- 23 June 2023
- Posted by: Caelia Quinault
- Category: UKSSA news
Going for Gold: What the UKSSA auditing process involves
In order to become an UKSSA member, companies must undergo an independent security audit to demonstrate they are working to the highest standards, and are re-audited every two years.
Here we speak to Trevor Dean and Lee Payne of UKSSA auditors Dean Associates, about what the auditing process involves and how this sets UKSSA members apart from the competition.
How did you first become involved with UKSSA?
Trevor: We have been working with UKSSA for over ten years. We were originally brought in because of our knowledge of the industry, to ensure that standards were being met and apply some common sense to the auditing process.
What is your background?
Trevor: I have worked in the standards industry for over 30 years and Lee for ten years, across a number of industries. Our skill is knowing the type of things we are looking for. We also audit for management standards ISO 9001, 14001 and 45001 plus others, so can perform a dual function for some UKSSA members.
Lee: We are both partners at Dean Associates, which is based in Peterborough, as well as Lead auditors. Trevor, who founded the business, is known as a bit of a waste guru in the certification part of the industry as he knows so much about the sector!
What does the UKSSA auditing process involve?
Lee: Before we carry out an audit, we provide sites with an extensive list, which effectively says these are the rules and this is what you need to be doing to ensure everything is in place. We then arrange a site visit and this will be carried out by one of us.
The UKSSA certification incorporates both EN15713 (Secure Destruction of Confidential Material) and BS 7858 (Secure Screening of Individuals Working in a Security Environment) but is broader than that. We look at everything from making sure vehicles are maintained, and waste exemptions permits are in place to ensuring personnel are screened to a high level to checking the CCTV arrangements. It is quite broad and comprehensive. We will do checks to make sure risk assessments are in place, people are screened and the trail is there to say they are doing it correctly. We also advise sites on where there may be gaps in their processes.
Once completed we go away and produce a report, which is in two parts – an overview and a more detailed breakdown, detailing everything from records seen and what vehicles were looked at to conversations with members of staff. We don’t mention anybody by name.
The result of the audit is then passed to UKSSA who are then responsible for reviewing the recommendations and if approved will then issue a certificate, which companies can display and put on their websites.
How long does the UKSSA audit take?
Trevor: We typically allow one day to visit each site, go away and write it up. But we try to be flexible.
How much does it cost?
Trevor: The current cost of each UKSSA site audit is £475 plus VAT. Travel to sites is also charged, along with overnight accommodation if required. We can provide an exact quote and if you have multiple sites, we can if required audit two or more sites per year over consecutive days to keep your expense costs down.
Are the findings from the audit confidential?
Lee: Yes. We only send the report to UKSSA and the client. When we carry out a visit it is also not unusual for us to sign NDA’s or confidentiality agreements.
Trevor: We’re also registered under data protection ourselves.
How hard is it to achieve UKSSA certification?
Trevor: We need to ensure companies are compliant but we try not to say a simple yes or no, but take a collaborative approach to nudge companies in the right direction and work with them.
Lee: However, if they don’t have the criteria we won’t pass them until they have met all the criteria, until everything is up to date and given to us, to ensure standards are maintained.
Are the bi-annual audits any different?
Lee: The audit is the same, but we go in with a fresh pair of eyes to make sure they are continuing to improve or continuing to do what they are doing.
What are the benefits of UKSSA certification?
Trevor: Companies who achieve the UKSSA certification can demonstrate that they have been independently audited to the highest standards in the data destruction industry, incorporating both EN15713 and BS 7858. Some companies claim on their websites to meet these standards without independent verification. The UKSSA certification provides definitive proof, which really sets UKSSA members apart.
To find out more about UKSSA membership and how to book an audit, click here.