ABOUT >

COMPLIANCE

When you work with DataSafe, you can trust that the storage and handling of your confidential records is governed by practices, policies, and procedures designed to meet the highest standards of secure conduct. We understand and accept our responsibility to identify, anticipate, and prepare for any possible risks to the safety and security of your records. Our corporate culture demands that everything we do is deliberate, consistent with industry best practices, and verified through disciplined monitoring and thorough analysis. All DataSafe team members share a deep sense of pride in the manner in which we conduct our business, and in the compliance certifications that we have acheived as a result.

Prism International Privacy+ Certification

DataSafe is fully compliant with the PCI-DSS requirements related to the protection of clients' data

DataSafe has earned the PRISM Privacy+ certification. To achieve Privacy+ certified status, companies must establish and conduct a third-party audit of internal controls developed to meet a specific set of control objectives designed to preserve information privacy. The control objectives and the Privacy+ certification are owned and administered by PRISM International (Professional Records & Information Services Management), a not-for-profit trade association for the commercial records and information management industry. DataSafe has successfully completed a third-party audit of our internal controls, policies, and standard operating procedures.

The laws, regulations and standards for Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI DSS), Sarbanes-Oxley Act (SOX), and Fair and Accurate Credit Transaction Act (FACTA) act as privacy guidelines. To request more information on the full list of laws, regulations and standards that act as privacy guidelines, please email: info@datasafe.com.

Privacy+ is only applicable to related services such as Records Storage or Media Storage. Shredding services are covered by NAID (National Association for Information Destruction) certification and is detailed in the next compliance section.

NAID Certification Logo

DataSafe is NAID AAA Certified to provide compliant destruction services

NAID (National Association for Information Destruction) is the standards setting body for the information destruction industry. NAID AAA Certification verifies the qualifications of certified information destruction providers through a comprehensive program of both scheduled and unannounced audits. DataSafe successfully passed NAID's rigorous certification audits of DataSafe’s facilities. NAID members are audited for mobile and/or plant-based paper document destruction, and media and hard drive destruction operations. DataSafe holds certification for both mobile and plant-based operations.

By earning NAID AAA Certified status, DataSafe also meets the destruction specifications for the Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI DSS), and the Fair and Accurate Credit Transaction Act (FACTA) as well. To request more information about the NAID AAA Certification, please email: info@datasafe.com.

NAID Certification Logo

SSAE 18

KirkpatrickPrice a licensed CPA and PCI QSA firm, performs periodic audits and appropriate testing of DataSafe’s controls to deem us SOC 1 Type II and HIPAA compliant. KirkpatrickPrice provides assurance services to over 600 clients in more than 48 states, Canada, Asia, and Europe. The firm has over 12 years of experience in information security and compliance assurance by performing assessments, audits, and tests that strengthen information security and internal controls. KirkpatrickPrice most commonly provides advice on SOC 1, SOC 2, HIPAA, HITRUST CSF, PCI DSS, ISO 27001, FISMA, and CFPB frameworks.

SOC 1 attestations verify that companies have the proper internal controls and processes in place to deliver high quality services to its clients. A Service Organization Control 1 (SOC 1) engagement is an audit of the internal controls (policies, procedures, and technology) which a service provider has implemented to protect client data. SOC 1 engagements are primarily designed to report on the controls of Service Organizations that are relevant to their client’s financial statements and evaluate the productivity of those controls. SOC engagements were established by the American Institute of Certified Public Accountants (AICPA).

NAID Certification Logo

HIPAA

The Health Insurance Portability & Accountability Act (HIPAA) sets privacy standards on medical information. We follow specific protocols set by HIPAA to provide excellent protection for our clients’ information. Our employees go through additional rigorous HIPAA training annually to stay up to date on new laws and security protocols, so they can perform to the utmost of their abilities. This knowledge and training helps our employees uphold our standards for compliance and safety of client information.