compliance Myth

Many RFPs and procurement departments default to language like “vendor must comply with security standards” or “adhere to best practices.” While this sounds responsible, in practice, it means very little. Compliance without certification is often self-regulated. There’s no third-party audit, no proof of implementation, and no accountability.

This is where education is essential. We must clearly communicate that i-SIGMA’s NAID AAA Certification isn’t just about doing the right thing—it’s about proving it, through scheduled and surprise audits, employee background screening, rigorous protocols, and facility security requirements. It is a gold standard of trust, not a box to check.

Five Key Messages to Share with Prospects

To make our message resonate, we need to speak our clients’ language—risk, liability, brand protection, and cost avoidance. Here are five reasons you should be explaining why i-SIGMA’s NAID AAA Certification is non-negotiable:

1. Verified Oversight
   Only NAID AAA Certified providers are subject to routine, independent audits. This removes guesswork and ensures consistent, secure practices that are actively monitored.
2. Risk Reduction
   Non-certified vendors increase the chance of data mishandling, which can lead to devastating breaches. NAID AAA Certified companies have proven systems in place to minimize that risk.
3. Regulatory Compliance
   From HIPAA to GDPR, compliance isn’t optional. NAID AAA Certified providers are trained and validated to meet the legal standards that govern data destruction.
4. Cost Protection
   While uncertified vendors may offer cheaper services, the cost of a breach—fines, lawsuits, reputation damage—can far outweigh short-term savings. NAID AAA Certification is a wise investment in risk mitigation.
5. Reputation Management
   Your clients trust you to protect their data. A breach linked to a non-certified vendor can permanently tarnish their reputation—and yours. Certification gives them peace of mind.

Elevating the Value of NAID AAA Certification

Perhaps one of the most important reasons to educate others about NAID Certification is this: every conversation helps elevate its value. By helping companies understand what certification really means, we’re not just selling our services—we’re raising the standard for the entire industry.

When more organizations recognize and prioritize NAID AAA Certification, it strengthens its authority and credibility. It becomes the default expectation, not the exception. That momentum benefits every certified provider, reinforcing the value of the investment made in maintaining certification.

In other words, the more certified companies advocate for the certification, the more valuable it becomes—for i-SIGMA members, their clients, and for the future of secure information governance.

Embedding Certification into RFP Conversations

One of the most impactful steps in education is encouraging clients to include NAID AAA Certification as a requirement in their RFPs—not as a suggestion or guideline, but as a non-negotiable qualification. Language such as “Vendor must be NAID AAA Certified under i-SIGMA” provides clear direction and eliminates ambiguity.

We can also help procurement teams rewrite vague requirements and offer education sessions to explain what NAID AAA Certification entails. Whether it’s through webinars, one-on-one meetings, or even RFP response templates, this should be a part of the everyday sales process.

The Bottom Line: Certified or Not at All

Companies work hard to achieve NAID AAA Certification. It’s a badge of accountability, professionalism, and trust. But if the market isn’t educated on what that truly means, it allows uncertified providers to compete on an uneven playing field.

Be proactive. Be vocal. And make sure every vendor and prospect knows: There is no substitute for NAID AAA Certified shredding services. And in doing so, strengthen the standard we stand behind—making NAID AAA Certification the most recognized, respected, and required credential in the industry.

The post No Substitute for Certified Security: Why Educating Prospects on i-SIGMA’s NAID AAA Certification Is a Must appeared first on i-SIGMA.

As our office places are prioritizing sustainability goals, what actions are needed to protect private sensitive data while also diverting from landfill dependence and making positive environmental steps?

Reducing paper waste in the office is a positive environmental step. We are less likely to press print on documents, emails, calendars and memos that are neatly sorted on our computers for our use. However, most businesses still house paperwork with private data like HR files, employee agreements, customer contracts, tax filings, legal documents, and other documents. These are the documents with sensitive, private data that must be protected. Recycling paper documents is preferred over creating waste that will be landfilled, however there is no data destruction promise made during the process. Paper is collected in collection containers, transferred to trucks and delivered to processing facilities and eventually paper recycling facilities for the process of pulping which creates new, recycled-content paper. This process leaves opportunities for breaches and is not a reliable chain of custody for a business to use. Placing paper in waste containers assumes risk as dumpsters allow access to anyone savvy enough to dumpster dive into documents containing social security numbers, addresses and other critical private information. Trash dumpsters on public property have no laws against removing contents. Shredding all paper documents, before recycling, is the best way to protect data and prevent breaches.

NAID AAA Certified businesses operate to standards that ensure security- all paper shredding services must be done in such a manner that paper cannot be reconstructed. Material must be cross-cut shredded and essentially reduced to paper fragments. These paper fragments are just as recyclable as complete documents, making NAID AAA Certified paper shredding the best choice for compliance and sustainability.

Paper shredding companies must comply with state and federal destruction compliance laws; these regulations are ever evolving and vary from state to state.  Document destruction service providers assume a high amount of risk in receiving sensitive data from their clients and in an effort to offer the most secure services possible, many top providers will take the voluntary step of becoming NAID AAA Certified. NAID stands for the National Association of Information Destruction, a non-profit organization that sets standards for the information destruction industry. NAID AAA Certification is the most widely accepted certification for data destruction companies globally. By adhering to NAID-certified procedures, businesses can protect themselves from legal liabilities associated with improper data handling and disposal. If a breach occurs, being NAID AAA certified can show due diligence in following best practices, potentially mitigating legal consequences. Choosing a paper shredding service provider that offers federal and state compliance as well as industry-leading certifications is the best plan towards preventing data breaches.

Find a NAID AAA Certified Company Today >>

The post Shred Day is Every Day appeared first on i-SIGMA.

Every business assumes risk, and a good amount of these risks are foreseeable and therefore relatively preventable.  Other risks are more formidable. When news outlets are reporting data breaches from top global brands regularly; it poses the question: can any business manage the risk of data security?

The best practice for minimizing data security risks is to choose a NAID AAA Certified service provider who can provide guidance to protecting private data that businesses are obligated to safeguard.

NAID AAA Certification is important for businesses that handle paper documents due to several key reasons:

1. Data Security and Compliance: NAID AAA certification ensures that businesses follow strict protocols for the secure destruction of sensitive information. This is crucial for compliance with various data protection laws and regulations, such as HIPAA in the US for healthcare, and other industry-specific guidelines. Proper document destruction helps protect against data breaches and identity theft.
2. Reputation and Trust: Holding NAID AAA certification signals to clients, partners, and stakeholders that a business takes data security seriously. It builds trust and credibility, demonstrating that the company is committed to protecting sensitive information throughout its lifecycle, including during disposal.
3. Legal Protection: By adhering to NAID AAA-certified procedures, businesses can protect themselves from legal liabilities associated with improper data handling and disposal. If a breach occurs, being NAID AAA certified can show due diligence in following best practices, potentially mitigating legal consequences.
4. Operational Efficiency: NAID AAA certification often involves the implementation of standardized processes for information destruction. This can lead to more efficient and consistent practices within a business, reducing the risk of human error and ensuring that all sensitive information is destroyed in a secure and timely manner.
5. Customer Assurance: For businesses that manage client information, having NAID AAA certification provides an additional layer of assurance to customers that their data will be handled responsibly and destroyed securely. This can be a competitive advantage in industries where data security is a significant concern.
6. Audit and Verification: NAID AAA certification involves regular audits and inspections by independent third parties. This ongoing oversight ensures that businesses continuously adhere to high standards of data destruction, providing an objective measure of their security practices.

In summary, NAID AAA certification is crucial for businesses dealing with paper documents as it ensures compliance with legal standards, enhances security, builds trust, reduces legal risks, improves operational efficiency, and provides assurance to customers about the secure handling of their information.

Find a NAID AAA Certified Company Today >>

The post Choosing NAID AAA Certified Paper Shredding Services appeared first on i-SIGMA.

According to our recent poll of almost 200 secure information professionals within our iG Direct E-Newsletter, we asked our members and subscribers, “which is the most important thing for clients to consider before scheduling a shredding service?”. While the most highly ranked answer of things to consider was on-site vs off-site shredding by 22.2% of respondents, all considerations below were closely ranked. Here is a look at ALL things to consider before you schedule your shredding service:

• Types of Materials: Clients should be aware of the types of materials that can be shredded. Not all service providers accept all materials (some may not accept CDs, DVDs, or hard drives), but many accept more than you’d think! Consider bundling your assets to create a package deal with your provider.
  • Tip: Did you know that your fax machine and scanner have a hard drive? Look into your contract and talk with your vendor about your right to wipe your data before returning the machine at the end of your lease.
• Confidentiality Agreements: Clients should consider the level of confidentiality offered by the shredding service, as well as whether or not the service requires clients to sign confidentiality agreements. This can help ensure that sensitive information is not compromised during the destruction process.
• Certification: Clients should look for shredding services that are certified by a third-party industry organization that conducts unannounced audits and ensures the company is adhering to all necessary regulations. For data destruction, you will want to hire an organization that is NAID AAA Certified by i-SIGMA.
• On-site vs Off-site Shredding: Clients should consider whether they want the shredding service to take place on-site, at their own facility via a mobile truck, or off-site, back at the service provider’s facility. On-site shredding can provide added security, as clients can witness the destruction of their sensitive information. Off-site shredding can be more convenient, as the shredding service may provide pick-up and delivery services.
• Cost: While cost is always a consideration factor in the hiring of any business partner and clients should consider the cost of the shredding services being performed along with any storage needs, they should always weigh this against the liability of a data breach.

“If you have a data breach and the issue happened because of the service provider you chose, you’re still responsible – it’s your data,” cautions Kelly Martínez, CSDS, Executive Vice President of Marketing & Operations for i-SIGMA. “And when the investigation happens and you have to demonstrate why that vendor was chosen, there is no regulation in the world that will let you off the hook because you selected based on price over security.”

• Frequency/Recurrence: Purge vs. ongoing service – Deciding how much materials your company has to destroy is an important factor when choosing which partner you will use for your services. Most companies will offer recurring services if desired, or one-time services if there is a large amount of materials accumulated that need to be destroyed. By continuing to have recurring services, this will be the most helpful to your business long term, as sensitive information won’t be sitting around your company for long periods of time.

Before scheduling a shredding service, clients should consider the types of materials that can be shredded, the level of confidentiality offered, the certification of the shredding service, the location of the shredding service, the cost, and the frequency/recurrence. By considering these factors, clients can make an informed decision and ensure that their sensitive information is securely destroyed.

Find a company that is NAID AAA Certified Today: https://members.isigmaonline.org/certifications/directorynaidaaa

The post What to Consider Before Scheduling Shredding Services appeared first on i-SIGMA.

]]> https://isigmaonline.org/done-with-old-electronics-how-to-properly-dispose-of-them-without-security-risks/ Thu, 09 Feb 2023 17:42:12 +0000 https://isigmaonline.org/?p=5825 As technology continues to advance, it is important for businesses and individuals to properly dispose of their electronic devices. While going to a computer recycling company or shredding business can seem like a great way to dispose of your old electronics, there are a few things you should keep in mind beforehand to ensure that […]

The post Done with Old Electronics? How to Properly Dispose of Them Without Security Risks. appeared first on i-SIGMA.

]]> As technology continues to advance, it is important for businesses and individuals to properly dispose of their electronic devices. While going to a computer recycling company or shredding business can seem like a great way to dispose of your old electronics, there are a few things you should keep in mind beforehand to ensure that you are doing so safely and securely.

• Check Certifications: Before scheduling a job and giving away electronics that house confidential information (proprietary business data or personally identifiable information), ensure that the company is certified by recognized organizations such as NAID AAA Certified by the International Secure Information Governance & management Association (i-SIGMA) or e-Stewards Certified by the Basel Action Network which includes NAID AAA Certification. These certifications ensure that the company follows industry standards for the safe and secure disposal of electronics and isn’t just re-selling them. Note, that i-SIGMA did a blind second hand device study and found that over 40% of used devices purchases online still had personal information accessible on them! You don’t want to be a victim.
• Confirm Confidentiality Agreement: If you need to dispose of confidential or sensitive information, make sure to confirm that the company you are hiring has a confidentiality agreement in place. A confidentiality agreement ensures that your data will not be accessed or shared during the recycling or shredding process.
• Confirm Types of Devices Accepted: Not all companies accept the same types of electronics. Before scheduling a job, make sure to confirm that the company can recycle or shred the specific types of devices you need to dispose of, such as computers vs. hard drives, phones vs. tablets, thumb drives, printers, etc.
• On-Site or Off-Site Services: Decide whether you want the shredding or computer recycling to occur on-site at your location or off-site at the company’s facility. On-site services may be more convenient but may come with additional fees. Off-site services may be less expensive but may require you to transport the devices to the company’s location.
• Research and Compare Companies: Do your research and compare multiple companies before making a decision. Look at their services, certifications, and customer reviews to determine the best option for you.

By taking these steps, you can ensure that your shredding or computer recycling experience is safe, secure, and efficient. Remember to keep in mind the types of devices you need to dispose of, your preferred location for the service, and the importance of confidentiality when making your decision.

Find an E-Waste Disposal Firm Today>>

The post Done with Old Electronics? How to Properly Dispose of Them Without Security Risks. appeared first on i-SIGMA.

]]> https://isigmaonline.org/its-data-privacy-week-how-are-you-helping-your-clients-stay-secure/ Tue, 24 Jan 2023 22:26:12 +0000 https://isigmaonline.org/?p=5797 The business world may be shifting its focus to the digital realm, but vigilant cybersecurity is only one aspect of data protection. In fact, Varonis reports that while hacking and malware attacks account for many data breaches, other breaches include much simpler methods including loss or theft of physical hard drives or files, human error, […]

The post It’s Data Privacy Week, Are You Really Secure? appeared first on i-SIGMA.

]]> The business world may be shifting its focus to the digital realm, but vigilant cybersecurity is only one aspect of data protection.

In fact, Varonis reports that while hacking and malware attacks account for many data breaches, other breaches include much simpler methods including loss or theft of physical hard drives or files, human error, insider leaks and payment card fraud.

Three ways to protect your physical data

Whether dealing with personal information or company data, there are steps you can take to properly handle, store, share and dispose of important documents and data.

Shred important or sensitive documents

Tossing paper in a recycling bin may help the environment, but it doesn’t protect you from data breaches. In addition to keeping trade and sensitive information private, there are also laws and regulations in most countries requiring business to protect certain information when it is discarded. Safeguards such as shredding help your business stay in compliance.

Sensitive information includes documents containing:

• Names
• Addresses
• Passwords
• PINs
• Health records
• Banking or payroll
• Travel
• Anything with a signature

Once information is shredded, there may be added steps required to comply with the necessary steps of information destruction. In these situations, using a NAID information destruction contractor can help by establishing:

• How it was destroyed
• Where it was destroyed
• Who destroyed it
• When it was destroyed
• Legal chain of custody
• Fiduciary obligations

As part of the only organization dedicated to increasing the security and ethics of the information destruction industry, NAID members are bound to a strict code of conduct and hold themselves to a higher standard.

Off-site backups

It is a good practice to keep backups of all data, both physical and digital, at a separate location.

Secure servers and locked storage facilities can store data and other files, which can be retrieved if necessary. In the event of fire or flood, theft, accidental breach or systems crash, having backups will be a crucial part of any disaster recovery plan.

Secure workstations

No matter if your company operates in an office or remotely, employees should be equipped with basic data privacy education, including a general understanding of how to handle the data they interact with and why it matters.

Keeping company workstations secure through firewall security, updated antivirus software and setting screens to lock after a set period of inactivity.

Physical workstation setup should also be considered for security. Desks, monitors and whiteboards should be positioned so only the people who need to access the information can easily see it to reduce “shoulder surfing” incidents and prevent unauthorized personnel from inadvertently causing a data breach.

Using a privacy filter on screens and monitors can also reduce the risk of a data breach. These easy-to-install filters go over the monitor and block the display from any viewpoint except straight on.

Weighing privacy versus convenience

Properly practicing and maintaining good privacy habits takes  effort, but properly handling data privacy will save you time, money and stress in the long run.

While it may seem more convenient to circumvent the destruction process and toss a document into the nearest bin, it is not the safest option for protecting information.

This digital privacy week, consider areas where data privacy could be improved and commit to protecting your confidential company and customer data.

Connect with a NAID AAA Service Provider Today >>

This Article Was Written by Robyn Roste, a professional writer living in Canada

The post It’s Data Privacy Week, Are You Really Secure? appeared first on i-SIGMA.

]]> https://isigmaonline.org/i-know-youre-in-a-hurry-but-before-you-decide/ Thu, 09 Jun 2022 14:33:32 +0000 https://isigmaonline.org/?p=5489 When hiring a typical service provider – a painter or carpet cleaner, for instance – it’s expected that you’ll have questions. How much will it cost? When can you be here? How long will it take? There are some services, however – like those where you entrust the vendor with regulated, personal information – where […]

The post I Know You’re in a Hurry but Before You Decide… appeared first on i-SIGMA.

]]> When hiring a typical service provider – a painter or carpet cleaner, for instance – it’s expected that you’ll have questions. How much will it cost? When can you be here? How long will it take?

There are some services, however – like those where you entrust the vendor with regulated, personal information – where regulations require you to investigate more thoroughly before making a decision.

Every organization is legally responsible to protect the personal information of their clients and employees. And, it just so happens, the laws requiring this, also require that the security and compliance of data-related service providers be evaluated before they are hired. As a result, those typical question, such as how much it costs or when they can get there are secondary. In fact, to give a service provider access to other people’s personal information based solely on price or availability is risky and negligent at best… and illegal at worst.

So, while price and availability can certainly be considered when hiring a data-related service provider, it is more important to verify they are certified by a reputable third-party organization and that you obtain their written policies and procedures, and that you review their terms and conditions, and to retain evidence that these items were verified.

(Here are the types of questions NAID AAA Certification or PRISM Privacy+ Certification ask.)

________

Robert Johnson, CSDS, is the CEO of i-SIGMA, and is widely considered one of the leading authorities on information disposition and regulatory compliance.

The post I Know You’re in a Hurry but Before You Decide… appeared first on i-SIGMA.

]]> https://isigmaonline.org/if-certification-is-in-your-plans-now-is-the-time/ Mon, 29 Nov 2021 23:57:33 +0000 https://isigmaonline.org/?p=4363 First of all, it is important to remember that i-SIGMA is a non-profit trade association with a mission to improve market conditions for all its members, and the same was true of NAID and PRISM International before the merger. In its role as a member-owned organization, i-SIGMA provides a robust repertoire of member benefits, including […]

The post If Certification is in Your Plans, Now is the Time! appeared first on i-SIGMA.

]]> First of all, it is important to remember that i-SIGMA is a non-profit trade association with a mission to improve market conditions for all its members, and the same was true of NAID and PRISM International before the merger.

In its role as a member-owned organization, i-SIGMA provides a robust repertoire of member benefits, including state-of-the-art contracts and agreements, marketing materials, regulatory intervention, and educational events. Find the full list and details of all i-SIGMA benefits on the association website, and all members are encouraged to review and make use of them.

Certifications: Included among the benefits of i-SIGMA membership benefits is access to information protection’s two leading service provider certifications, NAID AAA and PRISM Privacy+. With the overwhelming majority of its more than 1,200 member-locations holding one or both of those certifications, they are the most success programs i-SIGMA has offered to date.

By now, it is well known that i-SIGMA membership replaces NAID and PRISM International membership at the end of this month, and that going forward the use of NAID and PRISM will be limited to their respective certifications.

A Personal/Business Decision: Over the years, our surveys have consistently shown that the vast majority of non-certified members fully intend to become certified as soon as they can find the time. And whether now is the right time or not, it is critical for those members to know they are still benefiting from the association’s efforts and their contribution to the association continues to promote client education and adoption of their services.

It is also important, however, for non-certified members to take stock. In a matter of weeks, NAID and PRISM will only be associated with each respective certification program. If past surveys are correct, and certification is a future goal, there is no better time to do it than now; thereby maintaining your link to the two most recognized information protection brands in the world.

How to Become Certified: Becoming Certified is not as complicated as some may think.

1. Meet all required specifications as outlined in the i-SIGMA Certification Specifications Reference Manual
2. Submit a completed certification application
3. Successfully complete an initial scheduled audit verifying all aspects of compliance

Contact the i-SIGMA Certification Department for more information.

Written by Bob Johnson | 30 November 2021

The post If Certification is in Your Plans, Now is the Time! appeared first on i-SIGMA.

]]> https://isigmaonline.org/the-i-sigma-compliance-monitoring-tool-has-arrived/ Wed, 22 Sep 2021 20:00:56 +0000 https://isigmaonline.org/?p=4256 The eagerly awaited i-SIGMA Compliance Monitoring Service has arrived. Starting immediately, many service providers will use it, and soon clients around the world will begin seeing promotions encouraging them to use it too. And, if the underlying assumptions behind its creation are correct, they will eventually come to rely on it as a vital demonstration […]

The post The i-SIGMA Compliance Monitoring Service Has Arrived appeared first on i-SIGMA.

]]> The eagerly awaited i-SIGMA Compliance Monitoring Service has arrived. Starting immediately, many service providers will use it, and soon clients around the world will begin seeing promotions encouraging them to use it too. And, if the underlying assumptions behind its creation are correct, they will eventually come to rely on it as a vital demonstration of their own regulatory compliance. 

Why Did i-SIGMA Create This Service?

All data protection regulations require clients to demonstrate initial and ongoing due diligence when selecting third-party service providers to process personal information. The key word there is “demonstrate.” In fact, when a large investment firm was recently fined after its discarded electronics exposed personal information about its clients, the judgment was based on the fact that they failed to employ “adequate due diligence in selecting a vendor and monitoring its performance.”  This new, free service from i-SIGMA helps organizations fulfill that regulatory obligation by sending out comprehensive compliance reports detailing the qualifications of vendors offering records storage, imaging, scanning, secure shredding, and electronic media recycling.

Of course, the challenge to clients (such as the investment firm) of complying with such regulations is that, 1) they rarely have the bandwidth to perform such due diligence and, 2) even if they did have the bandwidth, they can hardly be expected to know what to look at. Enter i-SIGMA certification programs, which are not only designed to review the relevant regulatory and security overlap, but to do so on an ongoing basis. 

By obtaining the automatic reports issued by the i-SIGMA Compliance Monitoring Service, the client has evidence by which they can demonstrate both initial and ongoing compliance of their service provider. In short, the client themselves gets the tangible benefit of being able to demonstrate their own vendor-selection compliance requirements. 

“We began the service when customers requested that we email them alerts when their service provider renewed or lapsed,” says i-SIGMA CEO Bob Johnson.

“Now, we’ve taken that concept a step further. The service is based on the fact that many data controllers are required to demonstrate initial and ongoing due diligence when they use data-related service providers,” Johnson continues. “And, because NAID AAA and PRISM Privacy+ Certifications address the relevant security vulnerabilities and regulatory overlap, the information verified during audits mirrors what that due diligence should look like.” 

“Essentially,” Johnson added, “they’re supposed to do it, but often don’t what to look at or don’t take the time, so we can do it for them even better than they can.” 

Clearly, any client will see the value of obtaining this free report, and once they are aware it is available will come to insist on it. 

Users of the service will first be brought to a welcome screen, and next will be able to choose their provider that they wish to monitor (as shown below). If the user does not have a provider in mind, they can also find a local service provider.

 

Once the user has selected their service provider, all they have to do is enter their email address (stored anonymously). The report will show up in the user’s inbox within minutes. Future reports will be sent annually as each company renews its certification and whenever they make changes in their serviceswhich may impact the details of their certification on file.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

i-SIGMA is very excited to announce and roll out this eagerly awaited program. For information on certification programs, contact: certification@isigmaonline.org. For technical assistance regarding this tool, please contact: webhelp@isigmaonline.org.

Use the Compliance Monitoring Service Now >>

The post The i-SIGMA Compliance Monitoring Service Has Arrived appeared first on i-SIGMA.

]]> https://isigmaonline.org/what-is-the-correct-particle-size-for-your-destroyed-media-2/ Thu, 29 Jul 2021 00:04:38 +0000 https://isigmaonline.org/?p=4118 It is understandable that most organizations today want to do the right thing when destroying discarded media on which is recorded personal and competitive information. And, in this regard, it is also understandable that their initial focus is determining the appropriate particle size for the media they wish to destroy. Unfortunately, when searching for such […]

The post What is the Correct Particle Size for Your Destroyed Media? appeared first on i-SIGMA.

]]> It is understandable that most organizations today want to do the right thing when destroying discarded media on which is recorded personal and competitive information.

And, in this regard, it is also understandable that their initial focus is determining the appropriate particle size for the media they wish to destroy.

Unfortunately, when searching for such guidance online, the only information available often pertains to government classified information, resulting in unnecessary expense and often a high degree of unnecessary inconvenience.

Here are a few things to consider:

• No data protection regulation in the world specifies a particle size for destroyed paper or electronic equipment. They simply mandate the information be reasonably inaccessible and not reconstructible.
• Most particle size specifications issued by and for government agencies must anticipate that the materials are not controlled after the destruction process.
• Unnecessarily meeting a very small (and irrelevant) particle size can cost 5 to 10 times what would be reasonable by regulators.
• Because of the factors above, requiring an unnecessarily small particle size may discourage compliance by front line employees, which, ironically, ends up putting the organization at greater risk.

Also consider:

• NAID AAA Certified media destruction services are required to demonstrate they prevent access to destroyed particles after the destruction process.
• Commercial media destruction firms destroy large amounts of material from multiple sources, all of which is co-mingled prior to being baled and securely recycled or responsibly discarded.
• Hundreds of thousands of organizations around the world rely on NAID AAA Certified service providers to meet the security and regulatory media destruction requirements.

i-SIGMA is a global, non-profit association dedicated to the proper destruction of discard information for more than 27 years and believes that organization is ultimately responsible for the protection of personal and competitive information in its possession.

The advice above is simply provided to help organizations decide what particle size best meets their needs, while avoiding the expense and risks of acting without a complete perspective.

NAID AAA Certified Company Marketing Resources

Companies who are NAID AAA Certified should use the following resources to use as marketing material for clients asking questions pertaining to particle size:

“What is the Correct Particle Size for Your Destroyed Media?”

“What is the Correct Particle Size for Your Destroyed Media?” – ANZ & UK

Please Note: It is acceptable for Certified members in good standing to also translate this file into other languages

Written by Bob Johnson | 29 July 2021

The post What is the Correct Particle Size for Your Destroyed Media? appeared first on i-SIGMA.

]]>