PRISM Privacy+ Certified for first-class security

Security, protection, and efficiency are just a few of the benefits you can expect

PRISM Privacy+ Certified since 2007

Blue-Pencil Information Management holds Prism Privacy+ Certification for records storage services. This provides our customers peace of mind as they know their confidential information is always handled securely.

Strictly enforced information security standards

Not all records management companies hold Privacy+ Certification, only the most secure do. There are strict rules, policies and procedures that must be followed to become and remain a certified member.

Complete document protection

The Privacy+ certification verifies there are strict physical access controls, climate controls, and electronic transfer protection in place at all times.

Privacy+ Certification requirements

Privacy+ certification is owned and administered by PRISM International (Professional Records & Information Services Management), which is a not-for-profit trade association for the commercial information management industry.

Confirm our Certification on the Prism website

Strict security measures

PRISM certification requires us to have several security measures in place, including:

  • Detailed information security policy
  • Formal written privacy policy statement that communicates how we access and utilizes consumer data
  • An appointed manager or individual responsible for overseeing our programs

Rigorous certification processes

The certification process ensures that our information security policy:

  • Identifies the laws or regulations that our organization is required to follow
  • Specifies operational procedures for physical access to and the handling of customer information stored physically or electronically at our site
  • Specifies the process for incident response that complies with Payment Card Industry Data Security Standard (PCI DSS) requirement 12.9
  • Fully addresses PCI Requirements 9 and 12
  • Specifies the methods for employee training to be conducted at least annually
  • Specifies disciplinary procedures for employees found in violation of the policy
  • In addition, we are required to maintain human resource and vendor standards to ensure the highest level of security

Complete physical protection of your documents

The Privacy+ certification verifies that we have strict physical access controls, climate controls, and electronic transfer protection.

The physical access controls we are required to have in place to maintain our certification include:

  • All access points to our facility are locked or have an electronic access mechanism
  • Our facility is equipped with a burglar alarm and video monitored 24/7
  • All entry points are always monitored
  • All visitors provide valid identification, sign a written log to gain entry and wear a badge that clearly designates them as a visitor
  • All visitors are always escorted by an authorized employee unless preauthorized as a known visitor, such as common vendors
  • Unattended vehicles containing client information are locked
  • Entry to client record sites is logged, either manually or electronically
  • There is strict control over the internal or external distribution of any kind of media
  • Our climate control guidelines are guaranteed by having the Privacy+ certification as well