Press Release: Ponemon Institute Identifies Checklist for Security of Data Recovery Service Providers

DriveSavers is the only data recovery company worldwide to meet these security requirements

RSA Conference 2010, Booth 229
March 1, 2010 – SAN FRANCISCO — (BUSINESS WIRE) — DriveSavers, the worldwide leader in data recovery services, today announced that an independent study by the Ponemon Institute, a privacy and information management research firm, has unveiled a Data Security Checklist for vetting third-party data recovery service providers. The study, “Security of Data Recovery Operations,” conducted among IT security and IT support practitioners, is the first national study published on the security of data recovery operations for businesses and government organizations. DriveSavers is the only data recovery company worldwide that can meet all the security requirements on the checklist.

Paul Reymann, CEO, Reymann Group, and one of the nation’s foremost experts in regulatory compliance and information risk management comments, “The lack of information security protocols and practices in the vetting, selecting and use of data recovery service providers is not a potential problem–it’s a real problem! The checklist is a prudent solution to help ensure data recovery vendors protect sensitive data during the data recovery process.”

For companies that do have a strong vendor risk management program, mandated vendor management practices apply to all stages of the information life cycle. CompuCom Systems, Inc., the leading IT outsourcing specialist, and Lawrence Livermore National Laboratory (LLNL) have extremely stringent security protocol and auditing processes for their third-party vendors. DriveSavers Data Recovery has experienced first-hand and passed the stringent security protocols of CompuCom and LLNL which include each of the requirements listed in the Data Security Checklist below.

“Lawrence Livermore National Laboratory’s (LLNL) data security standards are based on the National Institute of Standards and Technology’s (NIST) recommendations. We strive to ensure that our mission critical data handled by third-party vendors is protected at a level equivalent to the standards we hold for ourselves,” said Neda Gray, CISSP, Information Systems Security Officer for Operations and Business at LLNL. “We periodically require an exhaustive security assessment of our third-party vendors.”

“Data security standards are set high by CompuCom to ensure that our customer’s data is never vulnerable,” said Dave Borgese, vice president at CompuCom Systems. “We require an exhaustive security assessment of all our third-party vendors. DriveSavers is SOC 2 Type II compliant and is guarded by a ‘defense-in-depth’ network architecture which provides the level of data security we promise to our customers.”

Not all companies have this level of security protocols for working with third-party vendors. The Ponemon Institute’s study confirms that there is a major gap in security protocols when selecting data recovery service providers. IT security and IT support professionals, who participated in the study, revealed that they have not been involved in the selection or vetting of third-party data recovery service vendors.

Specifically:

• Eighty-three percent of the IT security and IT support practitioners, who participated in the survey, reported that their organization had at least one data breach in the past two years.
• Of the 83 percent, 19 percent said the breach occurred when a drive was in the possession of a third-party data recovery service provider.
• Forty-three percent said the breach was due to a lack of security protocols.
• Sixty-four percent of the respondents decentralize the selection for data recovery vendors to the local level, such as Help Desk, while twenty-four percent are not sure how the vendor is selected.
• Sixty-nine percent of the respondents do not have or are unsure if they have a policy for ensuring the protection of data during the recovery process.
• Forty-nine percent say IT security is not involved in the selection process.
• Only 20 percent believe data security is a major selection criterion.
• Eighty-two percent say that it should be.

As a result of this study, the respondents developed a Data Security Checklist for vetting third-party data recovery service providers.

• Proof of internal information technology controls and data security safeguards, such as compliance with SOC 2 Type audits
• Engineers trained and certified in all leading encryption software products and platforms
• Proof of chain-of-custody documentation and certified secure network
• Vetting and background checks of its employees
• Secure and permanent data destruction when required
• Use of encryption for data files in transit
• Proof of Certified ISO Class 5 (Class 100) Cleanroom

DriveSavers has a competitive advantage over other data recovery companies by being able to meet all the security requirements. A clear distinction is that DriveSavers is SOC 2 Type II compliant, the Corporate Industry’s standard for an overall control structure. DriveSavers also adheres to U.S. Government protocols, Gramm-Leach-Bliley Act Data Security Rule (GLBA), Data at Rest US mandate (DAR), Sarbanes-Oxley Act (SOX) and meets all Health Insurance Portability and Accountability Act (HIPAA) requirements, upholding the highest standards of confidentiality and data protection required by the Healthcare Industry. eBay, NASA Goddard Space Center, the Department of Defense, the Smithsonian Institution and CompuCom Systems, Inc. have all trusted DriveSavers with their critical data and have, in many cases, put DriveSavers through a rigorous security audit process.

To see proof of all the checklist items outlined above, review DriveSavers credentials below:

• DriveSavers SOC 2 Type II Certification
• Take a Virtual Tour of DriveSavers ISO Class 5 (Class 100) Cleanroom
• DriveSavers ISO Class 5 (Class 100) Certification
• DriveSavers Certified, Self-defending Network
• DriveSavers Encryption Training Certification
• DriveSavers Forensics Training Certification
• DriveSavers degausser for data destruction is approved by National Security Agency, Department of Defense and Central Security Service
• All employees handling sensitive data have received extensive background checks
• All leading manufacturers authorize DriveSavers

About DriveSavers

DriveSavers is the worldwide leader in data recovery services and provides the fastest, most reliable and only certified SOC 2 Type II data recovery service—guaranteed. DriveSavers high security services adhere to U.S. Government security protocols to ensure that no data is ever compromised during data recovery. DriveSavers maintains the most technologically advanced Certified ISO Class 5 (Class 100) Cleanroom in the industry and is authorized to open drives by all major storage device manufacturers without voiding the warranty. DriveSavers engineers are certified, by leading encryption software vendors, to recover encrypted data from all storage devices and all operating systems. Satisfied customers include: Bank of America, Google, Lucasfilm, NASA, Harvard University, Salvation Army and The Rolling Stones. (http://www.drivesavers.com)