BD Banner

Service Organization Control

Security and confidentiality is our highest priority.

Service Organization Control

Service Organization Control (SOC)

Service Organization Controls (SOC) reports are designed to help service organizations, organizations that operate information systems and provide information system services to other entities, build trust and confidence in their service delivery processes and controls through a report by an independent Certified Public Accountant. Each type of SOC report is designed to help service organizations meet specific user needs:


SOC Reports:

SOC 1 Reports:

To give the auditor of a user entity’s financial statements information about controls at a service organization that may be relevant to a user entity’s internal control over financial reporting. A Type 2 SOC 1 report includes a detailed description of tests of controls performed by the CPA and results of the tests.

SOC 2 Reports:

To give management of a service organization, user entities and others report about controls at a service organization relevant to the security, availability or processing integrity of the service organization’s system, or the confidentiality and privacy of the data processed by that system. A Type 2 SOC 2 report includes a detailed description of tests of controls performed by the CPA and results of the tests.

SOC 3 Reports:

To give users and interested parties a report about controls at the service organization related to security, availability, processing integrity, confidentiality or privacy. SOC 3 reports are a short-form report (i.e., no description of tests of controls and results) and may be used in a ser vice organization’s marketing efforts.

Business Data Record Services is SOC 2 Type 2 Compliant

To view SOC2 Certificate of Audit click here

SOC 2 Type II

Payment Card Industry (PCI)


The Payment Card Industry (PCI) Data Security Standard exists to support secure practices in credit card processing. The objective of the PCI program is to encourage companies to maintain a high level of security to protect cardholder information regardless of where it resides. The foundation of PCI was built from Visa’s Cardholder Information Security Program (CISP). The standard provides the requirements that all entities storing, processing or transmitting cardholder data must abide by.

The following are compliance requirements:

  • Create and maintain a secure network
  • Protect cardholder data
  • Maintain a vulnerability management program
  • Execute strong access control measures
  • Monitor and test networks frequently
  • Sustain an information security policy

It is mandatory for companies to comply and, further, to conduct business with other PCI-compliant members. Credit card companies can impose hefty fines reaching $500,000 per incident and your credit card processing services could be terminated. PCI compliance provisions should be included in third-party contacts as well.

Business Data Record Services is a Level 1 Service Provider

To view PCI Certificate of Audit click here

To search the Visa PCI Global Registry click here

Prism Privacy+ Certification


Privacy+ is an international certification program open to all companies providing outsourced storage and protection of hard-copy records and off-line removable computer media. Participation in Privacy+ is voluntary and allows companies to publicly demonstrate their commitment to protecting the privacy of information entrusted to them by their clients. Privacy+ certification is owned and administered by PRISM International (Professional Records & Information Services Management), also referred to herein as the “Association,” the not-for-profit trade association for the commercial information management industry. Privacy+ certification is applicable only to participating companies’ physical storage and handling of hard-copy records and off-line removable computer media. Without limitation, Privacy+ is not applicable to related services such as document imaging, shredding services, or any form of cloud storage.

The purposes of the Privacy+ program are to:

• Provide participants a vehicle to publicly demonstrate their commitment to ensuring the privacy of information in their custody

• Share resources and best practices to help participants reduce risks in their businesses

• Reduce the number of privacy breach incidents caused by members of our industry, thereby,

• Preserving the reputation and trusted status of our industry

• Reducing the likelihood and severity of government-imposed legislation on our industry


Learn More

Secure Storage Facilities

Learn More

Regulatory Compliance

Learn More


The National Association for Information Destruction (NAID)

An international trade association for the information destruction industry. NAID offers a voluntary certification program conducted by Pinkerton, Inc. Criteria involves both annual and unannounced onsite audits of building and transportation security, destruction processes, employee background checks, plus insurance and bonding requirements. Business Data Record Services carries the highest AAA rating.

Why is this important to you?

The NAID Certification Program establishes standards for employee hiring and screening, operations, destruction process and insurance as well as other business factors for Business Data Record Services.

View an expanded list of items for destruction

Learn More about NAID

Contact Us to Request A Quote

Call (651) 631-8663

Let’s discuss how we can protect your information.


    30 Years
    The Right People... The Right Choice... The Right Solutions
    Secured By Entrust AICPA AAA Certified Privacy

    Corporate Office
    201 9th Ave SW
    New Brighton, MN 55112
    Phone: 651-631-8663
    Fax: 651-697-5423

    (651) 631-8663

    Office Hours: Mon-Fri
    7:30am - 4:30pm

    Sales Department
    Phone: 651-631-8663
    Fax: 651-697-5423

    Customer Service
    Phone: 651-697-5430
    Fax: 651-697-5424