When you work with DataSafe, you can trust that the storage and handling of your confidential records is governed by practices, policies, and procedures designed to meet the highest standards of secure conduct. We understand and accept our responsibility to identify, anticipate, and prepare for any possible risks to the safety and security of your records. Our corporate culture demands that everything we do is deliberate, consistent with industry best practices, and verified through disciplined monitoring and thorough analysis. All DataSafe team members share a deep sense of pride in the manner in which we conduct our business, and in the compliance certifications that we have acheived as a result.
DataSafe is fully compliant with the PCI-DSS requirements related to the protection of clients' data
DataSafe has earned the PRISM Privacy+ certification. To achieve Privacy+ certified status, companies must establish and conduct a third-party audit of internal controls developed to meet a specific set of control objectives designed to preserve information privacy. The control objectives and the Privacy+ certification are owned and administered by PRISM International (Professional Records & Information Services Management), a not-for-profit trade association for the commercial records and information management industry. DataSafe has successfully completed a third-party audit of our internal controls, policies, and standard operating procedures.
The laws, regulations and standards for Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI DSS), Sarbanes-Oxley Act (SOX), and Fair and Accurate Credit Transaction Act (FACTA) act as privacy guidelines. To request more information on the full list of laws, regulations and standards that act as privacy guidelines, please email: firstname.lastname@example.org. If you would like a copy of our third-party audit, also referred to as an SSAE 16 Report, please email: email@example.com.
Privacy+ is only applicable to related services such as Records Storage or Media Storage. Shredding services are covered by NAID (National Association for Information Destruction) certification and is detailed in the next compliance section.
DataSafe is NAID AAA Certified to provide compliant destruction services
NAID (National Association for Information Destruction) is the standards setting body for the information destruction industry. NAID AAA Certification verifies the qualifications of certified information destruction providers through a comprehensive program of both scheduled and unannounced audits. DataSafe successfully passed NAID's rigorous certification audits of DataSafe’s facilities. NAID members are audited for mobile and/or plant-based paper document destruction, and media and hard drive destruction operations. DataSafe holds certification for both mobile and plant-based operations.
By earning NAID AAA Certified status, DataSafe also meets the destruction specifications for the Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI DSS), and the Fair and Accurate Credit Transaction Act (FACTA) as well. To request more information about the NAID AAA Certification, please email: firstname.lastname@example.org.