Certified Secure Data Recovery

Why is data security important during data recovery?

During the recovery process, your data is exposed to identity theft, irreparable media damage, the downloading and improper use of confidential files, breach of data on unprotected networks, improper disposal of damaged storage devices, and the installation of malware onto hard drives along with recovered data.

In December of 2009, the Ponemon Institute (an independent research firm in the field of data protection and information security) conducted a survey among 636 IT security and support professionals on the “Security of Data Recovery Operations“.

  • 83% of all respondents reported at least one data breach in the past two years
  • 19% said the breach occurred when a drive was in the possession of a third-party data recovery service provider
  • 43% said the breach was due to a lack of data security protocols

NIST recommends proper vetting of data recovery service providers.

The National Institute of Standards & Technology (NIST) updated its Contingency Planning Guide for Federal Information Systems (NIST SP 800.34 Rev.1) in June of 2010 with brief but effective language to help raise awareness of the third party data recovery vendor information security risk.

Section 5.1.3 (4th paragraph) states:

“Organizations may use third-party vendors to recover data from failed storage devices. Organizations should consider the security risk of having their data handled by an outside company and ensure that proper security vetting of the service provider is conducted before turning over equipment. The service provider and employees should sign non-disclosure agreements, be properly bonded, and adhere to organization-specific security policies.”

NIST is a federal agency within the U.S. Department of Commerce that develops standards and guidelines that help federal agencies implement the Federal Information Security Management Act (FISMA) of 2002 to provide adequate information security for all agency operations and assets.

NIST SP 800.34 was prepared for use by federal agencies, but it is also used by non-governmental organizations on a voluntary basis.

DriveSavers Data Recovery meets all the recommended data security protocols:

SAS 70 Type II Audit Reports

DriveSavers Data Recovery is the only data recovery company in the industry today that is SAS 70 Type II compliant, the Corporate Industry’s standard for an overall control structure. Unlike Type I, Type II certification verifies that our data hosting control objectives and control activities are in place, suitably designed, enforced and operating effectively to achieve all desired security control objectives. DriveSavers security control objectives were created to satisfy the stringent security requirements and audits mandated by the corporate clients and government agencies we serve.

Certified Secure Self-Defending Network

At the heart of our secure data recovery environment is a self-defending network, protected by a “defense-in-depth” architecture that includes firewalls, intrusion protection systems, managed security services and 24/7 real-time monitoring. Verified in SAS 70 Level II security audit testing to be “a formidable defense” for the information and data that it hosts, the network meets the stringent security requirements and audits mandated by the corporate clients and government agencies we serve.

High Security Service Available

In addition to providing the highest level of data security in the data recovery industry today, DriveSavers Data Recovery offers a High Security Service that adheres to US Government protocols and a Forensics Service that supports law enforcement agencies and other legal entities in the United States and abroad.

Every service option offered by DriveSavers Data Recovery meets the data loss prevention and data security/data privacy protocols mandated within SOX, GLBA, HIPAA and ISO 27000 regulations.

You can trust DriveSavers Data Recovery with your data!

Unlike other data recovery companies, we can prove our statements about data security. All of our certifications and proof documents are posted here.

Clients like Bank of America, NASA Goddard Space Center, the US Government, the Smithsonian Institution, CompuCom and Lawrence Livermore National Labs all trust DriveSavers Data Recovery with their critical data.

“Lawrence Livermore National Laboratory’s (LLNL) data security standards are based on NIST recommendations. We strive to ensure that our mission critical data is protected at a level equivalent to the standards we hold for ourselves when handled by third party vendors, and periodically require them to undergo an exhaustive security assessment.”

Neda Gray, CISSP,
Information Systems Security Officer for Operations and Business at LLNL

“Data security standards are set high by CompuCom to ensure that our customers’ data is never vulnerable. We require an exhaustive security assessment of all our third-party vendors. DriveSavers Data Recovery is SAS 70 Type II compliant and is guarded by a ‘defense-in-depth’ network architecture which provides the level of data security we promise to our customers.”

Dave Borgese, VP
CompuCom Systems

Certified Secure Data Recovery

SAS 70DriveSavers is the only data recovery service provider that is SAS 70 Type II compliant. The privacy of your data will be protected during the recovery process.

  • SAS 70 Type II Compliant
    Meets SOX requirements for financial data protection
  • Certified ISO 5 Cleanroom
    Meets manufacturer’s standards for warranty protection
  • Engineers Certified by PGP, PointSec, GuardianEdge, Utimaco
    Supports DAR mandate for encrypted files and drives
  • High Security Service
    Meets U.S. Government Security Standards
  • Secure & Permanent Data Erasure on Request
    Meets HIPAA and GLB Act privacy requirements
  • GSA Schedule #GS-35F-0121S
  • Cage Code: 04PC0
Click Here to Watch Our Security Video