Chain of Custody (CoC) is the paper or digital trail from the first enquiry to the control, transfer and last stage of downloading a Certificate of Destruction. When it comes to shredding of documents, media, products or packaging it is important for the data controller to map where data is being passed and to ensure security measures are in place to protect the data. Read on to find out more.

If your company suffers from poor record management, a move to online filing makes managing your files in our storage system easy. With a secure login you can search for, edit, make requests and recall files. It also allows you to approve the destruction of files, simply by clicking your mouse. Managing files online keeps errors to a minimum and the reduced admin allows staff more time to focus on customers. Read on to find out more.

With direct access to our records centre database users can:

1. Enter new boxes and files into storage
2. ‘Quick search’ boxes and files
3. Recall files for delivery or download images (using our scan on demand service)
4. Order other services and items such as archive boxes
5. Authorise the destruction of documents.

These tasks done online remove:

1. Unnecessary emails and phone calls
2. Keying and typing errors
3. Duplication of file references.

Online access allows:

1. 24/7 access – query and search for files and documents any time from any office
2. Real time status tracking – instant location of files and the progression of requests
3. Levels of Authority – permissions ensure access is restricted to authorised personnel
4. Audit trails – to track file status and request history
5. Multi site/ users – whole businesses can access the database
6. Easy reporting – simple reports ensure cost control and files are managed according to protocols.

The net result is that your staff spend less time managing files and more time adding value to your business.

Online file management is the first step to electronic document management.

PD 5454 has now been superseded by BS 4971: 2017 which covers the exhibition and storage aspects of conservation formerly found in PD 5454.

The new BS 4971: 2017 sets out best practice of how documents and data should be stored. The standard is the benchmark for compliance managers to use when conducting due diligence and assessing the suitability of storage companies. Read on to find out more.

The standard is best practice for the storage of archived files and documents. It now includes guidance for the safeguarding of digital media such as CDs, DVDs, USBs and hard drives.

Guidance is given to security, software usage, fire protection, temperature control and humidity.

A professional records management business like Topwood should be able to demonstrate it complies with BS 4971: 2017- and we can. A facility manager, security officer or compliance manager, can use BS 4971: 2017 as a benchmark when assessing the suitability of a company. A records management firms that can not prove compliance with BS 4971: 2017 should raise alarm bells when compliance managers undertake their due diligence.

At Topwood we incorporate the standard into the scope of our information security management system (ISMS). Our ISMS is independently certified to comply with information security standard ISO 27001.

Download the PDF listing all our Compliance in one place

UK law states Data Controllers (office managers), who subcontract the handling of their data to a third party (a data processor), remain liable for that data. Data controllers must, therefore, be 100% sure that their processors have the proper processes and controls to protect their data. A data processor with ISO 27001 accreditation has been independently audited to have the relevant processes and controls. Read on to find out more.

Contents 1. What is ISO 27001? 2. What standards does ISO 27001 include? 3. GDPR – Are you compliant? 4. What is BS 4971: 2017?

What is ISO 27001?

ISO 27001 is an information security standard regulated by the International Organization for Standardization. They develop and publish International Standards. This passage is taken from their website page: ISO/IEC 27001 – Information security management ISO/IEC 27001 is the best-known standard in the family providing requirements for an information security management system (ISMS). Like other ISO management system standards, certification to ISO/IEC 27001 is possible but not obligatory. Some organizations choose to implement the standard in order to benefit from the best practice it contains while others decide they also want to be certified to reassure customers and clients that its recommendations have been followed. ISO does not perform certification.

ISO 27001 Certification webpage at BUREAU VERITAS describes the standard as follows:

ISO 27001 is the international standard related to information security management systems. It has been designed to allow you to assess your risk and implement appropriate controls preventing confidentially, integrity and availability of information assets. The fundamental aim is to protect the information of your organisation getting into the wrong hands or losing it forever.

What standards does ISO 27001 include?

Specific data handling standards include:

• Shredding: EN15713
• Scanning: BIP008
• Storage: BS 4971
• Staff Vetting: BS7858

At Topwood, we were accredited with ISO 27001 in April of 2015. We are one of the only Confidential Document Management Companies in the West Midlands to have this standard. Does your shredding firm have ISO:27001?

GDPR – Are you compliant?

With the new General Data Protection Regulations due to come into effect in May 2018, it is increasingly more important for all data controllers to ensure their data is being processed under the new guidelines. As part of this process, organisations are required to monitor all 3rd party data processors like shredding and storage companies as they come into contact and have access to individuals’ data. There are many opportunities for security breaches in any organisation.

What is BS 4971: 2017?

BS 4971: 2017 sets out best practice in how documents and data should be stored. The standard is the benchmark for compliance managers to use when conducting due diligence and assessing the suitability of storage companies.

The standard is best practice for the storage of archived files and documents. It now includes guidance for the safeguarding of digital media such as CDs, DVDs, USBs and hard drives.

Guidance is given to security, software usage, fire protection, temperature control and humidity.

A professional records management business like Topwood should be able to demonstrate it complies with BS 4971- and we can. A facility manager, security officer or compliance manager, can use BS 4971 as a benchmark when assessing the suitability of a company. A records management firm that can not prove compliance with BS 4971 should raise alarm bells when compliance managers undertake their due diligence.

At Topwood we incorporate the standard into the scope of our information security management system (ISMS). Our ISMS is independently certified to comply with information security standard ISO 27001.