implementing a shred-all policy

implementing a shred-all policy
There are very few businesses today that haven’t wrestled
with the question of how to manage the risk associated
with the disposal of sensitive information. The issue has
been driven by both federal regulations, including the
FACTA Disposal Rule, and numerous other existing and
pending federal and state laws governing the disposal of
consumer information.
Pressure has also come from a growing awareness of the
power wielded by the court of public opinion. No business
wants to find itself making headlines because of a security
breach, with private, sensitive information suddenly
becoming public – however inadvertently.
Now that you’ve decided to shred, you need to determine
how much of the information your firm generates you want
to shred. All of it? Half of it? Only those documents that have
been identified, for whatever reason, as highly sensitive?
You must also decide who will do the shredding. Will it be
firm employees with access to a personal shredder? Or will
you entrust your shredding to an outside firm that can
guarantee the documents have been securely shredded?
As you will see, there is really only one viable answer to all
of these questions.
The Selective Shred option places the burden on your
employees to decide what gets destroyed. This can help
reduce the amount of material that needs to be shredded,
but there are several things it is important to understand if
you choose Selective Shred:
1. Your shred program will rely on the guidelines and
procedures that you establish. You will need to make sure
that these conform to all government and industry
regulations and that they are updated when the rules change.
2. You will need to establish a training program to make
sure that your employees know exactly what needs to
be destroyed securely, and what can be placed in
recycling or trash containers. New employees will need
to be trained as they are hired, and existing employees will
need periodic refreshers. Anytime the guidelines are
changed, you will need to make sure everyone receives
updated training.
3. If you are using office shredders, you will need to
make sure employees shred documents immediately
and don’t just pile them up near the shredder. And
because office shredders periodically break down, you will
need to have a plan in place that takes this into account.
The plan should provide for the time it takes to locate a
replacement or to have a new one shipped in.
4. You may want to establish a program to monitor
paper that is placed in trash or recycling containers.
People will make mistakes, and having someone doublecheck all the paper that is not marked for secure
destruction will help catch mistakes before that paper
leaves the complex.
800 899 IRON (4766) /
Secure Shredding
The Shred-All option instructs employees to securely shred
all information no longer needed for business or required
by compliance laws – as opposed to placing it in a trash can.
Implementing a program is simple and only requires a few
key steps:
—— Make sure there are shred bins placed at convenient
locations throughout the office. Have clear instructions
You no longer have to worry about creating policies that
are current with all government and industry laws and
regulations. Employees are not asked to decide whether
information is sensitive, classified or confidential. The
Shred-All option completely takes employee decisionmaking out of the compliance process, thereby removing a
company’s single biggest risk factor. Shred-All programs
are implemented by organizations that:
posted as to who to contact if a bin fills up and needs to
be serviced ahead of schedule.
—— Make sure that all employees understand the importance
of securely destroying documents, and are aware that
there are laws, regulations and company policies that
can all be satisfied by a “Shred-All” policy. They should
know never to second-guess what a document contains
and risk dropping a confidential document in the trash
—— Want to be certain that anything that needs to be
destroyed is destroyed in a secure and timely fashion.
—— Don’t want to burden employees with the responsibility
by mistake.
—— Make sure clear guidelines are posted to let people know
what types of materials can be placed in a shred bin and
of having to decide what is sensitive enough to require
what cannot. All types of documents and reports, for
example, can be placed in a shred bin, but old DVDs and
The Shred-All option is easy to explain, easy to understand
and, best of all, easy to implement.
A Shred-All policy all but eliminates the chance for a
potentially devastating security breach. Employees no
longer have to agonize over whether a particular
document contains confidential information. All employees
have to know is that the document, by definition, has
outlived its usefulness to the organization. Their only
responsibility at this point is to have it shredded.
batteries cannot.
Adopting a Shred-All policy makes life simpler all the way
around for everyone in the workplace. It reduces risk, and
greatly enhances compliance while letting employees focus
on their job – not on sorting paper.
Most organizations selecting a Shred-All program will
retain a shredding vendor to collect and securely destroy
their information. The vendor will also provide a certificate
of destruction attesting to the fact that the information
has been destroyed as required.
ABOUT IRON MOUNTAIN. Iron Mountain Incorporated (NYSE: IRM) provides information
management services that help organizations lower the costs, risks and inefficiencies of managing
their physical and digital data. Founded in 1951, Iron Mountain manages billions of information
assets, including backup and archival data, electronic records, document imaging, business records,
secure shredding, and more, for organizations around the world. Visit the company website at for more information.
© 2013 Iron Mountain Incorporated. All rights reserved. Iron Mountain and the design of the mountain are registered trademarks of Iron Mountain Incorporated in the U.S. and other countries.
All other trademarks and registered trademarks are the property of their respective owners.
800 899 IRON (4766) /
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF