Privacy + Certification
Privacy+ is an international certification program open to all companies who provide storage and protection of hard-copy records and off-line removable computer media. Participation in Privacy+ is voluntary and allows these companies to publicly demonstrate their commitment to protecting the privacy of information entrusted to them by their clients. For an example of some of the criteria that may be required for this certification click here.
CROWN Information Management is certified for information destruction through The National Association for Information Destruction or NAID. NAID is a non-profit organization founded in 1994. NAID is recognized internationally by many policy-makers and is often called upon to provide counsel to organizations developing information security standards and regulations.
NAID audits are only conducted by the Certified Protection Professional or CPP. The CPP is the highest and most recognized security management accreditation achievable. The CPP accreditation is issued to security professionals who meet stringent educational and experience requirements by ASIS International.
Annual audits are conducted of all service providers. The annual audit verifies that the service provider complies with the standards set forth by NAID regarding the disposal of secure information.
NAID WH 2018
NAID audits are only conducted by the Certified Protection Professional or CPP. The CPP is the highest and most recognized security management accreditation achievable. The CPP accreditation is issued to security professionals who meet stringent educational and experience requirements by ASIS International.Annual Audits consist of the following elements:
- Employee Clearance: Drug screenings, employment history and criminal background, are all verified to restrict high risk individuals from employment.
- Access Control: Security of removal material, security of facilities, monitoring of alarms, video surveillance and recording systems are all checked and verified.
- The Destruction Process: Particle size, destruction time frame and disposal process of destroyed material is verified.
- Secure Processing: This process verifies compliance with the service provider’s written policies and procedures.
What is PCI compliance?
Compliance simply means that your business meets the requirements established by the Payment Card Industry (PCI) Security Standards Council. The council is run by the five major credit card companies – Visa, MasterCard, Discover, American Express and JCB International – and is responsible for enforcing the PCI Data Security Standards (PCI DSS). In order to be in compliance, you must meet these standards.
Crown Information Management is a level 4 company. This level is for small businesses processing less than 20,000 eCommerce transactions and less than 1 million other transactions each year. Level 4 businesses are required to complete an annual risk assessment using the appropriate PCI Self-Assessment Questionnaire (SAQ). The results of the questionnaire are the certificate posted on this website. Click here to learn more about the requirments.