NAID AAA Certification Covers PCI Compliance Standards

Working with a NAID AAA Certified information destruction partner offers your company several benefits. Assured privacy protection, the highest ethical standards, and a guaranteed closed chain of custody during destruction are all at the top of the list. But NAID AAA Certification also offers added benefits for companies required to follow Payment Card Industry Data Security Standards (PCI-DSS).

A short history of the PCI Security Standards Council
(PCI-SSC)

The PCI Security Standards Council (PCI-SSC) is a consortium of the five largest credit card companies. Formed in 2006 in response to an increasing amount of data breaches and identity theft, the PCI-SSC has outlined requirements that merchants and processors must follow to ensure cardholder information is protected during credit card transactions. There are several security controls and processes that businesses involved in payment card transactions must follow to show PCI-DSS compliance.

Protecting cardholder data

PCI-DSS Requirement 3 requires stored cardholder data to be protected at all times. This includes maintaining a data retention policy. Storage of data should be limited to business, legal and regulatory retention periods, and unnecessary data must be purged on at least a quarterly basis.

Restricting physical access

Similarly, PCI-DSS Requirement 9 states, “Any physical access to data or systems that house cardholder data provides the opportunity for persons to access and/or remove devices, data, systems or hardcopies, and should be appropriately restricted.” This broad requirement includes destroying media no longer needed for business or legal reasons and specifies the following actions:

• Verify that hard-copy materials are cross-cut shredded, incinerated, or pulped, in accordance with ISO 9564-1 or ISO 11568-3e.
• Examine storage containers used for information to be destroyed to verify that the containers are secured. For example, verify that a to-be-shredded container has a lock preventing access to its
• Verify that cardholder data on electronic media is rendered unrecoverable via a secure wipe program in accordance with industry-accepted standards for secure deletion, or otherwise physically destroying the media (e.g., degaussing).

The certified destruction advantage

A NAID AAA Certified shredding and destruction vendor that offers one-time and regular paper shredding services—as well as hard drive, tape and digital media destruction services—can help your business meet PCI-DSS requirements. Lockable shredding bins and consoles can be delivered to your office to ensure cardholder data is purged quarterly and daily as needed. Likewise, magnetic and optical media are physically destroyed to prevent unauthorized access to digital cardholder data. For each of these services, the time and date of destruction is noted on the Certificate of Destruction for verifiable proof that PCI-DSS requirements have been met.

A NAID AAA Certified shredding and destruction vendor offers businesses that process credit card transactions added value by ensuring that PCI standards are maintained during the information destruction process.

To learn more about Shred Guard’s NAID AAA Certified shredding and destruction services, please contact us by phone or complete the form on this page.