Topwood Ltd - Paper Shredding & Document Destruction
Freephone 0800 781 1066

Company Certificates

ISO27001

ISO 27001

ISO9001 2014-2017

ISO 9001 2014-2017

BSIA Membership

BSIA Membership

Waste Licence

Waste Licence 2015-2018

WEEE Asset Disposal Registration

WEEE Asset Disposal Registration

ICO Registration

ICO Registration

Commercial Insurance

Commercial Insurance

Certificate of Incorporation

Certificate of Incorporation

LGV Operating Licence

LGV Operating Licence

Topwood Fleet Insurance

Fleet Insurance

Topwood Safe Contractor

Safe Contractor

Shropshire Chamber of Commerce

Shropshire Chamber of Commerce

First Data Merchant Solutions

First Data Merchant Solutions

Free Quote
Fill out my online form.

5 Reasons To Trust Us


 

Free No Obligation Quote

If you would like a quote for any of our storage services please call or email us - you might be surprised at how cost effective our services are!


ISO 27001 Compliance
Topwood Compliance and Certification

COMPLIANCE AND CERTIFICATION

Compliance

A

ny organisation engaging a contractor to handle data has a duty of care to make all reasonable checks that the contractor (existing or potential) operates within legal and morally acceptable parameters. This process of due diligence ensures a business’s reputation is not put at risk by a disreputable contractor.

The Data Protection Act 1998 (DPA) requires all data processors to be registered with the Information Commissioner's Office (ICO) (Topwood Registration number Z7108387).

A fundamental principle (Principle 7) of the DPA is that data controllers have in place appropriate security measures to prevent data from being accidently or deliberately compromised. The law clearly states that subcontracting document and data destruction to a shredding company does not remove any of the data controller's legal responsibilities or liabilities.

Consequently data controllers must make periodic checks to ensure their shredding company’s security credentials remain up to date. Some data management companies falsely say, “We comply with all the relevant standards” or paste a few logos onto their website. Data controllers that accept such statements at face value are not undertaking proper due diligence and are ultimately putting their reputation at risk.


Below is Topwood’s checklist for compliance managers conducting due diligence:

Quality

Topwood’s reputation for providing first class service levels is defined, delivered and measured through a Quality Management System (QMS). The QMS is independently audited by a UKAS accredited body and complies with the requirements of ISO 9001. The leading industry association for data destruction is the British Security Industry Association (BSIA) which requires members to have ISO 9001. Topwood is a member of the BSIA.

Information Security

Whether Topwood supplies file storage, document scanning or data shredding services, its success is wholly dependent on providing information security. Topwood operates to an Information Security Management System (ISMS). This ISMS is independently audited to comply with information security ISO 27001. ISO27001 is increasingly seen by compliance, security and procurement managers as the ‘gold standard’.

The following principle standards are incorporated into the scope of Topwood’s ISO27001 certification.

 

PD5454:2012 *

The principle standard to which storage services are supplied.

 

EN15713

Principle standard regarding secure destruction of sensitive information.

 

BS7858

All staff employed at Topwood are vetted to BS7858.

* Topwood Ltd has adopted this standard for a number of years and it will soon be incorporated into the scope of the next ISO 27001 certificate.

Other standards incorporated include BS8418 (CCTV), EN150131 (intruder alarms), EN50133 (access control systems), BS5839 (fire detection and alarm systems) and CPNI (used by government departments and agencies when engaging contractors for the destruction of national assets).

Environmental

Topwood ensures the safe and responsible handling of confidential waste on behalf of its customers. By operating an Environmental Management System (EMS) based on ISO 14001 Topwood can provide an audit trail that waste is handled and recycled in a legal and sustainable manner.

For example, some data destruction companies still destroy data through incineration but at Topwood we comply with the waste hierarchy regulations which require the mechanical destruction of data. This method of destruction allows for the recovery and recycling of materials. 100% of the paper we shred is recycled into useful paper products.

Our EMS ensures our waste carriers license is kept up to date (Topwood is a registered waste carrier with the Environment Agency Licence Number CB/CN5312ZW) and that all movements are controlled through the use of waste transfer notes. Likewise our T11 exemption allows us to repair, refurbish or dismantle various types of waste electrical and electronic equipment so that WEEE is re-used or dismantled so parts can go for recovery.

Duty of Care - Ensuring a Safe Workplace

Topwood is committed to providing a safe working environment. Topwood has been independently audited and was found to have excellent risk management under the Safecontractor scheme. Certification assures customers that Topwood operates a safe workplace. The term safe workplace is broad but duty of care extends to all persons who come into contract with Topwood’s activity and that the workplace extends to all locations including customers’ offices and depots.

Insurance

Due diligence checks should ensure contractors have the statutory minimum and any additional cover required. Topwood has the following cover;

  • Public liability insurance £5mn in respect of each and every claim
  • Employers liability insurance - £10mn provided in respect of each and every claim (it is a legal requirement all companies hold
  • Professional Indemnity - £1 million.

Personnel

To comply with EN15713 all employees are security vetted. Topwood uses a third party vetting firm to security check to BS7858 prior to a person's employment with Topwood. BS7858 includes Disclosure and Barring Service (DBS) checks and this vetting is repeated every 3 years.

  • All staff are required to sign a Confidentiality agreement prior to engagement with Topwood
  • Topwood conducts its own due employee due diligence. For example, we carry out quarterly DLVA licence checks
  • All staff participate in a training programme which includes topics such as how to handle sensitive information and risk management for a safe workplace etc.

Operation of Vehicles

  • All vehicles operate from a registered operating base at SY14 7BY
  • Shred trucks are operated and maintained in accordance with the provisions granted in Topwood’s Operator Licence (OC1052569) issued by VOSA.
  • A fleet insurance policy covers all vehicles and may be downloaded here

Trusted by

  • Dee Valley Water
  • Glyndwr University
  • Jolliffe and Co Solicitors
  • Kellogs
  • NHS
  • Probation Service
  • Hacker and Young
  • Savills
  • Arch Initiatives
  • CLS Caring for People
  • Dwr Cymru