Cascade is a Certified to the NAID AAA Electronic Media Standard
which offers the best assurance of secure data destruction for our customers
Scope of Certification
Cascade's NAID AAA Certification is for: Onsite & Plant-based Computer Hard Drive Sanitization and Solid State Overwrite Operations, including Onsite & Plant-based Physical Hard Drive destruction, Electronic Media, SSD, & Non-Paper Media destruction for both Cascade's Indianapolis, IN and Madison, WI facilities. See copies of our current NAID AAA Certifications for Madison (expires 11-30-2021) and Indianapolis (expires 11-30-2021).
If a customer elects to ship their items to Cascade for processing or third party transport is used to deliver items to Cascade for processing, then the transportation of those items does not fall in the scope of Cascade's NAID AAA certification. Learn more about a secure chain of custody through Cascade's NAID certified processes and transportation here.
If a customer chooses to not allow Cascade to inventory and track any data bearing assets throughout the disposition process, they lose sight of the traceability of our data destruction processes. Customers are required to sign a Serial Number Recordation Opt-Out Agreement to allow for this service and to confirm their understanding that this process is outside the scope of our NAID AAA certification.
Cascade provides on-site degaussing services for magnetic media (hard drives and tapes). Cascade's degausser is not covered by our NAID AAA certification.
The National Association for Information Destruction (NAID) AAA Certification Program is a voluntary program for NAID member companies providing information destruction services. Through the program, NAID members are audited for mobile and/or plant-based operations in paper or printed media, micromedia, computer hard drive destruction, and/or computer hard drive sanitization.
How it works
- NAID is the standards setting body for the information destruction industry. NAID AAA Certification verifies the qualifications of certified information destruction providers through a comprehensive scheduled and unannounced audit program. This rigorous process supports the needs of organizations around the world by helping them meet numerous laws and regulations requiring protection of confidential customer information:
- FACTA Final Disposal Rule requires the destruction of all consumer information before it is discarded. Covered entities must monitor compliance of any organization contracted to destroy consumer records.
- The FACTA Red Flags Rule requires audits of data-related vendors with access to personal information of customers.
- Under HIPAA, covered entities may be subject to civil penalties for misconduct of its business associates that lead to a security breach. Working with a NAID certified vendor reduces the risk.
- Business associates of covered entities must comply with technical, administrative and physical safeguard requirements under the HIPAA Security Rule. For more information on HIPAA, see "Common misconceptions about HIPAA and data destruction."
- The media destruction specifications of PCI compliance require the following, all of which NAID certification requires and verifies:
- 9.10.1.a: Verify that hard copy materials are crosscut shredded, incinerated or pulped such that there is reasonable assurance the hard copy materials cannot be reconstructed.
- 9.10.1.b: Examine storage containers used for information to be destroyed to verify the containers are secured. For example, verify that a to-be-shred container has a lock preventing access to its contents.
- 9.10.2: Verify that cardholder data on electronic media is rendered unrecoverable via a secure wipe program in accordance with industry-accepted standards for secure deletion or otherwise physically destroying the media (e.g., degaussing).
- NAID’s certification program was developed by information security professionals and recognized by thousands of private and governmental organizations around the world.
- All regional, third party NAID auditors have earned the Certified Protection Professional accreditation from ASIS International and are extensively trained on all certification audit procedures and requirements.
- NAID certification auditors verify that protocols are in place to ensure the security of confidential material throughout all stages of the destruction process such as handling, transporting, storing materials prior to destruction, and destroying and disposing of materials responsibly. This also includes any transfer of custody scenarios.
- An extensive, three-level background screening process verifies that no individual with a known history of related crimes will be handling confidential material.
- A regimented, comprehensive unannounced audit program means that certified companies operate knowing they may receive an unannounced audit on any day, at anytime, providing a powerful motivator for ongoing compliance.
- The Certification Review Board tracks reports of non-compliance and takes immediate remedial action to bring certified companies back into compliance. Repeat or serious infractions will result in fines and may result in removal of certification.
Click here to view the NAID AAA Certification video “Beyond the Claims and Promises”