That s why outsourcing using a Qualified Contractor is the best solution to the problem of assuring a compliant hard drive destruction audit trail.



Similar documents
secure shredding Services Secure, Compliant, Cost-Effective, Environmentally Responsible Information Destruction Secure Shredding

How To Destroy Data From A Hard Drive

Secure Mobile Shredding and. Solutions

CENTRALLY MANAGED PROCESS MINIMIZING RISK MAXIMIZING REMARKETING VALUE

MASSIVE NETWORKS Online Backup Compliance Guidelines Sarbanes-Oxley (SOX) SOX Requirements... 2

Building an ITAD Program:

Asset Management Ireland (AMI) The secure IT Asset Disposal Company that generates revenue for your business

Information Technology Services Guidelines

document destruction Our passion.

A Guide to Minimizing the Risk of IT Asset Disposition

The nation s largest privately held records and information management company

HIPAA Training for Hospice Staff and Volunteers

Shredding. Security. Recycling

HIPAA Training for Staff and Volunteers

RECORDS MANAGEMENT RECORDS MANAGEMENT SERVICES. Cost-Effective, Legally Defensible Records Management

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc.

State of Vermont. Digital Media and Hardware Disposal Standard. Date: Approved by: Policy Number:

to EMR transition Contents

Samsung WEEE Management Policy (US and Canada)

Somansa Data Security and Regulatory Compliance for Healthcare

Protecting MIT Data. State Laws & Regulations. T. McGovern, M. Yeaton, M. Halsall, S. Burke, B. DiMattia

الدكتور عادل إسماعيل العلوي الجامعة الملكية للبنات البحرين نائب رئيس الجمعية الدولية لضبط ومراقبة نظم المعلومات

Best Practices for Responsible Disposal of Tape Media

IT Trading UK Ltd Computer & IT Equipment Disposal Specialists

Office Equipment Disposal Policy

HIPAA and the HITECH Act Privacy and Security of Health Information in 2009

Security Information Lifecycle

Speed the transition to an electronic environment. Comprehensive, Integrated Management of Physical and Electronic Documents

Table of Contents 01 How to minimize cost in the ITAD Process. 02 Four ways to maximize investment recovery

CREDIT CARD PROCESSING & SECURITY POLICY

Research and the HIPAA Security Rule Prepared for the Association of American Medical Colleges by Daniel Masys, M.D. Professor and Chairman,

HIPAA Compliance (DSHS and HCA) Preamble: This section of the Contract is the Business Associate Agreement as

HIPAA Privacy & Security White Paper

Rackspace Archiving Compliance Overview

SCANNING STORAGE SHREDDING WORKFLOW IT RECYCLING.

NATIONAL SECURITY AGENCY CENTRAL SECURITY SERVICE NSA/CSS POLICY MANUAL Issue Date: 15 December 2014 Revised:

Weighing in on the Benefits of a SAS 70 Audit for Payroll Service Providers

Value Recovery Enterprise IT Asset Disposition

HIPAA Security Alert

PII Compliance Guidelines

Fujitsu Asset Lifecycle Management Services

Approved By: Agency Name Management

M E M O R A N D U M. Definitions

COMPLIANCE ALERT 10-12

Add the compliance and discovery benefits of records management to your business solutions. IBM Information Management software

Information Security Plan effective March 1, 2010

FINAL May Guideline on Security Systems for Safeguarding Customer Information

Challenges and Solutions for Effective SSD Data Erasure

Compliance in the Corporate World


This presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in

University of Wisconsin-Madison Policy and Procedure

Data Security for ITAD, Corporate & Consumer Electronics

HIPAA Policy, Protection, and Pitfalls ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS

The Impact of HIPAA and HITECH

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Compliance Challenges. Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) Member, FBI InfraGard. Increased Audits & On-site Investigations

My Docs Online HIPAA Compliance

Ensuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services

Compliance and Industry Regulations

THE IMPORTANCE OF ENCRYPTION IN THE HEALTHCARE INDUSTRY

Record Custodian to Health Information Steward Best Practices in Record Retention, Storage, and Destruction

The CIO s Guide to HIPAA Compliant Text Messaging

California State University, Sacramento INFORMATION SECURITY PROGRAM

7Seven Things You Need to Know About Long-Term Document Storage and Compliance

ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING. By: Jerry Jackson Compliance and Privacy Officer

IT ASSET DISPOSAL ISO ISO Registered Environmental Management. ISO 9001 Registered Quality Management

Achieving Regulatory Compliance

Guidance on Personal Data Erasure and Anonymisation 1

PROTECTING YOUR VOICE SYSTEM IN THE CLOUD

Information retention and disposal guide. Date: 31 October 2014 Version: 2.0

Sustainability. Your Partner In Green IT & Bottom Line

Information Security Policy

Transcription:

Why Zak Enterprises? Information contained on the hard drives of retired computers must be destroyed properly. Failure to do so can result in criminal penalties including fines and prison terms up to 20 years. However, even more problematic is the harm that failure to sanitize hard drive data can cause to a company s brand and reputation. That s why outsourcing using a Qualified Contractor is the best solution to the problem of assuring a compliant hard drive destruction audit trail. At Zak, we employ a highly structured documented quality control program that assures the effectiveness of the data destruction process on an ongoing basis. Our team will typically degauss (which renders drives unusable) and disassemble hard drives on-site, and then transport the dismantled drives via locked truck and secured container to our site for final shredding and ultimate eco-friendly smelting at our audited downstream vendor. Zak follows a zero landfill policy and uses fully audited downstream vendors for ultimate product disposal. Our customers are assured that their sensitive hard drive data has been completely destroyed, and they can also rest assured knowing that Zak has disposed of residual scrap metals, circuit boards and chips in an environmentally responsible and compliant manner.

On-Site Hard Drive Destruction Process

On-Site Hard Drive Destruction Process Zak s truck and crew arrive at Customer site check in. Crew evaluates customer s HD accumulation area and sets up equipment. Scanning of HD serial numbers performed and numbers recorded. HD destruction performed using a Gartner degausser. Circuit boards removed from HDs and placed in separate container. Degaussed (unusable/inoperable) HDs accumulated in locked bin. Locked bin containing degaussed HDs transferred to secure truck. Locked truck transits directly to Zak s secure facility. Locked bin unloaded from truck and moved to facility s secure staging area. Locked bin moved to secure shredding operation area. Physical HD destruction performed using Untha model 30 four shaft shredder. Residual material from shredding process accumulated and transported to approved downstream vendor for ultimate environmentally compliant disposal/smelting. Pick Up Report issued to Customer, along with serialized HD list, Certificate of Destruction, Invoice and any other additional required documentation.

Protecting Intellectual and Physical Property for our Customers Zak provides a variety of materials removal solutions. The main focus of each service is proper removal and disposal practices in a professional manner and at a reasonable cost to the client. From a risk management perspective, the only acceptable method of discarding stored materials is to destroy them in a way that ensures any proprietary information is obliterated; disposal complies with all local or federal regulations; and that no items are casually handled, sold or donated unless requested and approved. Additionally, by removing these items from your waste stream, you will reduce your trash costs as well as create a safer, more secure and environmentally aware corporate atmosphere.

Confidential Materials STUDIES SHOW THE AMOUNT OF CONFIDENTIAL DATA CASUALLY DISPOSED OF IS STAGGERING. IN MANY CASES, OVER 50% OF A COMPANYS MATERIAL WASTE (EXCLUDING GENERAL/FOOD WASTE) CAN BE CONSIDERED CONFIDENTIAL. Data Remanence is also a serious hazard. Zak focuses on Hard Drives and other media such as tapes, CDs, etc. ZAK CAN ASSESS YOUR COMPANYS NEEDS AND WORK WITH YOU TO DEVELOP AN APPROPRIATE PROGRAM AND SERVICE LEVEL TO REMOVE AND DISPOSE OF THESE AND OTHER COMPANY MATERIALS PROPERLY.

End-to-End Chain of Custody Zak follows the National Institute of Standards and Technology Guidelines for Media Sanitization (NIST Special Publication 800-88) as well as Federal Information Processing Standards (FIPS 200), Minimum Security Requirements for Federal Information and Information Systems for comprehensive information on media sanitization options (per GSA NSA / DOD Approved Degaussers and Declassifiers, and GSA NSA/CSS Approved Degaussers/Shredders). Like Asset Lifecycle Management, the unbroken Chain of Custody is an important part of assuring compliance with data security and environmental management laws. Zak's logistics team can provide additional services related to deployment of new or refurbished assets, on-site degaussing/off-site hard drive shredding or wiping, and data center relocation or deprovisioning.

Zero Landfill Policy Zak s services eliminate data security risk through tested and proven data security and destruction (DOD 5220.22-M compliant) processes. We adhere to a zero-landfill policy; Zak's commitment to minimum environmental impact means our aim is to recycle 100% of electronic materials because it is the responsible thing to do. Assets are processed in accordance with Zak's strict standards for reuse, recycling, and downstream accountability. Zak welcomes audits. Since we adhere to a constant commitment to improvement, we believe that customer audits can only help make us a better company.

HIPAA Requirements Are Changing Is Your Organization Prepared? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) has been part of the healthcare landscape for years. Now, that same landscape is changing rapidly with the growing adoption of Electronic Health Records (EHR) and the new HIPAA requirements for privacy and security included in the American Recovery and Reinvestment Act of 2009 (ARRA). Understanding these new requirements is a critical challenge for every institution. What Does this Mean to You? Stricter regulations, larger penalties, stronger enforcement, the inclusion of business associates, and greater public visibility, all place an increased burden on healthcare entities and their partners to understand HIPAA regulations. Firm steps should be taken to bring policies, people, systems and procedures into compliance. If you contract with outside vendors, you also need to evaluate their compliance and ensure that Protected Health Information (PHI) is appropriately safeguarded. Be Prepared with Zak Zak is a trusted partner to many of healthcare providers in California, safeguarding patient information and providing the most rigorous compliance policies and procedures in the industry. We have maintained a proactive, industry-leading HIPAA compliance program since the regulations were introduced and completed a formal risk assessment to ensure our facilities, processes and training, comply with the new regulations.

Compliance Gramm-Leach-Bliley Compliance The Gramm-Leach-Bliley Act (GLBA) controls the use of consumers private information. GLBA affects a wide range of financial institutions such as banks, thrifts, credit unions, and insurance firms. Much nonpublic personal information and personally identifiable financial information is subject to GL BA's privacy controls. Zak s SAS 70 Type II data security provides a comprehensive GLBA compliance solution. Zak s end-of-life hard disk shredding also assures compliance with the Payment Card Industry (PCI) Data Security Standard v2.0. (Institution s penalty per violation; $100,000.00) SAS 70 The Statement on Auditing Standards (SAS) No. 70, for Service Organizations, developed by the American Institute of Certified Public Accountants (AICPA), is a widely recognized auditing standard. SAS 70 Type II compliance demonstrates that an organization has rigorous controls of its organizational activities and objectives. SAS 70 compliance is often related to Sarbanes-Oxley requirements. Zak s stringent methods help assure SAS70 compliance. SOX Compliance To comply with Sarbanes-Oxley, executive officers must attest that they have provided internal controls to ensure they can produce documents related to company financial reporting. This makes it imperative that key data is backed up securely, in accord with rigorous retention policies. However, a corollary is that all confidential and/or insider information must remain secure. Zak s secure data destruction program and rigorous documenting practices assures a compliant paper trail. (Institution s penalty per violation; $5,000,000.00) SEC and NASD Compliance The Securities and Exchange Commission (SEC) and the National Association of Securities Dealers (NASD) have instituted compliance regulations around storing financial records and electronic communications in emails, instant messages, and more. Zak addresses SEC and NASD compliance and security requirements by providing detailed reporting that gives regulators a clear idea of the chain of custody of the stored information, and rapid data access for easy auditing.

Information Destruction According to industry studies, up to 10% of erased hard drives still contain recoverable data. At Zak, we make sure your sensitive data does not fall into the wrong hands. To prevent such instances recoverable data from occurring, we have designed, tested, and implemented a process to remove all data from hard drives. We are so confident in our proven system, we stand by our process by issuing Certificates of Data Destruction, guaranteeing all sensitive and proprietary data has been removed. Even old copiers contain internal disk drives with proprietary data. Zak s program is comprehensive and in addition to hard drives we can shred chips and other sensitive data carrying devices and media.

Steps to Securing Data Data Erasure... for client use in on-site data erasure, integrated with our process for reliable results and no need for re-erasing or redundant handling. Data Locking... the fast, convenient way for clients to secure data on equipment in transit, storage, or during temporary moves. Data Repositories the best practices in data security processes require audit proof of an ongoing security process and permanent record of serialized hard drive sanitization to prove privacy compliance downstream.

E-Waste Management Zak remains a trusted and respected resource in the ewaste sector because of our 18 years of industry experience and commitment to providing value and quality. Zak provides its services to corporate customers in the greater San Francisco Bay Area and nationwide by employing the most progressive solution to effectively remove proprietary data, recycle inventory and dispose of ewaste. Our comprehensive asset recovery solutions, equipment handling, and asset rotation and removal services provide lowcost, environmentally friendly alternatives for product disposal. Some of our biggest customers include Data Center providers, Universities, Hospitals, Banks and Law Firms.

Verifiable hard drive data destruction when failure is not an option Research suggests that 1 out of every 4 so-called DoD-compliant erasures fails to completely remove all data. It is imperative to protect proprietary data and licensed software on IT equipment at the desktop, in quarantine and in transit to prevent a security breach should the equipment be lost or stolen. And in these privacy sensitive times, it is vital to verify and document final data destruction prior to an asset's sale or disposal. For this reason, major companies facing legal liabilities, huge fines, and negative publicity stemming from consumer privacy issues, Patient Healthcare Information and other security breaches, have consistently relied on Zak s integrated data erasure procedures. Because we get it right the first time.

Again Why Zak? With our strict security practices, extensive expertise, proven controls and a documented Chain-of-Control, you can rely on Zak to deliver upon your media destruction needs. Choosing Zak as a trusted provider of secure media destruction can yield many benefits: Destruction of a broad range of magnetic media, including CDs, backup tapes, film, photos, badges, disks, X-rays and bank cards. Secure transportation of sensitive information. Trained and rigorously screened personnel. Accountability with a documented workflow. An environmentally friendly waste-to-energy smelting process that also ensures complete destruction. Available on a project basis, our Secure Media Destruction Service uses Zak s proven methodologies that ensure reliability and consistency from collection through final destruction. Zak is a member of the National Association for Information Destruction (NAID), an global trade association for companies providing information destruction services, and is ISO 14001 compliant. Ask for an audit package today. CA EPA ID # CAL000343770

Statement of Process Zak provides a number of services, including onsite degaussing, DOD wipes, and full plant-based hard drive destruction using its Untha HD shredder. After circuit board disassembly, physical destruction destroys platters to prevent spinning. The customer is fully notified and given a complete report of the destruction method.

Contacting Us Zak s fully secure 25000 square foot facility is located in Santa Clara, California. Zak Enterprises LLC 1500 Coleman Ave. Santa Clara, CA 95050 (408) 746-0817 Duns # 07-245-5772