SEAM ensures that every step of the ITAD process is 100% auditable. Whether your assets are resold, recycled or reused, we account for everything from the secure recovery process to asset tracking and reporting, to final disposition. Our accessible online reporting provides documented proof for all of your auditing needs.
- FACTA: In June of 2005 the Federal Trade Commission (FTC) published the Disposal Rule as a part of The Fair and Accurate Credit Transaction Act (FACTA). The Disposal Rule requires “any person who maintains or otherwise possesses consumer information, or any compilation of consumer information, for a business purpose” to adopt procedures for proper data disposal. The disposal standards outlined in the rule require businesses to “destroy or erase electronic files or media containing consumer report information so that the information cannot be read or reconstructed.” Failure to abide by FACTA may result in harsh penalties and legal action, and may result in class-action suits with victims.
- GLBA: Also known as the Financial Services Modernization Act, The Gramm-Leach-Bliley Act (GLBA) became law in 1999, requiring financial institutions to protect consumer information. Businesses that collect personal financial information from consumers like banks and credit unions must comply with the privacy rights outlined in GLBA. This includes having a comprehensive, written information security program in place as well as a contracted disposition vendor. The act establishes policies for proper administrative, technical and physical safeguards to protect the privacy of individual customer's financial information. Financial institutions are responsible for safeguarding private information even when in the possession of an outsourced company. When selecting a partner for data destruction, it's important to use due diligence to make sure data is being handled appropriately.
- SARBOX: The Sarbanes-Oxley Act (SARBOX or SOX) was implemented in July of 2002, standardizing the way organizations certify their financial reports. Any organizations reporting financial results are required to comply with enhanced standards and Data Destruction requirements. This includes external audits and maintaining strong data storage policies to produce detailed audit trails of documents and electronic storage media including but not limited to computers, copiers, printers and other electronics.
- PCI DSS: The Payment Card Industry Data Security Standard (PCI DSS) applies to every company doing business in the U.S. that is involved with payment card processing. The PCI DSS standard was developed to enhance cardholder data security and create consistent data security standards. The standard requires companies to maintain secure environments for transmitting and storing cardholder data, including tracking of and data-containing technology like servers, computers, laptops, mobile devices, point-of-sale (POS) devices and other retail-specific equipment. When data storage devices are ready to be disposed of or replaced, organizations must, “render cardholder data on electronic media unrecoverable so that cardholder data cannot be reconstructed.” PCI recommends a “secure wipe program in accordance with industry-accepted standards for secure deletion, or otherwise physically destroying the media.” The latest “industry accepted standard” for secure data erasure and destruction is the National Institute of Standards and Technology (NIST) SP 800-88 standard. Organizations must be able to prove in an audit that their processes and vendors meet these requirements. There are serious risks that can come from non-compliance including lawsuits, insurance claims, and large fines from payment card companies or the government.
Based on our ability to meet high expectations for quality and service specifically tailored to the banking industry, SEAM has been thoroughly reviewed and selected as an endorsed vendor of the South Dakota Banking Association.
Reasonable steps, due diligence and precautions taken by any company collecting confidential data will keep you in compliance. Let us help.
- Legislative Compliance: We take corporate compliance seriously. SEAM’s certified process follows strict security protocols to ensure data is protected. Customers are provided with detailed reports and Certificates of Destruction, made readily available 24/7 via the customer portal. This information can be used for audits and compliance with various legislative regulations that require businesses to properly handle, archive and destroy electronic records. Using a partner with experience and knowledge eliminates your risks and ensures compliance.
- Crisis Prevention: By using SEAM’s services to handle off-network equipment, customers are preventing costly disasters such as data breaches or environmental catastrophes. Using SEAM as an insurance plan mitigates these risks and helps customers avoid spending huge amounts on the investigation, communication, and ultimate customer loss that result from these issues.
- Corporate Social Responsibility and Sustainability Reporting: All of SEAM’s certified processes are tracked in our operational management system and analytic reports are made available to customers through our online portal. Customers use this reporting service to communicate their CSR initiatives and meet various environmental requirements such as LEED Certification.
- Certified Data Destruction: SEAM adheres to the current recognized data destruction standard, NIST Special Publication 800-88 (Revision 1), which meets and exceeds the US Department of Defense standards. With well documented and third party verified physical destruction and sanitization procedures, we ensure all data is completely destroyed once it enters our facility. Customers can rest assured their data security policies are in compliance and all sensitive data is safely secured with SEAM.