Certifications

NAID

When companies require secure destruction of hard copy records, electronic media and computer hard drives they can rely on service through Access locations, many of which are NAID AAA Certified.

NAID® is the international trade association for companies providing information destruction services. NAID’s mission is to promote the information destruction industry and the standards and ethics of its member companies. NAID merged with PRISM in 2018 to form the new industry trade association i-SIGMA.

PRISM Privacy+

PRISM is an international organization representing companies that engage in Commercial Information Management Services.

Access continues to maintain the Privacy+ certification demonstrating our commitment to information privacy standards. Additionally, Access is a corporate member of PRISM International with team members serving in various leadership positions.

EU-US and Swiss-US Privacy Shield

The EU-US and Swiss-US Privacy Shield Frameworks requires that companies meet obligations to protect personal data. Now, more than ever, companies need guidance to ensure requirements are met.

The assessment guides discovery of necessary information, including relevant data flows and evaluation of privacy policies and practices against relevant standards. Access partners with a 3rd party company to assess the privacy frameworks, ensuring no gaps exist to mitigate risk.

PCI Compliance

PCI DSS (Payment Card Industry Data Security Standard) provides technical and operational requirements that are designed to protect cardholder data. The requirements were designed to decrease credit card fraud by increasing the controls involved with cardholder data.

PCI DSS acts as a framework for a Merchant or Service Provider to develop a strong payment card data security process, which includes prevention, detection, and reaction to security circumstances. Access maintains PCI DSS attestation of compliance for access control and security measures.

SOC 2 Type II

SOC (System and Organization Controls) is the de facto standard for technology service providers to demonstrate the successful design and operation of their internal controls. A SOC-certified organization has been audited by an independent certified public accountant who determined the organization has the appropriate safeguards and procedures in place to adequately protect sensitive data.

Access FileBRIDGE Records (formerly known as Total Recall) and CartaHR, CartaDCE, and CartaDC Platforms (formerly known as FileBRIDGE Digital) are assessed by an independent auditing firm in accordance with attestation standards established by the American Institute of Certified Public Accountants (AICPA) and in accordance with International Standard on Assurance Engagements (ISAE) 3000 (Revised), Assurance Engagements Other Than Audits or Reviews of Historical Financial Information, issued by the International Auditing and Assurance Standards Board (IAASB). The SOC2 Type II report assures clients that Access has proven its processes, facilities, and systems meet the required industry control standards.