ImageVerifierCode 换一换
格式:PDF , 页数:8 ,大小:644.29KB ,
资源ID:661051      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-661051.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(DIN 66399-1-2012 Office machines - Destruction of data carriers - Part 1 Principles and definitions《办公机械 资料载体的销毁 第1部分 原理和定义》.pdf)为本站会员(jobexamine331)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

DIN 66399-1-2012 Office machines - Destruction of data carriers - Part 1 Principles and definitions《办公机械 资料载体的销毁 第1部分 原理和定义》.pdf

1、October 2012DEUTSCHE NORM Normenausschuss Informationstechnik und Anwendungen (NIA) im DINDIN-SprachendienstEnglish price group 6No part of this translation may be reproduced without prior permission ofDIN Deutsches Institut fr Normung e. V., Berlin. Beuth Verlag GmbH, 10772 Berlin, Germany,has the

2、exclusive right of sale for German Standards (DIN-Normen).ICS 35.260!$-b“1941063www.din.deDDIN 66399-1Office machines Destruction of data carriers Part 1: Principles and definitions,English translation of DIN 66399-1:2012-10Bro- und Datentechnik Vernichten von Datentrgern Teil 1: Grundlagen und Begr

3、iffe,Englische bersetzung von DIN 66399-1:2012-10Bureautique et informatique Destruction de vhicules de donnes Partie 1: Principes et concepts,Traduction anglaise de DIN 66399-1:2012-10Together with DIN 66399-2:2012-10,supersedesDIN 32757-1:1995-01www.beuth.deDocument comprises 8 pages08.13 DIN 6639

4、9-1:2012-10 2 A comma is used as the decimal marker. Contents Page Foreword . 3 Introduction 4 1 Scope . 4 2 Terms and definitions 4 3 Identifying the protection requirement and assigning the protection class 6 4 Security levels for data carriers 7 5 Assignment of protection classes and security lev

5、els . 8 5.1 Selection of security level 8 5.2 Altering the security level 8 DIN 66399-1:2012-10 3 Foreword This document has been prepared by Working Committee NA 043-01-51 AA Vernichtung von Datentrgern of the DIN Normenausschuss Informationstechnik und Anwendungen (NIA) (Information Technology and

6、 Selected IT Applications Standards Committee). Attention is drawn to the possibility that some elements of this document may be the subject of patent rights. DIN and/or DKE shall not be held responsible for identifying any or all such patent rights. DIN 66399 consists of the following parts: DIN 66

7、399-1, Office machines Destruction of data carriers Part 1: Principles and definitions DIN 66399-2, Office machines Destruction of data carriers Part 2: Requirements for equipment for destruction of data carriers DIN SPEC 66399-3, Office machines Destruction of data carriers Part 3: Process for dest

8、ruction of data carriers Amendments The standard differs from DIN 32757-1:1995-01 as follows: a) the title has been changed; b) the series of standards has been restructured: the principles and definitions are now included in Part 1 and the requirements for equipment and testing have been moved to P

9、art 2; c) the new security levels 6 and 7 have been introduced; d) the old Clause 4 “Designation” has been omitted; e) the new Clause 3 “Identifying the protection requirement and assigning the protection class” has been added; f) conditions affecting the security level have been added; g) the defin

10、itions of security levels 3 upwards have been revised; h) the “Explanatory Notes” clause has been omitted; i) requirements for operating instructions are now contained in Part 2. Previous editions DIN 32757-1: 1985-10, 1995-01 DIN 66399-1:2012-10 4 Introduction Anyone who processes confidential, per

11、sonal and/or sensitive data for themselves or on behalf of others must ensure that data carriers containing such information are safely destroyed in a way that ensures privacy. In this context, safely destroyed means that data carriers containing sensitive data must be destroyed in such a way that r

12、eproduction of the information on them is either impossible or is only possible with considerable expenditure (in terms of personnel, resources and time). NOTE This standard takes into account that data carriers have different physical characteristics and contain information with various levels of s

13、ensitivity. 1 Scope This standard defines terms and principles for the destruction of data carriers. 2 Terms and definitions For the purposes of this document, the following terms and definitions apply: 2.1 destruction process in which the form or condition of data carriers is changed, usually by sh

14、redding, dissolving, melting, heating or burning 2.2 personal data details of the personal or material circumstances of an identified or identifiable natural person 2.3 data representation of facts, concepts, or instructions in a formalized manner, suitable for communication, interpretation, or proc

15、essing by humans or by automatic means DIN EN 14968:2006-11 2.4 information meaningful data DIN EN ISO 9000:2005-12 2.5 data carrier object or item that contains data NOTE Typical data carriers include paper or electronic, magnetic and optical storage media. 2.6 outsourced data processing collection

16、, processing and use of data by assigned third parties DIN 66399-1:2012-10 5 NOTE The destruction of data carriers is also a form of outsourced data processing. 2.7 destruction of data carriers process by which the form or condition of data carriers is changed, usually by shredding, dissolving, melt

17、ing, heating or burning, making it difficult or impossible to recover the information 2.8 security level classification of the effort needed to recover information 2.9 regular particles particles which, as a result of the cutting process used, have a generally unalterable, mostly rectangular shape,

18、as well as a specified length and width 2.10 equipment collection of spatially and functionally linked machinery for the purpose of destroying data carriers 2.11 protection requirement property of data and information which describes the need to protect it from violation of the basic principles of c

19、onfidentiality, integrity and availability, taking into account the harm which would arise from such a violation NOTE 1 The protection requirement is classified as normal, high or very high. NOTE 2 For the destruction of data carriers, the higher the protection requirement of the data they contain,

20、the higher the protection class. 2.12 protection class classification of the protection requirement of data 2.13 data controller any person or body which collects, processes or uses data for itself or assigns others to do so 2.14 collection point place where data carriers are kept before they are de

21、stroyed 2.15 dissolving transforming the data carrier to a suspension 2.16 intruder alarm system alarm system to detect and indicate the presence, entry or attempted entry of an intruder into supervised premises DIN EN 50131:2010-02 2.17 security zone area protected according to the protection class

22、 DIN 66399-1:2012-10 6 3 Identifying the protection requirement and assigning the protection class In order for the destruction of data carriers to comply with the principles of economy and proportionality, the data contained on them shall be assigned a protection class. The security level which is

23、chosen for the destruction of the data carriers is determined by the protection level of the data. Protection class 1 Normal protection level for internal data: The most common classification of information, intended for large groups of people. Unauthorized disclosure or transfer would have limited

24、negative effects on the company. Protection of personal data shall be guaranteed. Otherwise there is a risk that persons affected may suffer damage to their reputation and economic circumstances. Protection class 2 Higher protection level for confidential data: The information is restricted to a sma

25、ll group of people. Unauthorized disclosure would have serious effects on the company and may lead to violation of laws or contractual obligations. The protection of personal data shall meet stringent requirements. Otherwise there is a risk that persons affected may suffer serious damage to their so

26、cial standing or economic circumstances. Protection class 3 Very high protection level for strictly confidential and secret data: The information is restricted to a very small group of persons, known by name, who are authorized to access it. Unauthorized disclosure would have serious (existence-thre

27、atening) effects on the company and/or would lead to violation of professional secrets, contracts and laws. The protection of personal data shall be absolutely guaranteed. Otherwise, the life and safety of persons affected may be at risk, or their personal freedom may be jeopardized. DIN 66399-1:201

28、2-10 7 4 Security levels for data carriers Table 1 shows the various security levels for data carriers. Table 1 Security levels for data carriers Security level Explanation 1 Destruction of data carriers in such a way the data on them can be reproduced without special tools or skills, but not withou

29、t a certain expenditure of time Recommended, for example, for data carriers containing general data to be rendered unreadable. 2 Destruction of data carriers in such a way that the data on them can only be reproduced with tools and a certain amount of effort. Recommended, for example, for data carri

30、ers containing internal data to be rendered unreadable. 3 Destruction of data carriers in such a way that the data on them can only be reproduced with considerable expenditure (in terms of personnel, resources and time) Recommended, for example, for data carriers with sensitive and confidential data

31、. 4 Destruction of data carriers in such a way that the data can only be reproduced with extraordinary expenditure (in terms of personnel, resources and time) Recommended, for example, for data carriers with particularly sensitive and confidential data. 5 Destruction of data carriers in such a way t

32、hat the data on them can only be reproduced with non-standard or specially designed equipment, or using forensic methods Recommended, for example, for data carriers with secret data. 6 Destruction of data carriers in such a way that the data on them cannot be reproduced with current technology Recom

33、mended, for example, for data carriers with secret data where unusually high security measures shall be maintained. 7 Destruction of data carriers in such a way that the data on them cannot be reproduced with current technology or scientific knowledge Recommended, for example, for data carriers with

34、 top secret data where the highest security measures shall be maintained. DIN 66399-1:2012-10 8 5 Assignment of protection classes and security levels 5.1 Selection of security level The three protection classes can be assigned to the security levels using Table 2, but a risk analysis should be carr

35、ied out in each case. If there are data carriers with different security levels at the collection point, they should be sorted there by security level for economical and environmental reasons. If this is not possible, all the data carriers shall always be destroyed according to the higher security l

36、evel. This is to minimize the risk of incorrect assignment leading to inadequate destruction of data carriers containing sensitive data. When selecting the appropriate security level, the density and/or size of the represented information on the data carrier shall be taken into consideration. If the

37、 colour or other characteristics of the data carrier make it easier to reconstruct, a higher security level may have to be selected. Table 2 Assignment of security levels and protection classes Protection class Security levels 1 2 3 4 5 6 7 1 xa xa x 2 x x x 3 x x x x aThis combination can not be us

38、ed for personal data. 5.2 Altering the security level Mixing and compacting the destroyed data carriers impedes reproduction. This does not affect the possible information content of individual particles of material. For data carriers with information shown in the original size or miniaturized, whic

39、h are destroyed according to security level one, two or three, mixing and compacting increases security to the next higher level once only, up to a maximum of security level four. This method of increasing the security level shall be determined by the data controller, insofar as the protection level

40、 and the applicable regulations allow it. This procedure requires a minimum of 100 kg of data carriers, which shall be destroyed in a single, uninterrupted cycle of the machine or equipment. The security level of the machine and how this is assured shall be openly and clearly indicated. If it is possible for data controllers to destroy data carriers directly on site at any time, this increases security and is preferable to other methods, provided the selected security level is used.

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1