/
/

Site Navigation

Your Account

Choose Language

Options

Does ISO Certifications apply to self employed companies?

I'm self employed running a 1 person technology support business. I've been in business since 1998. I haven't encountered any need for licenses or certifications yet beyond the whole tax setup for my business which has been completed. I see in industry publications that on the corporate side of things, many businesses are obtaining ISO certifications. Is there a real need for these certifications in my line of work? Being on the outside looking in so to speak I could see some businesses only doing work with ISO certified companies for whatever reason, but beyond that I don't know if it's needed in my situation.

Do any of you have ISO quality certifications?

Answered! View the answer I have this problem too

Is this a good question?

Yes No
Score 0
1 Comment

This question was migrated from http://www.ifixit.com/Answers.

by

Add a comment

2 Answers

Filter by:
Most Helpful Newest Oldest
Chosen Solution

Options

Unless you're working with high security clients and you want to destroy hard drives in house for people under HIPAA or GLBA I wouldn't worry about it. For me, the overhead maintaining ISO certification just to do that is not worth it. It's better for me to find a shredding company onsite and let them deal with the ISO certification hoops, and leave the drives behind.

Was this answer helpful?

Yes No
Score 2

5 Comments:

Agreed! Besides they will give you a certificate of disposal so you can C thy (ones) A if any questions come up later.

by

My policy on drive destruction is not HIPAA/GLBA compliant. As such, I would only ever use it with home users, while business clients get a reference to a drive shredding company like ProShred. I don't want to deal with it for business clients, because of nonsense like HIPAA. I'd rather have no more liability then drive removal, finding a company and witnessing it if they ask me to stay and leave it at that. Home users are fine with my method, which is wipe, drill, hammer and destroy the PCB. I have a certificate of destruction, but it's basically home user insurance at best. It's not good enough for any business or HIPAA/GLBA/[insert any privacy law here] client.

I have my policies on these drives, and they should ideally have their own too. Mine are there for people who made it as much of an afterthought as an official hard drive policy. It's essentially responsible guidance.

by

My general policy with privacy laws is to have a heavily nudge destruction policy. I wouldn't mind the drives, but the risk far outweighs the reward of a high hour, well used hard drive. I have always had a very privacy heavy thing with hard drives. Unless I need to get the data off for you, I don't have any need to remove stuff individually. Blind full drive formatting always wins.

by

With medical office clients of mine, I always hand them the hard drive and they keep it in their archives or office safe for HIPAA compliance. When a residential client brings me a dead computer, I place their hard drive into an external enclosure and hand it back to them. They can either use it to access their data or format/make into a backup drive. Speaking of which, if any of you do similar, check out a company called Other World Computing. They buy Seagate and Western Digital external drives, pull the drive for their own use, then sell the enclosures cheap. During their discount sales 2.5" USB 3.0 Enclosures drop as low as $3 a pop. (before shipping)

by

You want these drives in your head, until you realize how strict HIPAA compliance really is. It's really safer to just lose the drives and move on. Zero liability for you, and theirs is reduced because they know where it will go. I have 2 machines here I use for wiping, and computers. Inspiron 530s for SATA and a GX270 for data.

by

Add a comment
Most Helpful Answer

Options

On the most part ISO certification is quite expensive! Basically, someone audits you making sure you are following the principles. Theres a lot of paperwork documenting how you run things and that you follow what you wrote "Say what you do and do as you say".

I don't think it helps a small one or two person business.

Was this answer helpful?

Yes No
Score 3

3 Comments:

Seems like when you write the manual and teach the course you don't get credit for it. Your students get certified but you don't.

by

The logic of the teacher being dumb, but the students are smart ;-}

by

ISO basically means you hire a third party that audits your business then certifies that your are following the procedures that you created, and that you are documenting it in a certain way. Some ISO certifications such as health and F&B and environment have in addition some procedures/requirements.

by

Add a comment

Add your answer

Ryan Lucas will be eternally grateful.