Data Security and Compliance
There is a growing list of regulations that dictate how sensitive data is to be handled by corporations and government agencies. Failure to protect this data, which may involve privacy issues or access to personal or business information, comes with stiff penalties. Those penalties not only impact a company financially, and possibly senior officers legally, they have significant negative impact on any level of trust the organization once had with its customers and investors.
The data security procedures at PlanITROI assure that your sensitive information is not at risk. We maintain strict standards for data erasure or hard drive destruction if the latter is required. With regulations dictating how all information, whether it is patient information or financial data, is to be handled, PlanITROI has refined its data security and physical security protocols to assure thorough and absolute data cleansing.
Data Sanitization and Data Erasure
PlanITROI provides IT asset and electronic device specific methods of data erasure to ensure complete data sanitization and compliance with all applicable regulations and client mandates. In today’s world, devices beyond IT assets, e.g., cell phones, PDA’s and printing devices, have memory and data storage features. PlanITROI looks beyond the hard drives, memory and BIOS of a given PC or server to make sure every device and all related media is data erased according to the OEM specifications.
All IT assets are erased utilizing certified drive erasure programs that are compliant with Department of Defense, DoD 5220.22-M standards. The data security procedures at PlanITROI assure that a client's information is not at risk of compromising the client in any way. Since 1991, and after processing more than six million assets along with associated media, PlanITROI has never had an incident in which a client's data has been improperly exposed or accessed. Certificates of Data Erasure, and of Device Destruction if necessary, have always been standard and provided.
PlanITROI’s data sanitization procedures require verifiable data erasure of any hard disk, internal memory, BIOS, flash memory, removable media, or any other media that store data utilizing the procedures outlined above. In addition, asset ID tags and client identification as well as paperwork, labels, stickers or other personal tags, that had been inadvertently included with the equipment will be removed and destroyed by shredding.
PlanITROI Clients along with their third party security firms are encouraged to conduct audits to verify complete data erasure.
On-site Data Sanitization, Data Destruction and Device Destruction
PlanITROI provides its data security services both at its facility or a client’s facility if requested. PlanITROI can shred media or any device with data on it or employ NSA level erasure utilizing an NSA approved degausser and then shred. This renders all media useless.
Any asset received by PlanITROI from which data cannot be purged using a software-based tool, or the asset cannot be verified as “Data Safe,” will be made “Data Safe” by removing the item(s) containing data, and will be shredded. Certificates of Device Destruction will be issued.
PlanITROI data security procedures are compliant with Sarbanes-Oxley Act of 2002, Gramm-Leach-Bliley Act, and the Health Insurance Portability and Accountability Act (HIPAA).
PlanITROI warrants its data security services and indemnifies clients against any liability associated with the data sanitization or destruction process.
|
