LRG+ Client Portal
(844) 787-7009 info@lrgarchives.org
Home Services Industries LRG+ Insights About Contact Us

Certifications & Compliance

Meeting the highest standards for security, privacy, and regulatory compliance in records management.

Our Commitment

Security & Compliance You Can Trust

At Legacy Retention Group, we understand that your records contain sensitive information that requires the highest levels of protection. Our certifications and compliance measures demonstrate our commitment to safeguarding your data throughout its lifecycle.

i-SIGMA NAID AAA Certification

Through Valley Green Shredding, LLC

Our sister company, Valley Green Shredding, LLC, holds the prestigious i-SIGMA NAID AAA Certification—the most recognized and comprehensive certification for secure destruction services in the industry.

What NAID AAA Certification Means

The National Association for Information Destruction (NAID) AAA Certification Program establishes the highest standards for secure data destruction. To achieve and maintain this certification, companies must:

  • Pass unannounced audits of their operations
  • Meet strict employee hiring and screening requirements
  • Maintain comprehensive insurance coverage
  • Follow detailed operational security protocols
  • Provide Certificates of Destruction for all services

Services Covered

  • On-site paper shredding
  • Off-site paper destruction
  • Hard drive and electronic media destruction
  • Product destruction

Valley Green Shredding has maintained NAID AAA certification since 2011, demonstrating over a decade of consistent compliance with the industry's most rigorous standards.

HIPAA Compliance

Protected Health Information (PHI) Handling

Legacy Retention Group maintains HIPAA-compliant policies and procedures for handling Protected Health Information (PHI). Healthcare organizations can trust us to manage their medical records in full compliance with federal regulations.

Our HIPAA Compliance Measures

  • Business Associate Agreements (BAA): We execute BAAs with all healthcare clients
  • Employee Training: All staff receive comprehensive HIPAA training
  • Access Controls: Strict role-based access to PHI
  • Encryption: Data encrypted in transit and at rest
  • Audit Trails: Complete logging of all PHI access and handling
  • Incident Response: Documented breach notification procedures

Healthcare Records We Manage

  • Patient medical records
  • Billing and insurance documentation
  • Lab results and diagnostic imaging
  • Staff credentialing files
  • Compliance documentation

Data Security Standards

SOC 2 Type II Aligned Practices

Our LRG+ platform and operational procedures are designed following SOC 2 security principles, ensuring your data is protected by industry-standard controls.

Security Controls

  • Infrastructure Security: LRG+ is hosted on AWS with enterprise-grade security
  • Encryption: AES-256 encryption for data at rest, TLS 1.3 for data in transit
  • Access Management: Multi-factor authentication and role-based access control
  • Monitoring: 24/7 security monitoring and intrusion detection
  • Backup: Automated daily backups with geographic redundancy
  • Disaster Recovery: Documented business continuity procedures

Physical Security

  • Climate-controlled storage facilities
  • Fire suppression systems
  • 24/7 video surveillance
  • Controlled access entry points
  • Visitor logging and escort procedures

Regulatory Compliance Expertise

Industry-Specific Requirements

Our team has deep expertise in the regulatory requirements that govern records retention across multiple industries. We help clients develop and maintain compliant records management programs.

Regulations We Support

Financial Services

  • SEC Rule 17a-4
  • FINRA regulations
  • Sarbanes-Oxley (SOX)
  • Bank Secrecy Act

Healthcare

  • HIPAA
  • HITECH Act
  • State medical records laws
  • Joint Commission

Education

  • FERPA
  • IDEA
  • State education requirements
  • NCAA compliance

Government

  • State retention schedules
  • Public records laws
  • Open meeting requirements
  • Municipal regulations

Privacy Compliance

State & Federal Privacy Laws

We stay current with evolving privacy regulations to ensure your records management program meets all applicable requirements.

Privacy Laws We Support

  • California (CCPA/CPRA): Consumer privacy rights and data handling requirements
  • Virginia (VCDPA): Consumer data protection compliance
  • Colorado (CPA): Privacy act compliance
  • Connecticut (CTDPA): Data privacy requirements
  • Other State Laws: We monitor and adapt to new state privacy legislation

For more information about your privacy rights, please visit our Your Privacy Rights page.

Questions About Our Compliance?

Contact us to discuss your specific compliance requirements and learn how we can help ensure your records management program meets all applicable standards.

Schedule a Consultation