What are the differences?
NAID Member or NAID Certified®
Understanding NAID is an important role in maintaining legal compliance
The question about the difference between Membership and Certification is a very good one. There are significant differences between the two which must be noted when you are evaluating potential vendors for your secure document destruction program.
The National Association for Information Destruction (NAID) is the only recognized source for security and ethics standards in the document destruction industry. Companies involved in the destruction of documents are eligible for membership, and more importantly, for certification.
NAID certification enforces the highest security standards and ensures that all of the vendor's procedures meet strict criteria before certification is granted.
The difference between a vendor's level of involvement with the association should be an important criteria in your decision making process. Those organizations that are simply members are subscribing to a professional association. They have access to publications and security guidelines, and they are also included in the supplier directory. NAID membership does not qualify their standards or the level of security they provide.
However, those shredding companies that choose to become NAID Certified® are companies that have committed significant resources to ensure the security of the information that they handle on behalf of their customers.
The process of becoming certified is extensive, and involves many operational commitments on the part of the certified vendor. The certification process requires that all employees undergo background investigations, that all employees receive comprehensive security training, and that operational procedures, and physical facilities incorporate many security safeguards. This includes both physical security measures, as well as operational and information security procedures. Further, NAID certification requires an initial third party audit, as well as ongoing audits to ensure compliance with all security guidelines and procedures. Those organization that are simply members are not subject to any of these requirements.
The difference between membership and certification is significant. The member belongs to an organization that publishes comprehensive industry standards for the security of information; however, the organization that is NAID Certified® has proven that they operate in strict accordance with these standards.
NAID Certification is the only qualified standard for security in the document destruction industry. It establishes due diligence and proper application of "Reasonable Care" required for compliance with HIPAA, Gramm-Leach-Bliley and FACTA. NAID membership, in and of itself, does not. Because the responsibility to protect information cannot be transferred to a vendor, it is good business practice to choose a NAID Certified® shredding company with verified security standards.