NAID AAA Certification
Why Become Certified?
As a professional service provider offering secure data destruction services, maintaining compliance and security best practices is essential. Here’s why NAID AAA Certification® matters:
Review Manual
Provide independent, third-party validation that your operations meet strict regulatory and security requirements—giving clients confidence beyond “trusting your word.”
About 75% of NAID AAA Certified members report that certification positively impacts their business, often opening doors to contracts they couldn’t otherwise pursue.
Demonstrate alignment with industry standards and regulatory expectations while strengthening your reputation as a trusted, compliant service provider.
Meet client due diligence requirements and position your business to compete for higher-value and government contracts that require verified certification.
types
Why Use a NAID AAA Certified Member?
Leading certification for information security and privacy management
i-SIGMA’s NAID AAA Certification is the most recognized and acknowledged verification of data destruction qualifications in the world. The program has:
- More than 950 i-SIGMA NAID AAA Certified locations now operate on 5 continents
- Dozens of government agencies require i-SIGMA NAID AAA Certification to destroy their discarded sensitive media
- The amended IRS Publication 1075 (2016) acknowledges the value of i-SIGMA’s NAID AAA Certification
- New Jersey requires i-SIGMA NAID AAA Certification for on-site destruction of hard drives
- i-SIGMA NAID AAA Certification with PSPF Endorsements qualifies for the external destruction of Australian Government official information (see a list of companies with the endorsement)
It is also the most meaningful and robust secure data destruction validation program, as it:
- Verifies service provider compliance with all data protection regulations, fulfilling the client’s legal responsibility to do so
- Qualifies as the service provider Risk Assessment as required under the HIPAA Security Rule
- Qualifies as the required vendor selection due diligence required by all data protection regulations
- Meets forthcoming requirements of the EU General Data Protection Regulation (May 2018)
- Is required in order to obtain Downstream Data Coverage®, a professional liability policy honed specifically for data-related service providers
i-SIGMA NAID AAA Certification® sets the standard for secure information destruction through a rigorous audit program that includes both scheduled and unannounced reviews. Certification helps organizations meet key regulatory requirements and ensure the protection of sensitive information.
Certified providers support compliance with major regulations including FACTA, HIPAA, and PCI, giving clients confidence that proper safeguards are in place—from secure handling and transportation to final destruction.
i-SIGMA auditors are highly trained and independently verify that strict protocols, including secure processes, chain of custody, and employee background screening, are consistently followed.
Ongoing, unannounced audits ensure continuous compliance, while oversight by the Certification Committee reinforces accountability and upholds the integrity of the program.
Member Voices
NAID AAA Certification Program FAQs
Certification positions your company to compete for thousands of private contracts and government opportunities where verified compliance is required. It also pre-qualifies you as meeting regulatory standards—giving clients confidence and a reason to choose your business.
Yes. Certified businesses demonstrate standardized processes, regulatory compliance, and stronger contract positioning—all of which increase company value for potential buyers or investors.
Certification applies to both physical destruction and electronic media destruction. Endorsements further define services such as mobile (on-site), facility-based operations, and specific media types like paper and hard drives.
Yes. Certification is a benefit of i-SIGMA membership, and members must remain in good standing to maintain certification.
No. Membership and certification are separate programs with separate annual fees. Membership renews annually, while certification renews on your approval anniversary date.
After becoming a member, you submit an application and fees. An auditor is assigned to evaluate your operations, and upon approval, you receive certification credentials and are listed in the i-SIGMA directory.
Typically 4–8 weeks after a complete application is received. Timelines may vary depending on readiness and type of certification.
Mobile operations occur at the client’s site using on-site equipment, while facility-based operations are performed at a secure, stationary location.
Certification requires strict adherence to operational standards, including security measures like CCTV retention, employee screening, and documented procedures to protect confidential material.
Fees typically range from $1,248 to $5,802 USD annually, depending on the type and scope of operations.
All requirements are outlined in the i-SIGMA Certification Specifications Manual.
Yes. i-SIGMA provides staff support, access to certified consultants, and educational sessions to guide you through the process.
Updates are communicated through the i-SIGMA Certification Department and available through official member resources.
