Information protection should always be a concern for any HVAC company owner. Protecting the vital information of your clients and your company is important, and many HVAC company owners are taking security concerns seriously when it comes to digital and cybersecurity threats. However, as HVAC companies store more documents digitally, they may forget about comprehensive security measures for physical documents. Paper records are not going away, and unsavory people could have access to your employees' or customers’ private information. This threat means your company must create a process to store and secure physical documents.

We may live in the digital age, but physical document security remains an essential part of your HVAC company’s security plan. Here are a few tips to help HVAC pros improve their physical document security.


Track and control document access

All-important physical documents should be stored in a secure room, and only a select number of people should be allowed in that room. This means the storage room must stay locked and inaccessible to a vast majority of your team. If someone enters that room, are you tracking who entered the room, when they entered the room, and why they entered the room? Creating a controlled access plan establishes a clear chain of command in your security process and creates a history of access that you can monitor if documents are missing or stolen. You must track whenever someone enters your storage room or, at the very least, give the key or access code to a select few. The more people you allow into a secure space, the harder it is to secure that space, which puts your physical documents at greater risk. Taking this simple step can go a long way in improving your physical document security.


Monitor the documents you are storing

It is a good rule of thumb to know what documents you are keeping. An HVAC company can contain legal documents, financial documents, and even medical documents, and these must be labeled and tracked separately. Never just put important documents in a room or filing cabinet and forget about them. Enhance the scope of your physical storage by creating an Excel spreadsheet, Word document, or tracking program to show what specific documents are being stored. This process should let you track what the document is, which employee stored the document, when they stored it, and when the document should be disposed of. Creating a document tracking system ensures you know what physical documents you have and which ones you no longer need to store and can securely destroy.


Know record retention laws and requirements

If you are storing physical documents for your business or storing physical documents for your customers, you must understand the record retention requirements for those documents. Make sure you know federal and state record retention laws. For example, it is a general rule of thumb that you should retain at least three years of tax records in case you are audited. HIPPA-related documents are required to be retained for six years at a minimum. Understand the rules and regulations for the retention of the documents you are storing. Knowing these requirements will educate you on whether you need to retain certain documents and how long you have to retain them before you can securely destroy them. It is worth noting that document retention requirements vary from state to state, so do your research for any state that you do business in.


Take steps to preserve documents

Secure document storage is also about the preservation of those documents. If you are storing sensitive documents, then you have to ensure those remain in good condition until you destroy them. The room you store documents should be climate controlled, relatively free of humidity, and free of dirt and grime. If you really want to safeguard your documents, you can store them in a media vault. However, a well-ventilated and organized document storage space will do just fine for HVAC contractors. If you are unable to properly store and preserve these documents, then I would recommend digitizing all your secure information.


Know how to properly dispose of documents

Secure document destruction is just as important as secure document retention. When it is time to get rid of important documents, it is vital that you dispose of them securely.

Patty Caradonna, owner of secure document shredding company ProShred Arizona, said it takes more than throwing sensitive documents in an office shredder.

“To put it bluntly, if you don’t take the storage and destruction of sensitive documents seriously, then your business could have increased liability,” Caradonna said. “It simply takes one number or name on a piece of paper to put your HVAC company’s and your clients’ info at risk, so you have to dispose of this information in the right way.”

It is important to remember that you are legally obligated to dispose of sensitive information in a secure way. The Fair and Accurate Credit Transaction Act (FACTA) requires businesses and individuals to take appropriate measures to dispose of sensitive information about consumers. Shredding, pulverizing, and burning documents are all considered reasonable measures.

Not disposing of documents properly can lead to your business being penalized. Caradonna recommends hiring a document shredding company to do this for you instead of disposing in-house.

“You really should have someone who is certified in secure destruction of documents instead of just doing it yourself,” Caradonna said. “Information that seems unimportant to you could be all someone needs to steal your information, so you want to make sure you work with people who know how to securely dispose of documents.”

Physical document storage is not as common today; however, many people and businesses today still use and store physical documents with sensitive information. As long as these physical documents exist you should take their security seriously. Implement a security strategy that tracks what documents you have and who accesses them and you will successfully protect you HVAC companies and your clients’ sensitive documents.