1、BS EN 15713:2009ICS 13.310NO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAWBRITISH STANDARDSecure destruction ofconfidential material Code of practiceThis British Standardwas published under theauthority of the StandardsPolicy and StrategyCommittee on 30 June 2009 BSI 2009ISBN 9
2、78 0 580 55195 6Amendments/corrigenda issued since publicationDate CommentsBS EN 15713:2009National forewordThis British Standard is the UK implementation of EN 15713:2009. Itsupersedes BS 8470:2006 which is withdrawn.The UK participation in its preparation was entrusted to TechnicalCommittee GW/2/2
3、, Shredding of confidential material.A list of organizations represented on this committee can be obtained onrequest to its secretary.This publication does not purport to include all the necessary provisionsof a contract. Users are responsible for its correct application.Compliance with a British St
4、andard cannot confer immunityfrom legal obligations.BS EN 15713:2009EUROPEAN STANDARDNORME EUROPENNEEUROPISCHE NORMEN 15713April 2009ICS 13.310English VersionSecure destruction of confidential material - Code of practiceDestruction scurise de documents confidentiels - CodedusagesSichere Vernichtung
5、von vertraulichen Unterlagen -VerfahrensregelnThis European Standard was approved by CEN on 19 March 2009.CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this EuropeanStandard the status of a national standard without any alteration
6、. Up-to-date lists and bibliographical references concerning such nationalstandards may be obtained on application to the CEN Management Centre or to any CEN member.This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
7、under the responsibility of a CEN member into its own language and notified to the CEN Management Centre has the same status as theofficial versions.CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, Estonia, Finland,France, Germany, Greece,
8、 Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal,Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland and United Kingdom.EUROPEAN COMMITTEE FOR STANDARDIZATIONCOMIT EUROPEN DE NORMALISATIONEUROPISCHES KOMITEE FR NORMUNGManagement Centr
9、e: Avenue Marnix 17, B-1000 Brussels 2009 CEN All rights of exploitation in any form and by any means reservedworldwide for CEN national Members.Ref. No. EN 15713:2009: EBS EN 15713:2009EN 15713:2009 (E) 2 Contents Page Foreword . 3 1 Scope 4 2 Normative references . 4 3 Terms and definitions . 4 4
10、Company premises . 5 4.1 Facilities . 5 4.2 Security 5 5 Contracts and audit trail . 5 6 Sub-contracting . 5 7 Security screening of personnel . 5 8 Collection of confidential material 6 9 Retention of confidential material . 6 10 Conveyance of confidential material 6 10.1 Collection vehicles 6 10.2
11、 On-site destruction vehicles 6 11 Categories of confidential material . 7 12 End product disposal . 7 Annex A (informative) Material specific shred and disintegration sizes . 8 BS EN 15713:2009EN 15713:2009 (E) 3 Foreword This document (EN 15713:2009) has been prepared by Technical Committee CEN/TC
12、 263 “Secure storage of cash, valuables and data media”, the secretariat of which is held by BSI. This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the latest by October 2009, and conflicting national standards s
13、hall be withdrawn at the latest by October 2009. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN and/or CENELEC shall not be held responsible for identifying any or all such patent rights. According to the CEN/CENELEC Internal
14、 Regulations, the national standards organizations of the following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta,
15、 Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland and the United Kingdom. BS EN 15713:2009EN 15713:2009 (E) 4 1 Scope This European Standard gives recommendations for the management and control of confidential material destruction, to ensure that such ma
16、terial is disposed of securely and safely. The recommendations apply to a companys main business premises and any holding sites. 2 Normative references The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For
17、 undated references, the latest edition of the referenced document (including any amendments) applies. EN 50131-1, Alarm systems Intrusion and hold-up systems Part 1: System requirements 3 Terms and definitions For the purposes of this European Standard, the following terms and definitions apply. 3.
18、1 company organization providing contracted services for the management and control of confidential material destruction 3.2 client owner of confidential material who retains a company to provide destruction services in accordance with an agreed contract 3.3 holding site non-destruction site for the
19、 secure retention of confidential material prior to the transportation to the company premises 3.4 destruction reduction in size such that the material becomes, as far as is practicable, unreadable, illegible and unreconstructable NOTE Methods of destruction include shredding and disintegration. 3.5
20、 shred reduce, by mechanical means, to a regulated size NOTE See Annex A for material specific shred and disintegration sizes. 3.6 disintegrate reduce, by mechanical means, to a regulated size less than that achievable by means of shredding NOTE See Annex A for material specific shred and disintegra
21、tion sizes. 3.7 data processor any person (other than an employee of the data controller) who processes the data on behalf of the data controller BS EN 15713:2009EN 15713:2009 (E) 5 3.8 data controller person who (either alone or jointly or in common with other persons) determines the purpose for wh
22、ich and the manner in which any personal data are, or are to be, processed 4 Company premises 4.1 Facilities The company should have an administrative office and/or operational centre where records, professional and business documents, certificates, correspondence, files, etc., necessary for conduct
23、ing business transactions should be kept. The premises should be physically isolated from other business or activities on the same site. 4.2 Security An approved intruder alarm system conforming to EN 50131-1 and monitored by an alarm receiving centre should be installed in the premises. As a minimu
24、m the system should cover the processing, storage and office areas, or premises should be guarded. A CCTV system with recording facilities should be installed to monitor the unloading, storage and processing areas with the exception of holding sites. The recorded images should be retained for a mini
25、mum of 31 days unless otherwise agreed with the client. Authorized entry to operational areas by visitors should be subject to supervision by appropriately screened personnel. Unauthorized persons should be denied access to operational areas. 5 Contracts and audit trail A written contract covering a
26、ll transactions should exist between the client and the company. Where processing of personal data is carried out by a data processor on behalf of a data controller, the data controller should: a) choose a data processor providing sufficient guarantees in respect of the technical and organizational
27、security measures governing the processing to be carried out; and b) take reasonable steps to ensure compliance with those measures. 6 Sub-contracting Sub-contracted work should only be allocated to a company following the recommendations in this European Standard. In every case the client should be
28、 informed that a sub-contractor is being used to securely destroy confidential material. 7 Security screening of personnel All staff employed in the business of secure destruction of confidential material should be security-screened in accordance with the appropriate National standard. Prior to empl
29、oyment all employees should sign a Deed of Confidentiality. BS EN 15713:2009EN 15713:2009 (E) 6 8 Collection of confidential material Confidential material to be collected should be protected from unauthorized access from the point of collection to the completion of destruction. Where possible, conf
30、idential material collected should be stored in containers secured by an individually numbered seal or security lock. Collections should be made by uniformed and suitably trained staff carrying photographic identification. 9 Retention of confidential material The destruction of confidential material
31、 should take place within one working day from arrival at the destruction centre. 10 Conveyance of confidential material 10.1 Collection vehicles Vehicles should: a) be either box-bodied or have a secure demountable container; where a curtain-sided vehicle is used, confidential material should be tr
32、ansported within suitably sealed secure containers; b) be fitted with lockable and/or sealable doors; c) be able to communicate with the company by radio or telephone; d) be fitted with an electro-mechanical immobiliser or alarm system; e) be closed and locked and/or sealed during transit; f) be imm
33、obilised or alarmed when left unattended. 10.2 On-site destruction vehicles Unprocessed confidential material should not be removed from the clients site and vehicles should: a) be box-bodied; b) be fitted with lockable and/or sealable doors; c) be able to communicate with the company by radio or te
34、lephone; d) not be left unattended when unprocessed confidential material is onboard. BS EN 15713:2009EN 15713:2009 (E) 7 11 Categories of confidential material Confidential material should be categorized as shown in Table 1. The method of destruction should be agreed with the client and suitable fo
35、r the category of material in order to render it unreadable, illegible and unreconstructable. NOTE Guidance on the destruction of confidential material, as categorized in Table 1, by specific methods is given in Annex A. The maximum cutting widths given in Table A.1 may be applied to other methods o
36、f destruction. Table 1 Categories of confidential material Category Description A Paper, plans, documents and drawings B SIM cards and negatives C Video/Audio tapes, diskettes, cassettes and film D Computers including hard drives, embedded software, chip card readers, components and other hardware E
37、 ID cards, CDs and DVDs F Counterfeit goods, printing plates, microfiche, credit and store cards and other products G Corporate or branded clothing and uniforms H Medical X-rays and overhead projector slides NOTE Hazardous waste is not included in this table. Users are advised of the existence of le
38、gislation applicable to the destruction and/or disposal of hazardous waste. 12 End product disposal Where practicable, end products consisting of recyclable material, e.g. paper, metal or plastics, should be recycled. Where the end product cannot be recycled the environmental impact, cost and conven
39、ience of other methods of waste disposal, e.g. incineration, should be taken into account. NOTE Energy can be recovered from incineration for power generation. Landfill should be used only where no other method of disposal is practicable. BS EN 15713:2009EN 15713:2009 (E) 8 Annex A (informative) Mat
40、erial specific shred and disintegration sizes Where the agreed method of destruction is shredding or disintegration, Table A.1 gives the recommended method and maximum cutting width for the categories of confidential material given in Table 1. Table 1 Material specific shred and disintegration sizes
41、 Shred NoAverage surface area of material Maximum cutting width Method of destruction Material categories 9 Acceptable 8 Unsuitable for material mm2mm A BCD aE F bG bH1 5000 25 Shred 9 8 9 9 8 9 2 3600 60 Shred 9 8 9 9 89 3 2800 16 Shred 9 8 9 9 8 9 4 2000 12 Shred 9 8 9 9 8 9 5 800 6 Shred or disin
42、tegrate 9 8 n/a 9 9 n/a6 320 4 Shred or disintegrate 9 8 n/a 9 9 n/a7 30 2 Disintegrate n/a 9 n/a 9 9 n/a8 10 0.8 Disintegrate n/a 9 n/a 9 9 n/aaMaterials in category D should be destroyed so that information is unreadable and subject tosecure disposal. bClient and material specific. BS EN 15713:200
43、9This page has been intentionally left blank BS EN15713:2009BSI GroupHeadquarters 389Chiswick High Road,London, W4 4AL, UKTel +44 (0)20 8996 9001Fax +44 (0)20 8996 - British Standards InstitutionBSI is the independent national body responsible for preparing BritishStandards. It presents the UK view
44、 on standards in Europe and at theinternational level. It is incorporated by Royal Charter.RevisionsBritish Standards are updated by amendment or revision. Users of BritishStandards should make sure that they possess the latest amendments oreditions.It is the constant aim of BSI to improve the quali
45、ty of our products and services.We would be grateful if anyone finding an inaccuracy or ambiguity while usingthis British Standard would inform the Secretary of the technical committeeresponsible, the identity of which can be found on the inside front cover. Tel:+44 (0)20 8996 9000. Fax: +44 (0)20 8
46、996 7400.BSI offers members an individual updating service called PLUS which ensuresthat subscribers automatically receive the latest editions of standards.Buying standardsOrders for all BSI, international and foreign standards publications should beaddressed to Customer Services. Tel: +44 (0)20 899
47、6 9001. Fax: +44 (0)20 89967001 Email: You may also buy directly using a debit/creditcard from the BSI Shop on the Website http:/ response to orders for international standards, it is BSI policy to supply theBSI implementation of those that have been published as British Standards,unless otherwise
48、requested.Information on standardsBSI provides a wide range of information on national, European andinternational standards through its Library and its Technical Help to ExportersService. Various BSI electronic information services are also available whichgive details on all its products and services. Contact Information Centre. Tel:+44 (0)20 8996 7111 Fax: +44 (0)20 8996 7048 Email: Subscribing members of BSI are kept up to date with standards developmentsand receive substantial discounts on the purchase price of standards. For detailsof these and other benefits contact Mem