Chris Isabell is president-elect of the National Association for Information Destruction (NAID), the Phoenix based international trade association for companies providing information destruction services. He will begin his term at the 2014 NAID Annual Convention, which will be April 4-6 at the Arizona Biltmore Resort in Phoenix. He succeeds current NAID President Tom Huth of Allshred Services, Maumee, Ohio.
Isabell founded iSecure, Grants Pass, Ore., in 2005 and is a managing member of an investment advisory firm. He says he was inspired to start an information management company after reading an article by Norm Brodsky, former CEO and owner of Brooklyn, N.Y.-based CitiStorage in Inc. magazine.
ISecure offers NAID Certified on-site document destruction, records and media management and policy compliance consulting services to businesses, nonprofits and government agencies, serving the Oregon counties of Coos, Curry, Douglas, Josephine, Jackson, Klamath and Lane as well as the California counties of Del Norte, Humboldt, Shasta and Siskiyou.
Upon forming iSecure, Isabell says he got involved with NAID immediately, obtaining certification for his mobile operations within six months. He was elected to the NAID board in 2006 and to the treasurer role in 2011.
He shares his outlook for NAID and the information destruction industry with SDB Editor DeAnne Toto in the following Q&A.
SDB: What are your goals for NAID as you prepare to take the presidency in 2014?
Chris Isabell (CI): I would like to strengthen and broaden NAID Certification; hone NAID’s financial position and members’ “bang-factor” from the association; herald NAID’s benefits to our members; and contrast the strengths and benefits of our associations versus the alternatives.
SDB: How do you plan to strengthen NAID certification?
CI: There has been an ongoing discussion within NAID’s membership and NAID’s leadership for many years as to the position of NAID certification: Is NAID Certification what NAID is about, or do we want to cast a wider net and be inclusive?
I am really concerned about taking care of our members and making sure we serve them well. But, at the same time, the market is really demanding a certain level of service. I think there are lots of good service providers within the NAID membership that are certified and noncertified. But, my concern, too, is for our customers. We need to make it so that they understand what they are getting and that no one is taking advantage of what NAID really represents.
I think certification is a way to draw a distinction, and I would like to know what the membership thinks about making NAID certification it: If you’re a NAID member, does that mean that you are certified? I am really interested in knowing what the industry thinks about that and leading that discussion.
I want to emphasize that NAID is concerned about not alienating anyone. But we do want to do the right thing. Certainly NAID Certification is a strong and well-regarded standard, and I really want to promote that.
SDB: Does NAID have any other plans related to its certification or accreditation programs in the year ahead?
CI: We will continue to diligently adapting our certification rules to real-world demands, market expectations, technology developments, CRC (Certification Rules Committee) case experience.
You know, we have got all of these rules for certification that have been written, and what you see today is certainly not the same as what you would have seen three or five years ago—a lot has been carried forward, but there also has been a lot added. That it because of both the complaints that come to us, where we find out shortfalls in our policy and the rules, but also new regulations, such as HITECH (Health Information Technology for Economic and Clinical Health), (Fair and Accurate Credit Transaction Act) Red Flag Rules, breach notification, which we have to incorporate into our rules. What you see today is quite different than, say, five years ago just in terms of the complexity—there is more to it.
We had a board meeting [in early December] in which we strengthened the rules and added some things in response to what is happening out there. It is a constant evolution of incorporating new standards and new ideas based on what is happening out there. We talked about having a written response plan in the event of a breach. We haven’t required that of certified members in the past.
SDB: Does that tie into strengthening the “bang” factor, or do you have other things in mind there?
CI: Each company pays to be a part of NAID, and they want to make sure they are getting good value for their dollar. Especially sensitive to that are smaller companies like mine. You have got maybe a half-dozen employees, and paying for your NAID membership is not huge expense, but it is a big part of our identity, and it is an investment. We want to make sure we are getting good value for our dollar, and I certainly think NAID does that. But my question is, What else can we do? What can we do more of? That is what I mean by the “bang” factor.
When NAID is financially healthy—our revenue certainly has been growing over the last few years—and when we have our house in order that just means we are able to direct more dollars to provide more services to our members. That’s what NAID should be doing: leading policy discussions on privacy regulations and how to respond, establishing certification standards and also providing very valuable education and resources to our membership.
I think for a lot of people, at least when I started out, NAID got me excited. It is a fellowship of owners and industry peers, and that is exciting. Sometimes it gets pretty lonely just doing your thing. But, I think for a lot of people like me, NAID is a fellowship, and I love that about NAID.
SDB: Can you talk a bit about alternative organizations and the benefits NAID offers in relation to them?
CI: It is a competitive marketplace, both for the services we provide but also in the world of associations. I don’t mind that; that just makes us better, and I think our goal should be to become better. It is natural to expect competition.
I don’t know if they are truly associations, but there are groups out there wanting to form and provide alternatives to NAID to people in the industry. And they may have some really good merits.
But, I am sticking with NAID, and I want to really highlight what the leadership of NAID has done and what the members of NAID have achieved and make that so attractive an appealing that why would you look anywhere else.
SDB: What NAID initiatives are you most excited about as the association embarks on a new year?
CI: The SDS (solid state drives) project, international member expansion and expanding tangible resources for members, such as videos and educational client pieces.
SDB: What is the status of the SDS project?
CI: I think we are writing the rules when it comes to the standards for secure destruction of all types of digital media storage and devices, everything from hard drives to solid state drives to cell phones—anything that stores data is our target. Angie (Singer Keating of Reclamere, Tyrone, Pa., as chair of the certification rules committee) has done an excellent job on leading the charge on that. She is one of many experts involved with NAID.
I like the fact that our certification program has continued to grow. We’ve really taken the lead, the vanguard, on writing the standards on how to securely dispose of solid state drives and digital media. That is exciting because that is the future.
SDB: How has NAID’s acquisition of Shred School been embraced by the industry?
CI: Attendance continues to be strong, and events have greater availability due to the “circuit” format. Bob’s involvement is a huge bonus, and NAID-quality materials for attendees has been a boon. I believe it’s elevated the “Shred School” brand by adopting it into NAID.
SDB: Now that Ray Barry, former president of Total Training Services, which operated Shred School before NAID acquired it, is on board, what can attendees expect from Shred School?
CI: We like to call Ray the NAID ambassador. He is well-known within the industry, and he’s a good communicator. Ray is going to continue to fulfill that role, and Shred School is really the manifestation of that ambassadorship for NAID.
By bringing Shred School under the NAID banner it translates to greater access for the membership. That is exactly what I like about it. With the circuit format, where we have it at different places around the country, more members are going to be able to attend. The events are going to be a little more intimate because we are doing more events, and we are not bringing everybody to South Carolina, where it used to be held.
We have taken what Ray has established and his really great curriculum and sales content and added the knowledge and experience of NAID. We combined the sales piece with the regulatory education piece and made it all that more rich and more of benefit for those that attend. They are getting a lot of information, a lot of useful stuff. Attendance has been strong. We have decreased the fees a little bit, again, providing greater access for the members.
SDB: What additional resources has NAID planned for 2014?
CI: We are continuing to develop more high-quality videos like NAID ’em. We are really excited about Shred School. That is really exciting and I think that is going to grow and develop beyond where it started. I think the media resources for members are things that Bob (Johnson, NAID CEO) and the PR Committee are really excited about. Expect more videos and more tools for customers that are high quality and educational.
SDB: How would you describe the current environment for information destruction services?
CI: Competitive; unfortunately, this can lead to cutting corners. Demand for services is strong and modestly growing, which is good for owners and companies. There are good days ahead.
SDB: How do you envision the regulatory landscape related to information protection changing over the next five to 10 years?
CI: Growth in state privacy regulation and an emphasis on NAID Certification at the federal level certainly in terms of contracts and standards.
SDB: How will the changes you foresee affect information destruction professionals?
CI: I think we have seen more state attorneys general adopting privacy regulations in the last few years, along with the federal requirements, of course the HITECH amendment most recently at the federal level. My opinion is that that trend, that tightening up of privacy regulations, is going to continue at the state level. I don’t know if there is anything planned at the federal level.
That is good for NAID members and good for certified members, especially as we see NAID Certification become part of many RFPs. That is a benefit.
It makes it tough for companies that have to comply with those rules; it is just one more thing they have to do. That is the environment that we are in.
For our industry it has certainly been a good thing. I don’t know too many industries that get excited about HIPAA (Health Insurance Portability and Accountability Act) regulations, but we are one; cheers go up.
SDB: You could argue that the changes with HITECH were almost more burdensome for service providers in that now they are on the hook too. Do you see more of that shared responsibility between covered entity and service provider in future regulations?
CI: Yes, I do; but, I think that NAID members want to be professionals and they want to rise to the challenge. There is a point when regulation becomes ridiculous. But, I would say as a certified member, I welcome that, and I think a lot of NAID members feel they same. They want to rise to the challenge, they want to be professional, they want a rigorous process, a rigorous standard.
The whole thing with HITECH and covered entity expansion, that focus was in the right place and it gave a lot of companies like mine a way to discuss what we can do and how we can make their lives better, easier and more secure. And I would think most NAID members feel that way.
Bring it on, we’re here, we’re professional and we’re ready to do the job.
SDB: What is the current status of NAID’s Downstream Data Coverage? How much longer before it is converted to a customer-owned, captive insurance program?
CI: It’s NAID’s opinion based on inquiries that more attention is being paid to this.
We haven’t bought a policy yet, but professional liability insurance is pretty valuable. I think we are going to be looking at that for sure in 2014.
The idea is to ultimately convert it into something that is member owned, but that is a year or two away.
The activity, the interest is picking up, and in a year or two it could very well be something that the NAID membership has a stake in.
Chris Isabell is president-elect of NAID and owner of iSecure, Grants Pass, Ore. He can be contacted at chris@theshredcompany.com.