ewaste security compliant data destruction
Contact Us

Standards for Certified Data Destruction Organizations

ClearChain is an independent, non-government auditor of information security, controls and risk management.

 

 

HIPAA | GLBA | PCI | NIST 800 | FACTA | FINRA

Our Certification for Your Risk Management

A Certificate of Destruction from a third-party vendor does not transfer liability!

Your organization remains legally responsible and liable for the protection of consumer and patient information long after giving up custody of paper and digital media. Healthcare providers should be very familar with HIPAA & HITECH regarding these rules.

Our Certified requirements

ClearChain conducts a comprehensive review of documentation, policies and procedures, operational protocols, and other supporting materials submitted by data destruction service providers. The objective is to independently validate that the vendor possesses the experience, infrastructure, and controls necessary to securely destroy information in accordance with applicable data privacy regulations.

A ClearChain Certification confirms that a vendor has implemented reasonable and appropriate safeguards, as required under data protection laws such as HIPAA, HITECH, GLBA, and FACTA. Engaging a ClearChain Certified vendor satisfies an organization’s due diligence obligation when selecting third-party data destruction and information security providers.

NAID Certified Hard Drive Destruction

Your third party due diligence

Check your Vendor's Status

Organizations may either perform vendor due dilience inhouse, by reviewing policies & procedures, employee background, etc., or hire a company Certified for data destruction.

HIPAA /HITECH

HIPAA Privacy Rule

Requirements for Certification

ClearChain Certified data destruction vendors are required to comply with standard policies & procedures (“P&P”).  These P&Ps were develped based on guidelines of NIST 800-88 Guidelines, ISO 27001 & the Department of Defense.

A well-vetted vendor not only maintains compliance but minimizes financial and reputation risk exposure.

Policies and Procedures

  1. Media control & handling
  2. Destruction type & size
  3. Compliance reports
  4. Certificate of Destruction
  5. Equipment capatability

Administrative

  1. Breach notification & response
  2. Insurance requirements
  3. Business licenses & permits
  4. Reporting & documentation

Employees

  1. Background checks
  2. Travel ining
  3. Substance abuse screening
  4. Non-disclosure agreements

Requirements by Industry

Hard Drive

HIPAA / HITECH

Healthcare

PCI/DSS

CC Processors

GLBA

Financial Institutions

SOC 2

Public Companies

NSA

Government Contractors

Explore by Information Security Guidelines

Hard Drive

NIST 800

All Organizations

NSA

National Security Agency

ISO 27002

R2

Recycling Companies