Data destruction standards: assured through UKAS accreditation
Greenworld has received re-accreditation to ISO27001 for the third consecutive year, demonstrating our ability to provide international best-practice “information security processes”.
The standard - which typically takes 2 to 3 years to be certified through UKAS accredited bodies - validates our ability secure both our own and our customers’ information assets; vital in today's world where the number and sophistication of data security breaches is on the rise.
This accreditation also ensures we are prepared for the imminent EU Data Protection Regulations (EUDPR) which will strengthen data protection legislation. It’s expected to go much further than the UK’s Data Protection Act and heavily enforce data breach notifications (see below).
In addition to Greenworld’s certification to ISO27001: 2013 we have also been re-accredited to ISO9001:2008, ISO14001:2004 & BS EN OHSAS 18001:2007.
Why our choice of accreditation body is important for you
Delivering an assured, secure and accredited service is Greenworld’s key priority. We choose to be accredited by UKAS as it is the only UK body to be accredited themselves to internationally recognised standards. It’s one of the reasons we are the only UK Company able to provide on-site data destruction to the highest military and Government standards.
The strict policy & standards of UKAS mean that our accreditation involves more than receiving a certificate; it involves an in-depth review to give you the assurance that our capabilities meet the toughest measures and that the highest standards are enforced at all times.
So whether you’re a private or a corporate company, you can be confident that our data destruction methods protect you from identity theft and prevent data recovery from end-of-life and refurbished/re-marketed equipment.
Why is it important to use an accredited Body
EU Regulation (EC) 765/2008 provides a legal framework for the provision of accreditation services across Europe. Under the Regulation, accreditation, when carried out against recognised harmonised standards, is regarded as a public authority activity and EU Member States are required to appoint a single national accreditation body to undertake these activities.
A ‘harmonised standard’ is a standard that has been adopted by one of the European standardisation bodies, such as the British Standards Institution (BSI) in the United Kingdom.
Certification bodies are accredited by national accreditation bodies
In 2009, The Department of Business, Innovation and Skills (BIS) appointed UKAS (United Kingdom Accreditation Service) as its ONLY national accreditation body. This appointment empowered UKAS to undertake the accreditation of certification bodies in the UK, according to ISO/IEC 17021, for the certification of management system standards (under the Accreditation Regulations of 2009), amongst other accreditation activities.
It is important to ensure that the certification body you use for the certification of a management system standard (for instance ISO/IEC 27001 or ISO/IEC 22031) is accredited by the official national accreditation body, and that the national accreditation body is a member of the IAF, UKAS being the only one in the United Kingdom.
A Memorandum of Understanding was signed in 2009 between the Government BIS and UKAS to maintain and promote a strong national accreditation service in the UK.
Why you should avoid using non-accredited certification bodies
- Non-accredited certification bodies (and those that claim to be accredited by an accreditation body not recognised by IAF) typically offer a service that includes both consultancy and certification; no formally accredited certification body will offer this type of service, as the international ISO framework recognises the obvious conflict of interest when a single organisation assesses its own work while also offering advice/consultancy.
- Non-accredited certification bodies (and those that claim to be accredited without the recognised scheme) are not subject to regular performance, quality and competence monitoring by a national accreditation body (such as UKAS).
- Non-accredited certification bodies (and those that claim to be accredited without the recognised scheme) usually do not operate in line with the international standards that set out requirements for certification bodies (e.g. ISO/IEC 17021).
About ISO/IEC 17021
- ISO17021 is the international standard that sets out the requirements for bodies providing audit and certification of management systems. As the International Organization for Standardization (ISO) says, "Certification of management systems is a third-party conformity assessment activity. Bodies performing this activity are therefore third-party conformity assessment bodies."
- In other words, certification bodies can never provide a certification service in conjunction with their own consultancy work.
- It is important to crack down on non-accredited certification bodies, as they damage the reputation of the certification schemes accredited by UKAS.