Taking the appropriate steps to ensure sensitive data is secure shouldn’t stop just because the information is no longer needed. A proper data destruction and disposal plan is critical to continue to protect confidential information once retention periods have expired. Equal care and attention should be taken whether you are destroying paper documents or digital files. Not only can improper data destruction increase the possibility of a data breach, it can also lead to the violation of Canadian privacy laws and result in hefty fines. You can protect your reputation and your sensitive data by working with an experienced, high calibre partner that can provide you with the necessary assurances for proper data destruction and disposal.
The client service team at Octacom will work closely with you to ensure the secure destruction of your sensitive information through their commitment to transparent communication and their strict adherence to privacy and security standards.
1) Stringent Chain of Custody Protocol
Octacom’s chain of custody controls provides you with a complete and accurate tracking record of your data throughout your entire project, including the destruction phase. Each customer is required to provide Octacom with data retention requirements, including identifying the desired retention period. Even if the retention period has passed, document destruction occurs only after the customer provides Octacom with written destruction authorization. A certificate of destruction is provided to the customer upon document destruction and disposal to retain for auditing purposes.
2) Solid Shredding Compliance
Octacom has extensive experience in secure data destruction and disposal with shredding services that comply with the following certifications:
- NAID AAA Rating: NAID is the standard-setting body that advocates for best practices in secure data destruction. NAID AAA Certification verifies secure data destruction companies’ services’ compliance with all known data protection laws through scheduled and surprise audits by trained, accredited security professionals, fulfilling customers’ regulatory due diligence obligations.
- PCI Compliant: The Payment card industry (PCI) compliance refers to the technical and operational standards that businesses follow to secure and protect credit card data provided by cardholders and transmitted through card processing transactions. For example, all stored cardholder data must be encrypted using industry-accepted algorithms, truncated, tokenized or hashed.
- Public Services and Procurement Canada Protected Level B: Octacom maintains Reliability Status to include Document Safeguarding Capability up to and including Protected Level B, issued by Public Services and Procurement Canada. This level of protection includes paper and digital processing and storage of health information, financial information and other forms of personal information.
3) Adherence to Privacy and Security Standards
Octacom has over 45 years of experience working with sensitive and confidential information across various industries including, Fortune 100 companies, government departments, not-for-profit organizations, healthcare organizations and law firms. By strictly following industry-specific guidelines and policies, Octacom has been able to maintain the utmost in security and discretion in every sector.
- SOC 2, Type II Audited with HITRUST CSF: Octacom’s physical and information security is regularly tested, validated and audited. Octacom is a SOC 2, Type II audited organization and compliant with HITRUST Common Security Framework (CSF) security certification criteria. HITRUST’s CSF has been assembled by North America’s largest health care service organization and is one of the most well-respected frameworks of its type.
- PIPEDA and PHIPA Compliant: Octacom is compliant with the Personal Information Protection and Electronics Documents Act and the Personal Health Information Protection Act. Octacom maintains designated privacy officers, written privacy policies and a staff privacy training program.
Canada Evidence Act Compliant: Octacom is compliant with the Canada Evidence Act as it pertains to authentication, best evidence and integrity. This level of compliance includes paper and digital processing and storage of legal, financial and health information.
Schedule a consultation to learn more about Octacom’s services and security practices.
Octacom is a SOC 2, Type II Audited enterprise software and services company focused on document and data automation solutions, including automated data capture. Founded in 1976, Octacom specializes in accounts payable automation and automated invoice processing, among other digital / automated business process outsourcing services.
If your organization is looking to learn more about our solutions and services, please contact us and we would be glad to help.