The NAID AAA Certification® Program for secure information destruction operations has been around since 2000 (six years after the association’s founding). Here are answers to some of the most Frequently Asked Questions (FAQs) related to the program.
How can NAID AAA Certification help me grow my business?
NAID AAA Certified companies are eligible to compete for the business of thousands of private secure destruction contracts and RFPs, and hundreds of government offices where NAID AAA Certification is required. More importantly, however, NAID AAA Certified service providers have the advantage of being pre-qualified as meeting the requirements of all data protection regulations. When the client understands they are legally required to verify service provider regulatory compliance, they naturally show preference to the service provider who has already verified it.
Does NAID AAA Certification help me with my long-term exit strategy?
Yes. Any business broker or potential buyer will tell you that the value of your company is more when you can show that it is well-managed under standardized procedures, that it is compliant with regulations, and that it holds contracts that based on its credentials.
To what types of secure destruction operations does NAID AAA Certification apply?
NAID AAA Certification applies to all types of secure destruction operations and is divided into two separate programs: one that applies to physical destruction operations and another that applies to electronic media overwriting operations. Within each program, there are “endorsements” that further define the specific nature of the certification. These endorsements indicate whether a firm is certified for on-site (mobile) or off-site (plant-based) services, the types of media it is certified to destroy (paper, hard drives, micromedia). There is even an endorsement for meeting Australian Protective Security Policy Framework which is recognized government offices there.
Do I have to be a NAID Member in order to be NAID AAA Certified?
Are membership dues and the certification fees the same?
No. i-SIGMA Membership and NAID AAA Certification are two separate programs, with two separate fees, both of which need to be paid annually. In order to be NAID AAA Certified, you must be an i-SIGMA Member in good standing. Therefore, all membership dues must be maintained in order to be NAID AAA Certified. Membership dues follow a calendar year renewal. Certification renewal fees are paid on the anniversary of your initial approval.
What is the Certification Review Board?
The Certification Review Board is the governing board of NAID AAA Certification. They are responsible for approving/denying certification and can assess points or fines to the members for discrepancies found during their audits.
What happens if a company claims to be NAID AAA Certified but isn’t?
Once you are an Active Member of i-SIGMA you can apply for NAID AAA Certification. Please submit the appropriate certification application along with the applicable fees to [email protected]. Once the application is completed, it will be assigned to a i-SIGMA auditor. The auditor will contact you to schedule the audit. They will report their findings back to i-SIGMA. If compliant, your audit will be forwarded to the Certification Review Board for final approval. If approved, you will receive an email notification along with NAID AAA Certification assets, be listed in the i-SIGMA Directory as certified, and receive a certificate showing your status.
How long does it take to become NAID AAA Certified?
Once NAID receives a completed application, NAID AAA Certification typically takes 4-8 weeks. Often, applications are not submitted complete.
What is the difference between Mobile Operations and Plant-based Operations?
Mobile Operations is completed via destruction equipment in a mobile vehicle at the customer’s site to allow the customer the opportunity to witness the destruction taking place, if they chose to do so. Plant-based Operations is completed via stationary equipment in a secured building.
What is the difference between a Collection Facility and a Transfer Processing Station (TPS)?
A Collection Facility and a TPS are both temporary secured locations, where the confidential material is stored prior to being destroyed via a Plant-based Operation. A Collection Facility must abide by the same requirements as a Plant-based Operation, with the exception of the destruction equipment and CCTV system. With a Collection Facility, the confidential material is not processed and therefore the bins are secured at all times and never opened. The confidential material must be transferred to the Plant-based Operation within 3 business days for destruction. A TPS must abide by the same requirements as a Plant-based Operation, with the exception of the destruction equipment. With a TPS, the confidential material is able to be processed and therefore a TPS must be audited. The confidential material must be transferred to the Plant-based Operation within 15 business days for destruction.
What if the Customer at an onsite job doesn’t want to come out to the truck to watch? Is the work still NAID AAA Certified?
Yes. As long as the customer has the opportunity or option to witness the destruction, then the mobile destruction operation is still considered NAID AAA Certified.
I utilize a drop off service for customers and use my mobile vehicle to shred the confidential information. Would this be considered NAID AAA Certified?
As long as the customer stays to witness the destruction being performed, then it could be considered NAID AAA Certified. However, if the customer leaves and is unable to witness the destruction, the service is not considered NAID AAA Certified and the customer must be notified in writing of such.
Can I use my mobile truck inside to offer NAID AAA Certified Plant-Based Destruction?
Yes. To do so, please submit the form, Provisional Exception Request for the use of Mobile Destruction Equipment in a Plant-based Operation. The exception request will be forwarded to the Certification Review Board for approval. If approved, you will be required to undergo an audit for this operation.
Do I need 90 days of CCTV recordings to become NAID AAA Certified?
Yes. All criteria must be adhered to in order to be NAID AAA Certified. Therefore, prior to submitting your certification
application, we ask that you have 90 days of CCTV recordings in place. Failure to have 90 days of recordings may results in a denial of certification from the Certification Review Board.
Can the CCTV system have motion sensors?
Yes. However we ask that there is enough lighting during non-business hours to recognize the face of the person in the plant, and we ask that you have 90 days of CCTV recordings in place. Failure to have 90 days of recordings may results in a denial of certification from the Certification Review Board.
Can I hire Temps as helpers and still be NAID AAA Certified?
Yes. To do so, you must have a letter on file stating that the temp agency is aware that the material is confidential, they accept fiduciary responsibility of the material, and that their employees have had background checks which consist of the same requirements as NAID AAA Certification.
I am the owner of the business. Do I need to undergo the employee screening requirements?
If you are involved in the day-to-day operations, then you must undergo all the employee screening requirements. However, if you are not involved in the day-to-day operations, then you are exempt from the I-9 form, drug screening and employment verification.
How much does it cost to become NAID AAA Certified?
The certification fees range from $1,000 USD to $4,500 USD and are dependent upon the type of operations performed (Mobile, Plant-based, Sanitization, Degaussing, etc.). The certification fees are due annually on the month the member’s certification expires. Fees are all inclusive, already including processing fees, any auditor fees, auditor travel expense, etc.
Where can I find the requirements for NAID AAA Certification?
I have a multi-location operation. How is this different?
i-SIGMA offers programs for companies with multi-location operations. In order to qualify for the program, an applicant must have at least three (3) destruction locations and must be committed to achieving 100% compliance with the NAID AAA Certification specifications at all information destruction-related locations and agreeing that all such facilities will be subject to the scrutiny of audits. Contact the Certification Department for specifics regarding the multi-location program that best meets your company’s needs. [email protected] | +1 602-788-6243
Is there someone who can help walk me through the NAID AAA Certification process?
Yes, the association offers a number of resources to assist you in becoming certified.
The NAID AAA Certification Program Department – The association has staff available to answer your questions. Contact staff anytime at [email protected] or +1 602-788-6243
NAID AAA Certified Consultants – NAID offers a list of consultants available for hire to assist your company in the certification process, available in the Online Market with additional approved consultants also available
Peer-to-Peer Certification Assistance Program – Contact the NAID AAA Certification Support Committee Chair, Margaret Meier, CSDS to be connected with another company already NAID AAA Certified, so that you can talk with someone who has walked this path before
Attend a Conference Session – Register to attend the i-SIGMA Annual Conference & Expo, which offers excellent sessions and exhibit hall opportunities to learn more about the benefits and of becoming NAID AAA Certified and how to utilize it as a sales tool
How do I stay up to date on certification program updates?