Working with a NAID AAA Certified information destruction partner offers your company several benefits. Assured privacy protection, the highest ethical standards, and a guaranteed closed chain of custody during destruction are all at the top of the list. But NAID AAA Certification also offers added benefits for companies required to follow Payment Card Industry Data Security Standards (PCI-DSS).
The PCI Security Standards Council (PCI-SSC) is a consortium of the five largest credit card companies. Formed in 2006 in response to an increasing amount of data breaches and identity theft, the PCI-SSC has outlined requirements that merchants and processors must follow to ensure cardholder information is protected during credit card transactions. There are several security controls and processes that businesses involved in payment card transactions must follow to show PCI-DSS compliance.
PCI-DSS Requirement 3 requires stored cardholder data to be protected at all times. This includes maintaining a data retention policy. Storage of data should be limited to business, legal and regulatory retention periods, and unnecessary data must be purged on at least a quarterly basis.
Similarly, PCI-DSS Requirement 9 states, “Any physical access to data or systems that house cardholder data provides the opportunity for persons to access and/or remove devices, data, systems or hardcopies, and should be appropriately restricted.” This broad requirement includes destroying media no longer needed for business or legal reasons and specifies the following actions:
A NAID AAA Certified shredding and destruction vendor that offers one-time and regular paper shredding services—as well as hard drive, tape and digital media destruction services—can help your business meet PCI-DSS requirements. Lockable shredding bins and consoles can be delivered to your office to ensure cardholder data is purged quarterly and daily as needed. Likewise, magnetic and optical media are physically destroyed to prevent unauthorized access to digital cardholder data. For each of these services, the time and date of destruction is noted on the Certificate of Destruction for verifiable proof that PCI-DSS requirements have been met.
A NAID AAA Certified shredding and destruction vendor offers businesses that process credit card transactions added value by ensuring that PCI standards are maintained during the information destruction process.
To learn more about Shred Guard’s NAID AAA Certified shredding and destruction services, please contact us by phone or complete the form on this page.