Could also be a disgruntled employee??
According to the Access website, the company offers storage facilities equipped with state-of-the-art security protocols that monitor and protect your records 24/7.
They also have underground storage vaults.
PRISM Merger and Certification: What You Need to Know
Data is a double-edged sword.
On the one hand, collecting and analyzing large amounts of employee and consumer data can help companies streamline operations and forecast future trends. But on the other, it leaves them vulnerable to potentially devastating breaches.
After Quest Diagnostics recently disclosed that the credit card and bank account information of 11.9 million patients had been compromised, the company and its partners became the target of multiple, quickly mobilized class-action suits. More recently, Equifax is expected to pay a staggering $650 million in fines and settlements related to its own recent breach, which exposed the personal information of 450 million people.
To avoid costly lawsuits and remain in compliance with complex state and federal regulations, companies must diligently protect their employee records and customer data.
There are a number of vendors that specialize in helping businesses secure their records. However, not all vendors are created equal—while some are invaluable partners, others are simply not up to the task.
Fortunately, there is now an organization responsible for setting industry standards. The International Secure Information Governance & Management Association (i-SIGMA) is a recently formed nonprofit resulting from the merger of two leaders in data security: NAID and Prism International.
NAID & PRISM Merger: Key Takeaways
The merger of NAID and PRISM allows for a unified effort in protecting records across all stages of the data life cycle.
While both companies will retain their individual certification programs, the new umbrella organization offers a wider range of information management and protection offerings.
We’ve previously discussed the benefits of working with a NAID AAA Certified Vendor to ensure that your data is properly destroyed. Now, let’s take a look at how PRISM safeguards the storage of paper and electronic records.
What is PRISM International?
The Professional Records and Information Services Management (PRISM) is similar to how NAID sets standards for how data is destroyed. PRISM provides guidance for how hard-copy records and off-line removable computer media, such as hard drives or storage disks, should be stored.
As many companies understand, archiving records on-site is risky. In addition to wasting valuable office space, the practice compromises security and risks running afoul of regulations set by legislation including HIPAA, the Computer Fraud and Abuse Act, and The Fair and Accurate Credit Transactions Act (FACTA).
Instead, records should be stored in a specialized, climate-controlled, off-site facility, where they’re protected against fraud, theft, fires, floods and natural disasters. However, it’s important that this off-site facility is prepared to properly protect these records and maintain critical compliance.
That’s where the PRISM International Privacy+ Certification comes in.
How Companies Become PRISM Certified
PRISM offers member companies a number of benefits, including educational opportunities in the quickly changing, ever evolving world of data security.
Members who want to demonstrate their commitment to offsite records security are invited to pursue Privacy+ certification, a prestigious international certification program.
The Privacy+ program has a threefold mission:
To identify leaders in the information security industry
To share resources and best practices, better enabling facilities to reduce risks
To reduce the number of breaches at off-site data storage facilities
Similar to NAID certification requirements, PRISM certification is a rigorous process. To become PRISM certified, companies must have a number of security checks and balances in place. PRISM certification requirements include the following:
Written security and privacy policies addressing all facets of handling physical records within the facility
Risk-assessment measures to identify new threats, and mitigation plans
Background checks on all potential employees, including criminal, credit, pre-employment, and reference checks
Signed confidentially agreements with all third-party vendors
24/7 monitoring of secure areas and alarms
Fire detection and suppression systems
Secure internal networks protected by firewalls, antivirus and anti-malware programs, and external vulnerability scans
