by Kelly Martinez – via NAID
I recently had the pleasure of speaking with Corrine Allen, Chief Operating Officer for
Goodwill of Orange County. I called Allen, who has more than 35 years of progressive management experience because it was brought to my attention that Goodwill of Orange County requires NAID Certification in their Secure Data Destruction Request for Quote (RFQ). I wanted to know why. A Serious Role in Community & Compliance Goodwill of Orange County, voted Best Thrift Store by The Orange County Register readers numerous times and currently the #2 Vintage store in the county, is a nonprofit agency focused on serving people with disabilities and other barriers to independence. Ninety-two percent of every incoming dollar directly supports these services. The organization has grown to be a well-recognized community service provider with more than 1300 employees and an annual budget in excess of 100 million.
Given that the organization has provided thousands of individuals with disabilities and other barriers to independence the opportunity to achieve their highest levels of personal and economic independence through competitive employment, they must legally process more personally identifiable information (PII) through Human Resources than traditional employers. This may include medical diagnosis, work plans or other components that may highlight disabilities. As an organization privy to extensive sensitive information, regulatory compliance and risk mitigation are critical.
In my conversation with Allen, it became immediately apparent that Goodwill of Orange County takes its role in the community and regarding compliance seriously.
Why Specify NAID AAA Certification in Their RFQ? When I asked Allen why they specify NAID Certification, her answer was simple, “When we seek to do business with a partner, we want someone who meets the highest standards available. In the area of document destruction, that means NAID Certification.”
NAID Certification is an optional credential and not required for service providers within the industry. However, from Allen’s point of view, it’s mandatory. “Certification speaks a lot about the process, the way a service provider is going to handle the
destruction of our materials, and that they won’t have chain of custody issues.” She went on to share her concerns that companies without NAID Certification may have only done some sort of self-attestation, or worse yet perhaps have never looked
at themselves and their process. She feels that accountability is a big part of finding the right partner, “We want to make sure we are doing the right thing; therefore, our partners have to be too.” The Confidence-Maker Knowing that the data destruction partner they choose has a shadow of an unannounced third party audit keeping them on their toes gives Allen confidence in that service provider. “If our partner is submitting to NAID Certification, we know that a NAID auditor can walk in any time. They’re going to ensure laws are being adhered to, ID badges are being checked, and that every bit of the process is being followed.”
Doing the Right Thing I asked Allen if Goodwill of Orange County took this same ideology into all of their practices. She responded quite pointedly, “Yes, we seek means for validation of our processes, be that for PCI, HIPAA certification – anything that corroborates that we are doing the right thing is important to us. Certification and validation are paramount to us and I think to all organizations. We live and work
in a really litigious environment; we have to be doing our best and ensuring our partners are too.” She went on to reiterate, “That means meeting the highest industry standards – in the area of document destruction, that’s NAID Certification.”