Posts Tagged ‘British Security Industry Association’
The threat of a £500,000 fine from the ICO is preying on everyone’s minds. And unfortunately, there are some ruthless shredding services companies out there jumping on the bandwagon by offering what they claim to be a secure document destruction solution…
But before agreeing to what, on the surface may seem a good deal, dig a little deeper and consider the following;
1. Is the shredding company accredited?
Check if the shredding company you’re considering is registered with the British Security Industry Association (BSIA), the United Kingdom Secure Shredding Association (UKSSA) and the National Association of Information Destruction (NAID). As an accredited member, companies offering shredding services are required to adhere to stringent standards including EN15713. This ensures the security of all aspects of their business; from their premises, vehicles and employees through to the size the materials are shredded to.
2. Will you be provided with evidence of document destruction?
Following document destruction, you should be issued with a certificate of destruction detailing the type of material destroyed, the amount destroyed and the date it was destroyed on. Each document destruction certificate should also contain a unique reference number which means you are provided with a complete audit trail of the shredding service.
3. Are their employees security checked?
Due to the secure nature of the role, it’s important to ensure the personnel handling your confidential information are security cleared. Check if they are cleared to EN15713 standard “Security Screening of Personnel Employed in a Security Environment”and if they have completed Criminal Records Bureau disclosures or Disclosure Scotland.
4. Do they offer an on-site shredding service?
Using an on-site document destruction company guarantees the security of your documents – your confidential, sensitive material is destroyed on site and in your view.
If an off-site service suits you better, make sure the material collected is destroyed within 24 hours. Also, ensure the transportation of the material is “trackable” and the document destruction and recycling facility itself is fully secure.
5. Does the shredding company provide secure storage containers?
Are these containers secure and lockable? Are they high quality and do they look good? Will they help you decide how many you need and will they fit in with the rest of your office furniture?
6. Can they provide a national and flexible service?
Is the mobile shredding company regularly in your area? Do they have a base in the area? Check to ensure that alongside a regular scheduled shredding service, they have the flexibility and capacity to accommodate ad hoc collections and large “clutter clearouts”.
7. How environmentally friendly are they?
Review their green credentials. Check if they have ISO14001 status. What happens to your materials once they’re destroyed – are they recycled? Do they operate a tree planting scheme? Do they operate green routes as well as using lighter, quieter vehicles to further reduce their carbon footprint?
8. Will they securely destroy other media?
Its not just paper that contains sensitive and confidential information. Hard drives, memory sticks, CDs/DVDs and laptops can all still store confidential files even after deletion and should be completely destroyed.
9. What insurances do they have?
Make sure the shredding company you decide to use is properly covered. Check they have up to date employers’ liability, public liability and product liability. Professional indemnity insurance is also a bonus.
10. How do they manage their processes?
ISO9001 is the internationally recognised standard for quality management and by working with an ISO9001 registered shredding company you can be assured quality and customer focus is at the forefront of what they do.
SECURITY experts are warning all organisations to beware of unregulated one man bands entering the data destruction sector and urge all businesses to use British Security Industry Association (BSIA) fully accredited shredding companies.
As ID fraud and security move higher up the news agenda a plethora of shredding companies have entered the confidential data destruction market to capitalise on this. This coupled with the news that businesses of all sizes are trying to reduce costs, means a host of companies could be looking to employ cheaper off site shredding companies to destroy public confidential information.
Recent data security breaches include last week’s news that police were investigating the contents of a computer memory stick said to contain sensitive anti-terror material which was reportedly found in the street outside a police station in Stalybridge, Greater Manchester. Furthermore Zurich Insurance was recently fined £2.3m by the Financial Services Authority (FSA) for losing personal details of 46,000 customers.
Jim Watson, managing director of Shred Easy, one of the UK’s largest confidential data destruction companies, said:
“These non regulated one man bands may offer a cheaper shredding service at the outset but do you know how secure your data is? Ask your data destruction company to provide you with an on site shredding service so you can see your waste being destroyed. Also demand a Certificate of Destruction which confirms the time and date of the destruction. When you’re dealing with highly sensitive information like medical records, addresses and bank details it’s imperative they are securely destroyed.
“I’m calling for greater recognition of accreditation in the security sector. Look out for shredding companies who have BSIA / UKSSA / NAID certification. This ensures a high quality and reliable data destruction service that’s delivered by fully qualified shredding businesses guaranteeing peace of mind.”
Daren Wood, northern regional general manager at the BSIA, said:
“We would advise any businesses dealing with confidential data to choose a trusted information destruction supplier who will dispose of it correctly and in accordance with current laws. The BSIA is a great place to start when sourcing a reputable shredding service supplier, as all of our members meet strict criteria and adhere to high standards of quality.”
Key questions to ask a data destruction company before employing them:
- How does the company recycle the data?
- Can you see the data being destroyed in front of you?
- What proven quality and Security Association membership does the shredding provider have?
- Who is handling your data? What checks have been carried on the operatives?
- Can the company provide client references?
As the UKs leading confidential document and data destruction company, we have boosted our team by employing a new compliance manager.
Nigel Boothby, 44, who has 23 years experience of maintaining security procedures, health and safety, operational procedures and quality systems, has been employed as head of compliance to maintain our rigorous professional and customer service standards.
Working with our existing environmental and quality management teams, he will also ensure a consistent and co-ordinated approach to maintaining our international ISO9001 and ISO 14001 accreditations.
We are at the forefront of the security sector and we are fully compliant with all professional, quality and environmental management systems, as well as health and safety and security regulations. By having Nigel in place ensures the highest levels of compliance going forward.
Jim Watson, managing director of Shred Easy, said:
“Nigel’s job is to ensure consistency and maximise security for clients. This demonstrates our commitment to providing the most secure solution in operation by consistently adhering to all security, quality and environmental standards for customers. Shred Easy are the only company operating in the secure destruction business that has set up this compliance role to ensure our customers benefit from the most secure and compliant service available. Our accreditations have all been achieved after completing intensive assessments relating to everything from the security of our facilities to the cutting width of the paper we shred.
“This issue has become increasingly important as the Information Commissioner’s Office (ICO) has increased penalties for businesses failing to destroy confidential data to £500,000. So it’s now more important than ever to be compliant.”
We are members of the the British Security Industry Association (BSIA), the UK Security Shredding Association (UKSSA), the European National Association for Information Destruction (NAID), and has UKAS accredited ISO 9001 and 14001 registrations.