-->
Skip to main content

NAID Security Certification

Sign up here for automated notification of any changes to Cascade's certification status in Madison or sign up here for a free, automated notification of any changes to Cascade's NAID certification status in Indianapolis.

 


 

Cascade is a Certified to the NAID AAA Electronic Media Standard

which offers the best assurance of secure data destruction for our customers

 

Scope of Certification

Cascade's NAID AAA Certification is for: Onsite & Plant-based Computer Hard Drive Sanitization Operation, including Onsite & Plant-based Physical Hard Drive destruction, Electronic Media & Non-Paper Media destruction for both Cascade's Indianapolis, IN and Madison, WI facilities. See copies of our current NAID AAA Certifications for Madison and Indianapolis.


Purpose

The National Association for Information Destruction (NAID) AAA Certification Program is a voluntary program for NAID member companies providing information destruction services. Through the program, NAID members are audited for mobile and/or plant-based operations in paper or printed media, micromedia, computer hard drive destruction, and/or computer hard drive sanitization.


How it works

  • NAID is the standards setting body for the information destruction industry. NAID AAA Certification verifies the qualifications of certified information destruction providers through a comprehensive scheduled and unannounced audit program. This rigorous process supports the needs of organizations around the world by helping them meet numerous laws and regulations requiring protection of confidential customer information:
    • FACTA Final Disposal Rule requires the destruction of all consumer information before it is discarded. Covered entities must monitor compliance of any organization contracted to destroy consumer records.
    • The FACTA Red Flags Rule requires audits of data-related vendors with access to personal information of customers.
    • Under HIPAA, covered entities may be subject to civil penalties for misconduct of its business associates that lead to a security breach. Working with a NAID certified vendor reduces the risk.
    • Business associates of covered entities must comply with technical, administrative and physical safeguard requirements under the HIPAA Security Rule. For more information on HIPAA, see "Common misconceptions about HIPAA and data destruction."
    • The media destruction specifications of PCI compliance require the following, all of which NAID certification requires and verifies:
      • 9.10.1.a: Verify that hard copy materials are crosscut shredded, incinerated or pulped such that there is reasonable assurance the hard copy materials cannot be reconstructed.
      • 9.10.1.b: Examine storage containers used for information to be destroyed to verify the containers are secured. For example, verify that a to-be-shred container has a lock preventing access to its contents.
      • 9.10.2: Verify that cardholder data on electronic media is rendered unrecoverable via a secure wipe program in accordance with industry-accepted standards for secure deletion or otherwise physically destroying the media (e.g., degaussing).
  • NAID’s certification program was developed by information security professionals and recognized by thousands of private and governmental organizations around the world.
  • All regional, third party NAID auditors have earned the Certified Protection Professional accreditation from ASIS International and are extensively trained on all certification audit procedures and requirements.
  • NAID certification auditors verify that protocols are in place to ensure the security of confidential material throughout all stages of the destruction process such as handling, transporting, storing materials prior to destruction, and destroying and disposing of materials responsibly. This also includes any transfer of custody scenarios.
  • An extensive, three-level background screening process verifies that no individual with a known history of related crimes will be handling confidential material.
  • A regimented, comprehensive unannounced audit program means that certified companies operate knowing they may receive an unannounced audit on any day, at anytime, providing a powerful motivator for ongoing compliance.
  • The Certification Review Board tracks reports of non-compliance and takes immediate remedial action to bring certified companies back into compliance. Repeat or serious infractions will result in fines and may result in removal of certification.

Click here to view the NAID AAA Certification video “Beyond the Claims and Promises”