ABOUT US Alpha Records Management History
Alpha Records Management was born out of a need for better organization and quality for record and document storage from our sister company, Alpha Engineering.
Alpha Engineering was using a mini-storage unit and office space to store inactive files. It could take one person hours to locate an old file. This was unorganized and EXPENSIVE! The mini-storage was costly, inconvenient, damp, not always accessible and unsuitable for preserving important documents and data.
One day while driving to a project in the midwest, I passed a large warehouse where they stored records, files and other items. After some research I decided to start a business where our sister company, as well as other businesses, organizations and individuals could store files, tape backups and other media in a safe, secure environment.
Thus Alpha Records Management was born.
We’ve been archiving, storing and shredding records for a variety of businesses ranging from financial to medical and others since 2001. Our mission is to provide safe, convenient and secure records storage with 24/7 access.
Call Alpha Records or complete the contact form and let us help you manage your information assets.
We look forward to serving you and thank you for considering Alpha Records Management.
Gary M. Hartsog, PE
President, Alpha Records
WHY CHOOSE ALPHA RECORDS MANAGEMENT?

SERVICES
WHAT WE DO
FAQ
The CSR Readiness® Pro Edition comprises the risk assessment program CSR Readiness® and the awardwinning CSR Breach Reporting Service™ (BRS).
CSR Readiness® Program is an online self-assessment tool that helps you review, revise and revisit your business processes for handling the personally identifiable information (PII) of your customers, employees and vendors as required by a host of legislation and regulations.
CSR Readiness® 3 Step Process:
1) Review – Take a Self-Assessment Evaluation
- Detect location of personally identifiable information (PII) in an organization
- Determine how PII is:
- Acquired
- Accessed
- Handled
- Transmitted
- Stored
- Destroyed
2) Revise – Implement Readiness Policies and Remediation Instructions
- Remediate weaknesses and train employees on system-generated policies and procedures
3) Revisit – Continually Improve Risk Score
- Routinely monitor and audit performance to meet legal, regulatory and other compliance requirements
A dashboard will show progress and generate tasks to improve compliance. You can improve your business risk scores by remediation and implementation of further program offerings. Upon successful completion of the analysis and remediation, your business will earn a Certificate of Completion and the ID Stay Safe Digital Seal that you can use on your website and advertising.
Upon successful completion of the Readiness Program, users will earn a Certificate of Completion along with an ID Stay Safe digital seal to display on their company website. The seal remains valid for one year, at which time they will Revisit to ensure their business has sufficiently addressed any all changes that may have occurred throughout the year
Once a business has completed all the questions in the self-assessment evaluation and implemented the remediation tasks, you will be awarded the Certificate of Completion. This can be placed on your website and is valid for one year from date of issue. By annually revisiting your self-assessment, you can maintain this Certificate of Completion.
Here are a few examples of the hundreds of laws and regulations that relate to the protection of personally identifiable information (PII) and requirements to report suspected or real loss:
- Gramm-Leach-Bliley Act (GLBA)
- Fair Credit Reporting Act (FCRA)
- Drivers Privacy Protection Act (DPPA)
- Drivers Privacy Protection Act (DPPA)
- Health Insurance Portability and Accountability Act (HIPAA)
- Health Information Technology for Economic Clinical Health (HITECH) Act
- Payment Card Industry Data Security Standard (PCI-DSS)
- Family Educational Rights and Privacy Act (FERPA)
- 47 state data breach laws
In the event of the actual or suspected breach of PII, the CSR Breach Reporting Service reports to authorities and notifies consumers, as required. Your call to the in-house CSR team of privacy professionals initiates a custom evaluation of your incident to determine if authorities and consumers must be notified. CSR files the necessary breach reports on your behalf, and consumer notification can be prepared with your input.
Enforcement officials include various federal and state agencies as well as attorneys general, commissioners and others. Here are a few examples:
- Federal Trade Commission (FTC)
- Consumer Financial Protection Bureau (CFPB)
- Card brands like Visa, MasterCard, etc.
- State Attorneys General •
- Federal Bureau of Investigation (FBI)
- US Secret Service
- Dept. of Health and Human Services/Office of Civil Rights
Various state, federal and international laws require businesses to protect the personally identifiable information of employees, vendors and customers. Penalties for noncompliance can include fines, prosecution and even jail time. Massachusetts and Connecticut are just two examples of many jurisdictions that require businesses that deal with their residents maintain comprehensive risk assessment, remediation and monitoring programs related to their handling of legally protected personal information, known as PII.
If your business is a third-party provider and has personally identifiable information on customers, employees, or vendors, then you may be required to notify authorities and/or consumers and others that a breach, or suspected breach, has occurred.
While it’s impossible to completely avoid a breach due to uncontrollable circumstances, 97% could have been prevented. Accidents, errors and theft are just a few ways that information is compromised. Smart devices and wireless services compound the problem. Proactive detection and correction can go a long way to prevent loss and further fallout due to reputational damage, lost sales, fines, lawsuits and prosecution. The Department of Homeland Security, the FTC, Visa and the BBB encourage businesses to protect consumer data and plan ahead to reduce risk. All states have laws that protect their residents who might be your customers, employees or vendors. Many laws specifically require creation and maintenance of information security programs by businesses that employ or have customers who are residents of those states. These laws include penalties for noncompliance. For example, the civil penalty for violating the Connecticut Act No. 08-167, requiring safeguarding of personal data, is $500 per violation, up to $500,000 for a single event. Lost trust means lost sales. The fallout of data breaches has caused businesses to close their doors. According to Visa, businesses should “Consider a breach likely and plan accordingly.”
Even if the material is encrypted, redacted or masked, various regulations still require you to report. If it is encrypted, and the encryption key has been potentially compromised, reporting is required and/or notification is required.
The simple answer is it’s anything that can be used to identify you. The loss of this information leads to identity theft. Types of personal information include: name, address, phone, email, birthdates, Social Security numbers, driver’s license, bank account and credit card information and the list continues to grow with new and revised legislation and court rulings. Other personal information includes health information, medical records, Vehicle Identification Numbers, license plate numbers, login credentials and passwords, school records as well as voice recognition files. Fingerprints, retina scans, and handprints are also considered personal information.
Almost everyone can do more to protect personally identifiable information. CSR Readiness® helps you assess your risk in handling PII, remediate your processes, implement policies, train staff and continue to monitor and audit, as required by laws and regulations.
A breach can occur in many ways, including through lost laptops or smart phones, improper disposal of paper records, or intrusion into your network or PC by hackers. The definition continues to expand.
PCI data is just one type of personally identifiable information. The PCI Data Security Standard protects credit cardholder data such as debit or credit card number, expiration date and card security code.
You can try. However, liability rests entirely with you, as well as civil and criminal sanctions, on both state and federal levels. Trained, certified privacy professionals have developed a proprietary system to help you evaluate your circumstances against hundreds of rules and regulations to determine what remediation must be done, what policies implemented and provide you with the tools to train your employees as required by law.
The unauthorized access, loss, use or disclosure of information by either accident or criminal intent which can identify an individual.
Many organizations do not realize the personally identifiable information that they hold. If you have customers, employees or vendors, you have personal information that needs to be protected.
When a breach occurs, the clock starts ticking to comply with federal, state and other laws. Reporting involves the where, when and how of the incident.
If your business has personally identifiable information on customers, employees, or vendors, then you are required to safeguard that personal information.
Almost every state has enacted a data breach notification statute. These laws generally require businesses that have personal information about residents within a state to notify those residents when that data is compromised.
Employees alone cause 75% of data breaches, whether intended or unintended. It’s very likely that, at some point, data in your care, belonging to employees, customers or vendors will be lost, stolen or compromised. You are legally responsible and liable to implement and maintain a security program to safeguard PII data.
To begin, simply go to http://alpharecordsmanagement.csrreadiness.com/ to register and create credentialsto begin the have 24/7 access to your account.
Your ‘username’ is the email address you registered with when signing up for Readiness. If you change your original registration email address using My Account in Readiness, this updated email address is your ‘username’.
To retrieve your password, you will need the email address you entered during registration or the updated email address you associated with your account using My Account in Readiness. Click on the Forgot Password link on the Log In screen. Enter in your email address and click the Email Link button. A reset password link will be sent to that email address. Click on that link to reset your password. If you do not receive that email or have any problems resetting your password, please contact support@csrps.com for further assistance.
To navigate back to questions previously skipped you can use the Next and/or Back buttons located at the bottom of your questionnaire. You can also click on the Show Progress tab and click directly onto the domain of the question you would like to go back to. Before submitting your questionnaire you will also be prompted to complete any required questions that have not been answered, which you can choose to still not answer and submit your questionnaire.
You can skip questions and come back to them later. You must answer all questions to proceed to the remediation phase of Readiness.
It is estimated that it will take one hour to complete the assessment. An assessment may take longer should consultation or research be required to answer to some of the questions. Progress within the assessment is saved as questions are answered. Therefore, you can leave the assessment and come back to it at a later time to finish. Your answers up to that point will be saved.
This digital seal is a stamp that you can place on your website, which alerts your customers, affiliates, potential clients, corporate insurers, etc., that your organization has performed a thorough self assessment on how your organization protects personally identifiable information, ensures you have policies in place to maintain a high level of vigilance, audit, and association education with regards to the protection of PII data within your organization.
Once the self-assessment has been taken and the recommended remediation tasks have been completed, an email will be sent to the associated account’s registered email address with the certification seal as well as instructions on how to use it in materials and embed it on your web page. If there are any issues regarding the implementation of the completion seal, please contact support@csrps.com for further assistance.
Yes, depending on the volume of material, you can choose a secure container, that holds 200 lbs. or an office console that holds 70 lbs. of office waste, delivered to your office. We can retrieve your container and shred your documents on a weekly, bi-weekly or monthly schedule.
The shredded material is put into a baler to compact the shred into a bale. An average bale weighs 1,500 pounds. The bales are then shipped to the largest paper recycling plant in the United States which is located in northern West Virginia. They drop the bale into a vat of chemicals that removes all the ink from the paper. One product they make is sheets of paper pulp.
Office paper, light color file folders, photos and CD’s. Items we cannot shred or destroy are cardboard, plastic, newspapers, magazines, metal items and books.
First of all, money! It will cost much more to shred in-house than to outsource the mundane job of shredding
Second, security. There are many reasons not to have your own staff perform the shredding duties, some documents are for upper management eyes only.
Labor Savings – Your employees could be doing more productive work than standing over a small office shredder. Our monster shredder can shred 800 lbs. per hour.
Proprietary Information – Every business needs to safeguard its confidential information. Shredding provides security for your business just as alarms, computer passwords and locks do.
The Law – Protecting consumer information is not just the right thing to do, in many cases it’s the law. HIPAA, GLB, FACTA and many other recent laws have made it illegal to dispose of information improperly.
Complete our contact form here or call us at 304-255-9060!
Anything that requires a climate and temperature controlled environment.
Yes, our climate-controlled vault is constructed of solid concrete.
Customers have discovered a savings of storing with us versus the cost of a storage unit or unused office space. Call Alpha Records for a more accurate estimate 304 255 9060.
We will store small boxes or large boxes, although it is important that the box is sturdy.
All boxes should be in good physical condition and clearly labeled on each end. Taking time to label your boxes completely and accurately in the beginning will save you time in finding a box later.
Yes, but we offer for a minimal price a special designed box that is extra durable for long term storage.
Your records are stored in a secure locked facility. Only a minimum number of our personnel have access to the storage areas. The facility is equipped with a security system and cameras that monitor activity 24 hours a day.
We use a bar code system. With the bar code system we can track everything that comes into and goes out of our facility. This lessens the chance of error.
Yes! Alpha Records provides 24/7 delivery service. When you need your records, just let us know by phone or by fax. Our delivery services include standard delivery, which covers normal business hours, 8 a.m. to 4 p.m., Monday through Friday. Our emergency delivery covers after hours, weekends and holidays.
Start the year off secure!
Sign up to receive Alpha Records Management
special offers !
OUR RECENT
BLOG POSTS
CONTACT ALPHA RECORDS TODAY
Follow ARM on Social Media
New content added frequently!