Skip Navigation
 
 

NAIDnotes

Bookmark and ShareThursday April 25, 2013

Why NAID doesn’t certify equipment or software

By Bob Johnson, NAID CEO

At this point, I am comfortable saying the NAID AAA Certification Program is a success. Don’t get me wrong, there is plenty of room for improvement, growth and acceptance of the program. But, I estimate that about 80% of outsourced secure destruction capacity in North America is NAID Certified, which is pretty darn good. However, I am quick to point out this success is far more due to the efforts of the companies promoting their certification than anything NAID has done.

Based on this success, NAID routinely receives inquiries from equipment manufacturers and software developers to certify their products. While the association is grateful and humbled by the idea that a NAID endorsement is considered a credible seal of approval, we can not do it and for good reason.

Proper secure destruction is a process not an event. From this perspective, it is completely inappropriate for a customer to select a vendor simply based on the fact that equipment or software is certified. The equipment could be doing exactly what is supposed to do but that is irrelevant if the employees are not screened or the doors are not locked. The software could be delivering the best sanitization in the world but it will not matter if the technicians are not properly trained or the quality control procedures are inadequate.

Certainly, it is appropriate to use equipment and software that are tested to verify they do what they are supposed to do. On the other hand, it is completely inappropriate for a customer to select a vendor simply because their destruction equipment or wiping software has been certified. As a result, NAID certifies the entire process, including employee screening, training and documentation, access control, operations, quality control, policies and procedures, and the specific equipment or software deployed at the individual location. Of course, you have to add that the program primarily relies on random unannounced audits, which is another critical element I will discuss in my next blog entry.

Comments: 0 | Reply

Return to Current Blog