If you use a disreputable company, your data may be exposed to identity theft, irreparable media damage, the downloading and improper use of confidential files, breach of data on unprotected networks, improper disposal of damaged storage devices, and the installation of malware onto hard drives along with recovered data.
In December of 2009, the Ponemon Institute (an independent research firm in the field of data protection and information security) conducted a survey among 636 IT security and support professionals on the Security of Data Recovery Operations.
- 83% of all respondents reported at least one data breach in the past two years
- 19% said the breach occurred when a drive was in the possession of a third-party data recovery service provider
- 43% said the breach was due to a lack of data security protocols
NIST Recommends Proper Vetting of Data Recovery Service Providers
The National Institute of Standards & Technology (NIST) updated its Contingency Planning Guide for Federal Information Systems (NIST SP 800-34 Rev.1) in June of 2010 with brief but effective language to help raise awareness of the third-party data recovery vendor information security risk.
Section 5.1.3 (4th Paragraph) States:
Organizations may use third-party vendors to recover data from failed storage devices. Organizations should consider the security risk of having their data handled by an outside company and ensure that proper security vetting of the service provider is conducted before turning over equipment. The service provider and employees should sign non-disclosure agreements, be properly bonded, and adhere to organization-specific security policies.
NIST is a federal agency within the U.S. Department of Commerce that develops standards and guidelines that help federal agencies implement the Federal Information Security Management Act (FISMA) of 2002 to provide adequate information security for all agency operations and assets.
NIST SP 800.34 was prepared for use by federal agencies, but it is also used by non-governmental organizations on a voluntary basis.
DriveSavers Data Recovery Meets Recommended Data Security Protocols
DriveSavers is the only data recovery company in the industry today to post proof of annual, company-wide SOC 2 Type II audit of the corporate industry’s standard for an overall control structure. Unlike Type I, a Type II audit verifies that our data hosting control objectives and control activities are in place, suitably designed, enforced, and operating effectively.
The security control objectives established for our annual audit are designed to satisfy the stringent security requirements and audits mandated by the corporate clients, healthcare service providers, and government agencies we serve.
At the heart of our secure data recovery environment is a self-defending network, protected by a “defense-in-depth” architecture that includes firewalls, intrusion protection systems, managed security services, and 24/7 real-time monitoring. Verified in our annual SOC 2 Type II security audit to be “a formidable defense” for the information and data that it hosts.
In addition to providing the highest level of data security in the data recovery industry today, DriveSavers Data Recovery offers a High Security Service that adheres to U.S. Government protocols.
Every service option offered by DriveSavers Data Recovery meets the data loss prevention and data security/data privacy protocols mandated within SOX, GLBA and HIPAA.
Trust DriveSavers with Your Data!
Unlike other data recovery companies, we can prove our statements about data security. All of our certifications and proof documents are posted here.
Clients like Bank of America, NASA Goddard Space Center, the U.S. Government, the Smithsonian Institution, CompuCom and Lawrence Livermore National Labs all trust DriveSavers with their critical data.