Prism Privacy Certification
Blue-Pencil Information Security is proud to be a member of Prism International (Professional Records & Information Services Management), a not-for-profit organization that represents companies who engage in commercial information management services. Membership is voluntary and the best way for companies to publically demonstrate their commitment to protecting the privacy of information entrusted to them by their customers.
Companies wishing to be accepted into this elite organization must meet or exceed a strict set of control objectives established by Prism
International. These controls are designed to preserve information privacy and include:
- Organization and Management Controls which ensure Blue-Pencil has updated organization charts, formal written job descriptions and an employee handbook.
- Information Security Audit Controls to ensure we comply with all the laws and regulations governing information security practices, and that we handle our customer’s information in a secure and confidential manner.
- Risk Assessment Controls provide assurance that Blue-Pencil has a written risk-assessment plan in place and will conduct risk assessments at least a once per year. If the assessment identifies a threat to security, Blue-Pencil will modify their operating procedures to address the risk.
- Human Resource Controls ensure our organization has documented hiring and termination procedures to provide or remove access to customer information. Background checks on potential employees will include criminal, credit, and reference checks and each contractor or employee must sign a confidentiality agreement prior to working for the organization.
- Vendor Management Controls provide assurance that Blue-Pencil does due diligence before hiring external vendors to ensure they understand their security responsibilities and will protect the confidential information that has been entrusted to their care.
- Physical Access Controls ensure customer information is secure and unauthorized access to areas containing confidential information has been prevented.
- Environmental Controls ensure our facilities are protected from fire and theft 24/7.
- Logical Access Controls ensure we have procedures in place to monitor, restrict, and control access to electronic applications, data, network resources, and operating systems.
- Network Security Controls assure customers that Blue-Pencil has applications in place to restrict unauthorized access to internal network resources.
- Electronic Access to Information Controls ensure Blue-Pencil has implemented procedures to protect client information that is stored or transmitted electronically.
Not all document information companies become members of Prism, but if you choose a company that is a member of this organization, you will know you have chosen a benchmark company that practices the safest, most secure information security procedures possible.
Blue-Pencil Information Security is proud to have passed all certification requirements and is a proud Prism member.