DataSafe has completed the PRISM Privacy+ certification program, which companies providing outsourced storage and protection of hard copy records and media protection participate in. Privacy+ certification is owned and administered by PRISM International (Professional Records & Information Services Management) and is a not-for-profit trade association for the commercial information management industry. To achieve Privacy+ certified status, companies must establish and have a third-party audit of internal controls designed to preserve information privacy. DataSafe have successfully completed a Third-Party audit of our internal controls, policies and standard operation procedures. DataSafe is committed to ensuring the privacy of our clients’ information always.
The laws, regulations and standards for Health Insurance Portability and Accountability Act (HIPAA), Privacy Rule Payment Card Industry Data Security Standard (PCI DSS), Sarbanes-Oxley Act (SOX), and Fair and Accurate Credit Transaction Act (FACTA) act as privacy guidelines. To request more information on the full list of laws, regulations and standards that act as privacy guidelines, please email: firstname.lastname@example.org. If you need a copy of our Third-Party audit, also referred to as an SSAE 16 Report, please email: email@example.com
Privacy+ is not applicable to related services such as shredding. Shredding services are covered by NAID (National Association for Information Destruction) and is detailed in the next compliance section.
NAID (National Association for Information Destruction) is the standards setting body for the information destruction industry. NAID AAA Certification verifies the qualifications of certified information destruction providers through a comprehensive scheduled and unannounced audit program. DataSafe successfully completed NAID's rigorous certification process - NAID performs annual, unannounced audits on DataSafe’s facilities and each audit was passed. NAID members are audited for mobile, and/or plant-based operations in paper document destruction, micromedia and computer hard drive destruction. DataSafe holds certification for both mobile and plant-based operations.
The destruction specifications for Health Insurance Portability and Accountability Act (HIPAA), Privacy Rule Payment Card Industry Data Security Standard (PCI DSS), and Fair and Accurate Credit Transaction Act (FACTA) are covered by NAID. Working with a NAID certified vendor helps reduces the risk of a data breach. To request more information on what is covered by NAID Certification, please email: firstname.lastname@example.org.