How to Choose a Secure Destruction Service

Because of the added convenience, security and economy, choosing an outside service to destroy discarded information is growing in popularity. For large organisations, it is now the most common method to fulfill this responsibility.

However, because of increasing demand by customers unfamiliar with the service, these customers sometimes choose a company with no regard for security who often make claims that are untrue. The good news it that with a little care, you can make sure you are dealing with a reputable company.

1. To protect your organisation, the requirements of any company that will be selected to provide secure destruction services should be written down in advance.
2. Never do business with a company trying to lead you to believe that "recycling" is destruction. General recycling lacks many of the elements necessary for compliance with the Data Protection Directives, including the how, who, where and when of destruction.
3. Require any service provider that will provide your organisation with secure destruction to have written policies and procedures.
4. If the service is not provided at your facility, inspect the trucks that will transport the materials and visit the facility at which the destruction will occur prior to awarding any business.
5. Require the contractor to conduct background screening of employees.
6. Require a contract with the company which will perform the destruction services that binds them to adhere to the requirements of the Data Protection Directives.
7. Make sure to receive approved samples of the particle sizes produced by the company as a method to determine continued compliance over time.
8. Conduct periodic unannounced audits of the destruction facility to test access control and particle size.
9. Require that the destroyed materials are discarded in a secure manner.
10. Alternatively, review the NAID Certification Specifications to formulate your destruction requirements, or select a NAID Certified contractor.