HOW DO WE OVERCOME RISK?

CB Tech is the only Diverse National Provider that addresses document destruction,
recycling, and waste, with our “Strategic Defense” network approach.

STAYING IN COMPLIANCE WITH CB TECH:
NO PENALTIES

CB Tech’s nationwide network of providers is composed of AAA NAID Certified regional and local
subcontracted affiliate partners. Data protection regulations, such as FACTA, HIPAA, Gramm-
Leach-Bliley, and Sarbanes-Oxley, require customers to perform initial due diligence and ongoing
monitoring of data destruction service providers. CB Tech’s certified secure data destruction
service providers fulfill the customer’s regulatory obligation.

MOST VALUABLE PLAYERS

With a network of over 200 affiliates servicing approximately 5,000 locations, our customers have
never experienced any negative or drop-off in service, and at times our network performed at a
higher level. During this time frame in partnership with Cintas, we implemented programs for
and serviced large scale, multi-location customers such as CVS, U.S. Bank, Rite Aid and Edward
Jones, which has given us the tools and resources to make the transition to the CB Tech team as
smooth as possible. Dedicated operation team members set us apart in delivering the right
resources and value to our customers.

TOOLS FOR THE RULES

BACKGROUND CHECK

CB Tech’s subcontractor
agreement requires all
employees to undergo a
7 year criminal and 7 year
employment check. In
addition, employees must
be trained annually to
comply with certification
requirements; this training
is documented and stored
in our database.

TRUSTED SECURITY

CB Tech requires all employees
to wear a uniform, to improve
recognition by customers, as well
as to carry company ID badge
that includes photo and name.
In addition, each employee
is trained in, and must adhere to,
our strict code of ethics as it
pertains to the servicing of
our customers.

THE GOLD STANDARD

CB Tech minimum
general liability insurance
requirement meets all
NAID standards.

CSR TEAM

CB Tech has a team of CSRs
to manage the customer’s
issues and concerns via phone,
email and online assistance.

E-CONNECTED

CB Tech will create
customer-specific service
request email addresses for all
issues and concerns.

RESOLVING SERVICE REQUESTS

All issues generate a
“service request,” which is managed and worked by CSRs in the Service Request Management Module until resolution.

TOTAL COMPLIANCE

CB Tech’s Compliance Officer oversees our quality control procedures. Our formal escalation process begins with the National Service Team, which is accessable via 800 number and dedicated email. Service requests received via the dedicated email are routed to the appropriate customer service representative,who has access to all the particulars of your account and is trained to receive and resolve service requests from your locations and handle the routine issues that go along with a service.

UP-TO-DATE DATABASE

CB Tech’s database houses a
list of all drivers and
corresponding documentation,
for each customer location,
to ensure they meet all
licensing requirements of the
governmental jurisdiction, and
that they have completed all
customer service training.
It is CB Tech’s policy to notify
the customer of any change
to a driver’s status.

ON-SITE AUDITING

CB Tech’s random on-site audit program provides motivation for ongoing compliance as our affiliates are aware they may receive an unannounced audit at any time. Auditors verify that procedures are in place to ensure the security of confidential material throughout all stages of the destruction process, such as handling, transporting, storing materials prior to destruction, and destroying and disposing of materials responsibly. This also includes any transfer of custody scenarios.If any noncompliance is discovered, CB Tech takes immediate action to bring certified companies back into compliance. Repeat or serious infractions will result in immediate removal of the affiliate from our network.

HIGHLY RESPONSIVE

The Service Request Center has full
management visibility to manage
and measure each request and
ensure its completion in a timely
manner.

EXPECTATIONS MET

CSRs have specific steps to
complete for each service request
type to ensure each request is
complete to the customer’s
expectation.

AVOIDING THE
NIGHTMARE
SCENARIO

In a 2009 case, pharmacy employees were caught disposing of health records in an unsecured public dumpster, and the federal government slapped the company with a $2.25 million fine under the Health Insurance Portability and Accountability Act (HIPAA). The risks of not shredding are even higher today. More recently, in 2015, a large supermarket paid nearly $10 million in fines after California prosecutors discovered pharmacy records with private medical information tossed in public dumpsters with bags of hazardous waste.

COMPLIANCE REFERENCE

FACTA

Any business or individual who uses a consumer report for a business purposes is subject to the requirements of the Disposal Rule, a part of the Fair and Accurate Credit Transactions Act of 2003 (FACTA), which calls for the proper disposal of information in consumer reports and records to protect against “unauthorized access to or use of the information.” Although the Disposal Rule applies to consumer reports and the information derived from consumer reports, the FTC encourages those who dispose of any records containing a consumer’s personal or financial information to take similar protective measures. Due diligence could include requiring that the disposal company be certified by a recognized trade association.

THE HEALTH INSURANCE
PORTABILITY AND
ACCOUNTABILITY
ACT (HIPAA)

Requires healthcare providers to regularly shred documents containing information on patients’ medical histories. This is one of the most explicitly outlined requirements in the 1996 law, and it’s all to prevent identity theft.

THE GRAMM-LEACH-BLILEY
(GLB) ACT

Requires companies defined under the law as “financial institutions” to ensure the security and confidentiality of this type of information. Under the Safeguards Rule, financial institutions must protect the consumer information they collect.

SARBANES-OXLEY ACT

One major provision of Sarbanes- Oxley Act includes a requirement that public companies evaluate and disclose the effectiveness of their internal controls. This requirement drives the need for companies to have detailed information systems in place, including secure disposal of obsolete business records.

PAYMENT CARD INDUSTRY
DATA SECURITY STANDARD
(PCI DSS)

Widely accepted set of policies and procedures intended to optimize the security of credit, debit and cash card transactions and to protect cardholders against misuse of their personal information.