External Certifications

The report card of our ongoing efforts to maintain a safe, environmentally sound workplace for our employees, communities and customers

Environmental Registrations:

Commitment to Responsible Forestry Management

Supporting performance-based provisions for protecting forest ecosystem health, conserving biodiversity, protecting soil and water resources, safeguarding areas of significant ecological or cultural value, protecting the rights of indigenous peoples and ensuring sustainable yields is consistent with RRD's sustainability principles.

To that end, RRD is committed to implementing, maintaining and offering our customers raw material supply options that may include, but not be limited to, chain-of-custody certifications by the Forest Stewardship Council®, Sustainable Forestry Initiative®, and Programme for the Endorsement of Forest Certification Schemes.


Forest Stewardship Council
The Forest Stewardship Council (FSC) is an international not-for-profit organization that seeks to promote environmentally appropriate, socially beneficial, and economically viable management of the world's forests. FSC developed the first independent labeling system for forest products. The Chain of Custody (CoC) process is defined by the FSC as "the path taken by raw materials harvested from an FSC certified source through processing, manufacturing, distribution, and printing until it is a final product ready for sale to the end consumer." COC certification allows companies that manufacture and market forest products to label them with the FSC brand consistent with FSC policies. This allows consumers to identify products that provide an assurance of social and environmental responsibility on the part of the producer. The FSC system requires that material be tracked from the certified source through the CoC.


SFI Program
The SFI Program is a certification process developed for participants who practice responsible forestry on the lands they manage. The SFI program is based on the premise that responsible environmental behavior and sound business decisions can co-exist.

RRD's multi-site SFI chain of custody certification means that RRD can offer its customers the choice to use SFI certified paper(s) and display the SFI logo on their finished product, demonstrating that they support responsible practices that play a critical role in ensuring the long term health of our forests.


Forest Stewardship Council
PEFC endorses the SFI program as meeting its requirements for national forest certification schemes, therefore allowing organizations that have achieved SFI Chain of Custody certification to also use the PEFC logo.

PEFC (Programme for the Endorsement of Forest Certification schemes) is an independent, non-profit, non-governmental organization, founded in 1999, which promotes sustainably managed forests through independent third party certification.


The International Standards Organization 14001 certification is designed to provide a tool to allow a site to control the environmental impact of its activities, products or services, and to continuously improve its environmental performance. This distinction means this site has exemplary environmental, health and safety programs.

External Data Security and Governance Compliance:

SOC2 (AT101)

The AICPA Service Organization Control (SOC) 2 audit defines an organization’s adherence to the AICPA Trust Principles. RRD adheres to three AICPA Trust Principles: Data Security, Data Confidentiality, and Data Availability, and was among the first companies to transition to the SOC2/AT101 audit framework. RRD has completed the SOC2 audit or its SAS70 predecessor for nearly all of its facilities every year for more than a decade.


The Health Information Trust Alliance (HITRUST) Common Security Framework (CSF) was created in an effort to define an industry standard for the certification of security and privacy controls for Protected Health Information (PHI). RRD is committed to meeting the needs of an evolving healthcare industry. In addition to being among the first to undergo an assessment of the CSF controls through a SOC2 audit, which covered more than 20 of its facilities in the first year, RRD is a founding member on the HITRUST Business Associate Advisory Council.

USDC Safe Harbor Certification

The U.S. Department of Commerce (USDC) grants the Safe Harbor Certification to companies that are in compliance with the European Union (EU) Data Privacy Directive, which provides regulatory requirements for the protection of the personal information of EU citizens. The EU Directives prohibit the transfer of personal data to countries that do not have comparable regulatory requirements. Nearly all RRD facilities in the U.S. are registered as Safe Harbor certified with the US Department of Commerce.

ISO 27001

The International Organization for Standardization (ISO) 27001 is both a framework and a certification for an organization’s information security program. The ISO 27001 assesses an organization’s policies, procedures and controls across 11 domains. RRD has adopted the ISO 27001 framework for its information security program, and has obtained ISO 27001 certification for 12 select locations.


The Payment Card Industry Data Security Standard (PCI DSS) is a formal and stringent data security standard for the processing, storing and transmitting of credit card information. PCI-compliant environments are strictly isolated and adhere to rigid rules for data flow in and out of the environment and tight restrictions on who can access the environment. RRD maintains 15 PCI-compliant facilities globally to meet customer needs.

Safety Registrations:

OHSAS 18001

The Occupational Health and Safety Assessment Specification (OHSAS) 18001 is earned by sites that have implemented safety and health management systems to make safety more efficient and integrated into overall business operations.

*SASST = Sistema de Administración de la Seguridad y Salud en el Trabajo, the Mexican Labor Secretariat (STPS) certification for accreditation of the management system and security in the workplace.

Quality Registrations:

ISO 9001

The International Standards Organization (ISO) 9001 certification is designed to assist organizations, of all types and sizes, to implement and operate an effective Quality Management System, where an organization needs to demonstrate its ability to provide products that fulfill customer and applicable regulatory requirements and aims to enhance customer satisfaction. RRD sites use ISO 9001 as the basis for continual improvement initiatives related to the quality of Products and Services.

ISO 27001

The International Standards Organization (ISO) 27001 certification is designed to assist organizations in establishing and maintaining an effective information management system including principles for governing the security of information and network systems. The implementation of this standard is intended to provide the foundation for continual improvement in the management of information systems at RRD sites and is harmonized with other management standards, such as ISO 9001 and ISO 14001.

ISO 13485

The International Standards Organization (ISO) 13485 is designed to specify requirements for a quality management system where an organization needs to demonstrate its ability to provide medical devices and related services that consistently meet customer requirements and regulatory requirements applicable to medical devices and related services.

RR Donnelley Corporate Offices

Phone: 1.312.326.8000 Fax: 1.312.326.8001

35 West Wacker Drive Chicago, Illinois 60601

Forest Stewardship Council Caring for our Forests Globally Good for you. Good for our Forests. Learn more about RR Donnelley's
sustainability certifications and initiatives