Contact Us (905) 847-2583

Blue-Pencil Is A Certified Records Management & Confidential Document Storage Provider

We Are Certified With A PRISM Privacy+ Certification

At Blue-Pencil Information Security Inc., we provide confidential records management, confidential document shredding, and confidential scanning services. We hold a Privacy+ Certification from PRISM International and have successfully completed a CSAE 3416 audit. This certification and attestation verifies that Blue-Pencil has the proper internal controls and processes in place to deliver high-quality information security. Read on to learn more about our enhanced security and protection service. Give us a call today if you are interested in finding out more about what Blue-Pencil can do for you and your business.

About The Privacy+ Program

Privacy+ is an international certification program for companies providing outsourced storage and protection of hard-copy records and off-line removable computer media. Participation in Privacy+ allows companies to publicly demonstrate their commitment to protecting the privacy of information entrusted to them by their clients by meeting certain privacy benchmarks. Privacy+ certification is owned and administered by PRISM International (Professional Records & Information Services Management), which is a not-for-profit trade association for the commercial information management industry. Privacy+ certification is applicable to participating companies’ physical storage and handling of hard-copy records and off-line removable computer media.

Privacy+ certification is owned and administered by PRISM International (Professional Records & Information Services Management), which is a not-for-profit trade association for the commercial information management industry. Privacy+ certification is applicable to participating companies’ physical storage and handling of hard-copy records and off-line removable computer media.

Blue Pencil also holds an NAID AAA Certification to certify that our secure shredding services are confidential and have a higher level of security than the average shredding service alternatives.

Why Blue Pencil Became Certified

We decided to gain the PRISM Privacy+ Certification to give our customers peace of mind. Here is a quote from our president Mario Skopek that explains the rationale further for why we have become certified.

“I’m astonished at the high number of prospects Blue-Pencil meets each week who have never visited their current records storage provider’s facility. They’ve been meaning to do so but their busy schedule has not allowed for it. Today’s prospects can be easily deceived by service providers who spend a lot of money on building their website and marketing program but come short putting the same amount of effort into the security and operational protocols. Our decision to become Privacy+ certified is to simply differentiate ourselves from these organizations and give our existing and potential clients peace of mind that our security and operational protocols are audited by a third party.”

-Mario Skopek, President & CEO – Blue-Pencil Information Security Inc.

Benefits Of The PRISM International Privacy+ Certification

Security, protection, and efficiency…these are just a few of the benefits you can expect when you work with a PRISM privacy+ certified records management and document storage company.

Security

PRISM certification requires us to have a number of security measures in place, including a detailed information security policy, a formal written privacy policy statement that communicates how we access and utilizes consumer data, and an appointed manager or individual responsible for overseeing our programs.

The certification process ensures that our information security policy:

  • Identifies the laws or regulations that our organization is required to follow
  • Specifies operational procedures for physical access to and the handling of customer information stored physically or electronically at our site
  • Specifies the process for incident response that complies with Payment Card Industry Data Security Standard (PCI DSS) requirement 12.9
  • Fully addresses PCI Requirements 9 and 12
  • Specifies the methods for employee training to be conducted at least annually
  • Specifies disciplinary procedures for employees found in violation of the policy

In addition, we are required to maintain the following human resource and vendor standards to ensure the highest level of security:

  • We perform background checks on potential employees, including criminal, credit, pre-employment, and reference checks
  • We have each employee and contractor sign a confidentiality agreement
  • We have documented hiring and termination procedures to provide or remove access to customer information
  • We have a formal selection process to evaluate third-party capabilities and service delivery
  • We have each vendor sign a confidentiality agreement
  • We contractually communicate security responsibilities to each vendor

Protection

The Privacy+ certification verifies that we have strict physical access controls, climate controls, and electronic transfer protection.

The physical access controls we are required to have in place to maintain our certification include:

  • All access points to our facility are locked or have an electronic access mechanism
  • Our facility is equipped with a burglar alarm and monitored 24/7
  • All entry points are monitored at all times
  • All visitors provide valid identification and sign a written log to gain entry
  • All visitors wear a badge that clearly designates them as a visitor
  • All visitors are escorted at all times by an authorized employee unless preauthorized as a known visitor, such as common vendors
  • Unattended vehicles containing client information are locked
  • Entry to client record sites is logged, either manually or electronically
  • There is strict control over the internal or external distribution of any kind of media. Our controls include the following:
    • We classify media so the sensitivity of the data can be determined
    • We send the media by secured courier or other delivery method that can be accurately tracked

Our climate control guidelines are guaranteed by having the Privacy+ certification as well. This includes:

  • Our facility is equipped with a fire suppression system
  • Our facility is equipped with a fire detection system and monitored 24/7
  • Critical operation servers, including those containing client-owned information, are equipped with battery backup systems
  • Critical operation servers are properly cooled if contained within an enclosed computer room

In regards to electronic transfer protection, the certification also confirms that we use websites or browser-based utilities with secure sockets layer encryption when accessing client information.

Efficiency

Cost reduction, cost avoidance, enhanced productivity… Conserving resources and cutting costs are among the most popular activities in corporations today.  With the PRISM Privacy+ certification, we can provide the confidential records management and document management you need with higher security measures than you could internally at a lower cost through economies of scale.

To learn more about the certification criteria, click here.

Confirm Our Certification

To confirm our certification, visit the list of currently certified companies at:

http://www.prismintl.org/Privacy-Certification/privacy/privacy-certified-companies.html

prism-list-small

“They are very quick and trustworthy.” – Christine Jassir

Read More Comments From Customers