Partnering with a NAID Member May Not be Enough to Protect Your Data

November 8th, 2019

National Association for Information Destruction (NAID©) is THE international trade association for companies providing information destruction services. Also, NAID is THE standards-setting body for the information destruction industry.

Top information security professionals developed the Association’s certification program that verifies a provider’s qualifications through a comprehensive series of scheduled and unannounced audits. Thousands of private and governmental organizations around the world recognize NAID’s certification program, and many of them require using NAID-associated firms for data destruction.

Seems simple enough. To ensure your data is protected, just work with an Information Technology Asset Disposal (ITAD) firm that displays the NAID logo. Unfortunately, it’s not that cut and dry because displaying the NAID logo can mean various things.

Understanding the Difference Between NAID Membership and Certifications
NAID membership is open to companies providing secure information destruction services, as are individuals. Suppliers of products, equipment and services to destruction companies also are eligible for membership.

Being a NAID member does not mean one is NAID certified, similar to having a laptop doesn’t make one an IT consultant. In fact, the NAID Certification Program is offered on a voluntary basis to all NAID active member companies providing information destruction services.  It is not mandatory to be NAID certified to be a NAID member.

NAID AAA certification verifies that protocols are in place, guaranteeing the security of confidential material throughout the destruction process, including:

  • Transfer of custody
  • Handling
  • Transporting
  • Storing
  • Destroying
  • Responsibly disposing of data-bearing materials

 

The certification process is designed to ensure global enterprises adhere to the laws and regulations enacted to protect PII and confidential data, including PCI, HIPAA, HITECH, FACTA, GLBA, NERC, FISMA, and Sarbanes-Oxley.

If a NAID member operates in multiple locations, each location must submit an application and pass an audit to be certified. NAID members who receive certification must specify which location is certified in company literature when referencing the NAID Certification Program. Meaning, just because an ITAD firm is NAID certified, it doesn’t mean that every location it has is certified. Due diligence must be performed to verify the location handling your IT assets is NAID certified.

In Which Areas Can ITAD Companies be NAID Certified?
NAID members may seek certification for mobile and/or plant-based operations in paper/printed media, micro media, physical hard drive and non-paper media destruction. The NAID certification program establishes standards for secure destruction process including areas in security, employee screening, operational destruction process and insurance.

SYNETIC IS CERTIFIED IN THE FOLLOWING

Mobile

Plant-Based

NAID Membership is One Thing, but Certifications Demand Hard Work
Synetic Technologies has been a NAID member for years, and our team worked hard to earn NAID AAA certification for both mobile and plant-based electronic data sanitization and destruction. In fact, we have aligned from the beginning our operational protocols with NAID’s high standards.

READ: Data Annihilator™ – Certified Virtual or Physical Destruction

This certification is validation that Synetic Technologies is providing its clients with the strongest and highest level of data security the industry has to offer, ensuring them peace of mind that all legal due diligence requirements are being fulfilled every time.