What Kind of Audit Documentation Should I Have from My Shredding Company?
While NIST Special Publication 800-88 (Revision 1) might not be an ordinary water cooler topic at your business, it is a fairly integral part of understanding audit documentation.
Audit documentation concerns the way that we handle destruction of documents, but also hard drives, CD-ROMs, and other media. This article discusses what you should expect in terms of audit documentation from your shredding company or other asset disposition specialist.
NIST is an acronym that stands for “National Institute for Standards and Technology.” NIST sets standards on technology, as you might expect. It is part of the United States Department of Commerce.
NIST Special Publication 800-88 (Revision 1) basically sets the standards for how thoroughly sensitive data should be deleted. These standards are especially important for federal agencies.
This brings us to the essential question of the day: What kind of audit documentation should you have? The short answer is, “It depends.”
SEAM is a member of NAID, an acronym that’s got a very long history — or at least one that goes back to the 1980s. The original name of the group was the “National Association for Information Destruction,” although no one calls it that anymore. NAID certification is important for companies that shred federal documents.
It’s important to note that NAID is a trade association, an industry group. As a member, SEAM adheres to NAID best practices. We welcome customers to tour our secure facility.
The point is this: SEAM has all of your needs for audit documentation covered.
With respect to shredding and audits, it is important to note that we have created a uniquely transparent chain-of-custody for our customers. With mobile shredding, customers can even watch documents and devices get destroyed on-site. The destroyed materials are securely transported away for final processing.
Chain-of-custody tracking helps you with audit documentation. Our detailed reports include transactional and asset-based data, ensuring compliance with corporate data security policies.
Here are some of the reports you can generate through our portal:
- Transport and receiving reports
- Detailed audit reports
- Equipment serial number or asset tag reports
- Hard drive serial number reports
- Certificates of destruction and recycling
We offer 24/7 portal access. SEAM can even provide detailed reports about every asset used to process your data, including the make, model, serial numbers, counts, weights, and dates processed.
The general rule for tax documents is to wait seven years before shredding—but most other documents do not need to wait seven years. Anything that does not need to wait seven years should be destroyed — and destroyed properly — with a certificate of destruction. When you trust SEAM with data destruction and data shredding, you will know that all data security protocols are being strictly adhered to and that all reporting details have been handled securely.
SEAM’s professionals can advise you about document shredding and regulatory compliance issues. Contact us to learn more about SEAM’s data destruction process in Sioux Falls, South Dakota, and nearby areas.