Office of the Saskatchewan Information and Privacy Commissioner. Guide to FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 346 look for a provider accredited by an industrial trade association, such as the National Association for Information Destruction (NAID), or at least be willing to commit to upholding its principles. Criteria may also include finding a service provider that has written policies and procedures that must be approved by a specific person or committee within the organization. Additionally, criteria may also relate to whether the service provider creates a Certificate of Destruction for each destruction event, has a confidentiality agreement with each employee, and is willing to submit itself to independent audits. (ii) Confirm method of destruction Organizations outsourcing the secure destruction of paper and electronic media should include a requirement in their secure destruction policy to confirm which methods the potential service provider employs for the destruction of records. (iii) Secure transportation Organizations should confirm whether a potential service provider offers secure transportation of the materials to the destruction site, or whether the organization must obtain secure transportation services. Organizations should also develop procedures to ensure that the transfer of paper and electronic media for destruction is secure. When transferring to a secure destruction service provider, transfer procedures may include appropriately documenting transfer of custody and acceptance of fiduciary responsibility by the service provider or approved secure transportation carrier. Upon receipt of the media, the service provider should document and verify the reception of all media by checking serial numbers, etc. An organization may wish to determine whether satellite locations will provide the paper records and electronic media to be destroyed directly to the approved service provider, or whether the satellite should ship the media to the central arm of the organization. If the satellite location deals directly with the service provider, the organization may choose to follow a procedure of having the authorization accompanying the records to the secure destruction facility, with a copy remaining at the satellite location. (iv) Elements of a service provider contract Organizations should sign a formal contract or agreement with all external service providers hired for the purpose of securely destroying records, or for transporting records
RkJQdWJsaXNoZXIy MTgwMjYzOA==