Security Self-Assessment

Here are Some Questions to Consider About Your Company’s Security:

• Are you aware of state and federal privacy laws that relate to your business?
• Are you concerned about trade secrets or corporate espionage?
• Who in your office is responsible for maintaining compliance?
• Who is trained for an information breach?
• Have your employees been trained on privacy legislation?

No matter what industry your business falls under, there are rules and regulations that affect how your company stores and discards its data. Assigning someone to enforce compliance, take charge in case an information breach does occur, and train employees on proper security practices is critical. If you fail to comply to these privacy laws, you could face large fines and other penalties or unrepairable harm to your company.

What Does Your Company’s Shredding Policy Look Like?

• Does your office shred confidential documents?
• If documents are shredded, how is destroyed material disposed?
• What are you currently shredding?
• Does your organization have a policy in place to address the storage and destruction of confidential data? If so:
  -Is it a written policy?
  -Who is accountable for policing it?
  -Is there a process for storage devices like discs, drives, etc?
  -Who is responsible for shredding documents?
  -Are documents shredded onsite or offsite?

Shredding confidential documents is often the easiest and most secure way to meet privacy laws. However, there are many advantages over using a professional paper shredding company versus an in-office shredder. While paper shredders can shred records and files, paper shredding companies can destroy documents, R&D files, sales records, legal files, leases/contracts, medical records, purchasing records, tapes, X-Rays, disks/hard drives, and more. Additionally, paper shredding companies are more efficient, affordable, and recycle the shredded material after it is destroyed. Creating a specific, detailed data destruction policy will benefit your business.

How Does Your Company Handle Confidential Data?

• Do you separate confidential and non-confidential information?
• Who decides what is confidential and non-confidential?
• Are documents saved in open, unsecured areas of the office?
• Do visitors walk through the office unescorted?
• Is there a documented chain of custody (Signed Certificate of Destruction) to establish process patterns and for audit purposes?
• Would you worry if any trash or recycling went public?

Taking a look at how your business handles confidential data at least once a year can help you find possible loopholes in your system. Shredding all information, whether confidential or not prevents security risks. Factors such as storing documents in open areas, allowing unescorted visitors in the office, and disposing of papers in the trash or standard recycling workflows can all harm your company’s brand, reputation, and image.

Is There Room for Errors in Your Company’s Security?

• Do any employees work remotely?
• Are documents stored offsite?
• Does your organization archive using imaging, scanning, etc?
• Do you have signage regarding information-security?
• Do all departments have access to containers?

Other factors can pose a threat to your company’s security, including: employees who travel or work at home, storing documents offsite, and more. Implementing certain practices, such as document scanning, publishing signs with information-security instructions, and making sure every department in your office has access to a shredding container can be a great help.

What Does the Relationship with Your Current Shredding Contractor Look Like?

• Do you do semi-annual process reviews with your shredding contractor to ensure your process addresses current risk levels?
• Is your shredding contractor certified by ISO for quality and satisfaction standards, and by NAID AAA for compliance?
• Can your current provider train on document security risks?
• Can you demonstrate that you have taken reasonable actions to protect private information?
• On a scale of 1 to 10, how comfortable are you that your information-security processes are compliant and sufficient?

After completing your self-evaluation, you may have realized you need help with your company’s information security. Your current shredding contractor should be able to provide assistance. However, if you do not feel 100% certain you are handling confidential data correctly, you may want to switch to PROSHRED® of Houston.

Our team is ISO and NAID AAA certified for our dedication to quality, satisfaction standards and compliance. We provide semi-annual process reviews to make sure your shredding policy is performing its best. Even more, we offer training on document security risks so your whole office will understand how to correctly store and discard confidential data.

Get started! Contact PROSHRED® of Houston today and receive a comprehensive security and compliance assessment. Call today! (832) 947-5700