Topwood Ltd
Freephone 0800 781 1066

How do I know if our shredding company is truly compliant with data security legislation?

The best firms will have ISO27001 Certification, which is a guarantee that their processes, personnel and procedures are independently audited to comply with the specified standards.
 
 
 
 

The Data Protection Act (1998) principle 7 states:
'data controllers (businesses) must have appropriate security to prevent data held from being accidentally or deliberately compromised'.
The law is clear regarding the liability for security breaches if data controllers subcontract data processing to third parties. If data controllers subcontract their document shredding to a data destruction specialist and there is a breach of security the data controller is liable in the eyes of the law.
A failure by your document shredding company could result in not just a fine of £500k but serious damage to the reputation of your business.

The ISO27001 Auditor from Burea Veritas
That means it is critical that data controllers only engage shredding companies that can prove they have the competence and expertise to handle data securely on behalf of data controllers. In recent years there has been an explosion in the number companies offering data destruction services.
Whilst every shredding firm claims to be compliant ... some are more compliant that others. Any of the more reputable firms will have a information security management system which incorporates all the relevant standards such as EN15713, BS7858 and any other industry specific standards.
Topwood is accredited with ISO27001
The best firms will have ISO27001 Certification,
which is a guarantee that their processes, personnel and procedures are independently audited to comply with the specified standards.
To help you we have devised a quick guide for selecting and reviewing shredding companies.

Topwood Blog

Contact Us