Choosing a records management provider isn’t easy. You need security, dependability, and experience. Sometimes, the choice between two qualified records management companies comes down to one deciding factor: Privacy+ Certification In this blog, we highlight several ways working with a Privacy+ Certification records management provider benefits your business.

What is Privacy+ Certification?

Privacy+ Certification is administered by Professional Records and Information Services Management (PRISM) International, a trade association for commercial information management companies. PRISM awards Privacy+ Certification only to companies that meet or exceed the highest standards for information protection. A third-party auditor assesses Privacy+ Certified companies internal privacy controls every two years to verify ongoing compliance with PRISM’s Privacy+ Certification program.

Oversight and Accountability

Records management providers are supposed to help businesses protect confidential records and data, but not all records management companies have the organizational processes, structure, and capability to ensure information protection. Privacy+ Certification is awarded to records management providers who follow organizational structures with clearly-defined employee roles and responsibilities. They must demonstrate strong managerial oversight of their staff to ensure information management and privacy protection measures are verifiable and measurable. This ensures their clients’ records and data are handled, transported, stored, and destroyed securely.

Security

Big and small businesses are increasingly under threat from identity theft and fraud scams. When you entrust your records to a third party, you need unwavering assurance that the confidentiality of your information is upheld. By partnering with a Privacy+ Certified records management company, you know your information is protected from unauthorized access. A Privacy+ Certified records management provider invests in people, places, and systems that safeguard your records, including:

• Secure records centers
• GPS-tracked and alarmed delivery vehicles
• Background-checked, HIPAA compliance-trained employees
• Documented chain of custody procedures
• Advanced document management and barcode tracking software

Each of these “controls” is audited by an independent third party as part of an overall risk management assessment.

Regulatory Compliance

If your company must comply with global privacy regulations, you want a records management provider who does, too. A Privacy+ Certified records management company complies with the following global regulations:

• Health Insurance Portability and Accountability Act (HIPAA)
• Payment Card Industry Data Security Standard (PCI DSS)
• The Personal Information Protection and Electronic Documents Act (PIPEDA)
• Gramm-Leach-Bliley Act (GLBA)
• Sarbanes-Oxley Act (SOX)
• Federal Trade Commission (FTC) “Red Flags Rules“
• American Institute of Certified Public Accountants (AICPA) SSAE No. 16
• Family Educational Rights and Privacy Act (FERPA)
• Fair and Accurate Credit Transaction Act (FACTA)
• State level information security laws (including 201 CMR 17.00)
• European Data Protection Directive

If you want a records management provider who doesn’t just store barcoded boxes on shelves but is globally recognized for meeting a higher standard, choose a Privacy+ Certified records management company.

DeVries Business Services is the first records management firm in Washington state to be awarded PRISM Privacy+ Certification.

We proudly serve businesses in Spokane, Eastern Washington and Northern Idaho.