Code of Practice

1. Name

The name of the association is the: `UNITED KINGDOM SECURITY SHREDDING ASSOCIATION’. Hereafter also referred to as UKSSA or ‘the Association’.

2. Aims and objectives

i) To collectively promote members’ security shredding and confidential data destruction services at local and national levels.

ii) Offer member services for the secure destruction of all data including paper, tape, acetate, film and electronic media.

iii) Have a broad membership to ensure effective representation of all areas of the United Kingdom and Ireland.

iv) Ensure that members are committed to offering a service that is appropriate to customers’ requirements.

v) Offer advice and assistance to external organisations requiring disposal and destruction of confidential documents and data.

vi) To rigorously enforce the standards set by the Association across all members. vii) Establish and maintain high standards of service and performance throughout the security shredding industry.

viii) Liaise with government and other legislative, authoritative and regulatory bodies at local, national and international levels to establish, maintain, improve and enforce the highest standards of operation and best practice throughout the industry.

3. Standards

Service Members performance commitments:

 

• It is a requirement for members to clearly communicate and provide written terms and conditions of supply to their customers. This will include:

1. a) Suitability of the product and/or service for particular applications. In this case, the customer’s requirements.
2. b) Advice on the proper choice of product and/or service sold to meet the requirements of the relevant Codes of Practice (usually British and/or European Standard Codes of Practice) and Regulations.
3. c) Guarantees of service and security levels, in line with current security shredding industry standards (BS EN 15713:2009) which will be outlined in a written contract.
4. d) Sub-contracted work will only be allocated to companies following the recommendations in BS EN 15713:2009. Clients will be informed of this.

 

Service Members Environmental Commitments:

• All association members are committed to the circular economy, and to ensuring the return of collected paper to useful production.
• Our members will, where practicable, recycle material that has been destroyed/shredded.
• Products that are not recyclable, must be disposed of after the consideration of the environmental impact, cost, and convenience of other methods of waste disposal (i.e., energy can be recovered for power generation).
• Members will continually review and, where possible, renew all aspects and policies of their business from transport, destruction of confidential materials, administration, and sales in relation to minimising their negative impact upon the environment.

The Standards in line with our policies:

BS EN 15713 sets the European standard for document and data destruction. It holds authority over all similar documents, relating to the secure destruction of documents & data. This document outlines the targets that confidential destruction companies must meet, in order to maintain a high level of security for the destruction/storage of confidential data. Recommendations are provided, in relation to the collection, haulage and destruction of confidential data/material, in order to maximise security in which this material is handled, processed and disposed of. BS EN 15713 should be the go-to document for any security destruction/storage business wanting to improve its secure data destruction processes.

The standard draws focus to a number of different aspects of a confidential data destruction business, including:

• Staff –
  • Must be vetted to BS 7858
  • Must have a signed confidentially agreement prior to commencement of employment
  • Must carry company issued identification to every collection
• Collection(off site) Vehicles –
  • Must be box bodied or have a demountable container
  • All curtain siders must be securely sealed to avoid risk of confidential waste being dropped
  • Must have radio or phone communication with its home site
  • Must have working immobiliser of alarm system fitted
  • Must be lockable/sealed during transit
  • Must be immobilised or alarmed when left
  • Must be fitted with remote vehicle tracking
• Destruction(on site) Vehicles –
  • Must be box bodied
  • Must have lockable doors
  • Must have radio or phone communication with its home site
  • Operator must always stay with the vehicle if unprocessed material is onboard
  • Must be fitted with remote vehicle tracking

 

• Premises –
  • Must have an administration office, where all necessary documents/records are kept.
  • Must be disconnected from any other business(s)/Activities on the same site.
  • Must have an intruder alarm system installed, in line with BS EN 50131-1. Said system must be monitored by an alarm receiving centre.
  • Must have a monitored, recorded, CCTV system installed. Capable of monitoring the unloading, storage & processing areas. These images must be kept for a m minimum of 31 days. Unless a separate arrangement is agreed with the client.
• Environmental –
  • Paper based material shredded will be recycled into new printing and tissue products.
  • Non-paper material shredded will be sent to Energy from Waste plants.
  • Waste transfer notes must be provided for all collections, this can be done on an annual basis for regular collections.
• Collection and retention of data –
  • All confidential material to be processed, must remain inaccessible to unauthorised individuals. From the point of collection through to destruction.
  • All collections must be made by fully vetted, and identifiable staff; carrying photographic identification and wearing uniform.
  • All off-site destruction must take place within 24 working hours of arrival at the processing site.
• Destruction of Data –
  • All confidential material is to be destroyed in line with current industry standards (BS EN 15713:2009). Shredded documents must be cross cut, with a size no greater than 22mm OR totally destroyed.
• Contracts –
  • A written contract must be in place between the customer and business, covering all transactions between the two organisations.
  • All sub-contracted work must only be given to companies adhering to BS EN 15713:2009 standards. Clients must be informed if their work is to be sub-contracted.
• Customer due diligence –
  • It is recommended that the customer carries out annual checks on their confidential destruction provider, this includes ;
  • UKSSA certificate checks online www.ukssa.org.uk/secure-shredding-providers
  • Environmental permits check – https://environment.data.gov.uk/public-register/view/index
  • Waste carriers licence checks – https://environment.data.gov.uk/public-register/view/search-waste-carriers-brokers
  • It is best practice that a client who is specifying or purchasing the services of a data destruction company should ensure the company is ISO 9001 accredited, with a valid certificate, obtain copy from your service provider.
  • Insurance certificates – Public & Products liability cover £5m, Employers Liability cover £10m.

 

4. Management

The management of affairs of the Association shall be vested in an Executive Council consisting of:

i) Chairman, Vice Chairman, Treasurer and Secretary.

ii) All full members and/or their representatives.

iii) The Chairman, Vice Chairman, Treasurer and Secretary will be elected annually from among full members of the Association and the term of office shall be one year.

5. Proceedings

i) The Association Executive Council shall meet monthly, or at such intervals as may be convenient for the relevant business dealings and meetings shall be held at places determined by the Executive Council.

ii) The quorum for the Executive Council’s business shall be not less than 50%.

iii) At such meetings, each fully accredited member shall have one vote and all resolutions and decisions of the Executive Council shall be made by a simple majority of votes cast. In the event of a tied vote, the chairman of the meeting shall hold the casting vote.

6. Membership

i) To have qualification, members must be actively involved in the process of security shredding and have facilities available to meet the standards as set out by the Executive Council.

ii) Members may only be elected or expelled with the full agreement of the Executive Council.

iii) Members may resign from the Association at any time by giving 6 months written notice. There will be no refunding of membership/audit fees upon resignation or expulsion.

iv) Any person or corporate body wishing to join the Association must hold the necessary qualifications and have two full Association members to propose and second any nomination in writing to the Chairman or Treasurer.

v) The Association, at its discretion, may determine the maximum number of members of UKSSA and declare membership closed whenever it may think fit.

7. Promotion

i) Only fully accredited members will be able to declare or represent themselves as members of the Association.

ii) Only fully accredited members will be able to use the Association logo, namestyle, literature or other forms of communication.

iii) Only fully accredited production locations will be listed on the UKSSA website.

iv) Members should not use the UKSSA logo, namestyle, literature or other forms of communication to imply that member operations are fully accredited to UKSSA unless each operation is fully accredited to the UKSSA Code of Practice through independent audit.

v) Any member acquiring a new security shredding operation should not imply that this operation is fully accredited to the UKSSA Code of Practice under their Membership of UKSSA until an independent audit of the new operation has been carried out against the UKSSA Code of Practice.

vi) Any Member acquiring a new security shredding operation that has already been fully accredited to the UKSSA Code of Practice through independent audit can continue to imply that the operation is fully accredited to the UKSSA Code of Practice dependent on the frequency of audit for that operation being maintained in line with the UKSSA Code of Practice.

vii) Fully accredited Members should not use the UKSSA logo, namestyle, literature or other forms of communication to monopolise internet search engine listings.

8. Amendments to the rules

i) These rules may be modified, varied or supplemented as necessary by the Executive Council in the Association meetings.