1、October 2012DEUTSCHE NORM Normenausschuss Informationstechnik und Anwendungen (NIA) im DINDIN-SprachendienstEnglish price group 6No part of this translation may be reproduced without prior permission ofDIN Deutsches Institut fr Normung e. V., Berlin. Beuth Verlag GmbH, 10772 Berlin, Germany,has the
2、exclusive right of sale for German Standards (DIN-Normen).ICS 35.260!$-b“1941063www.din.deDDIN 66399-1Office machines Destruction of data carriers Part 1: Principles and definitions,English translation of DIN 66399-1:2012-10Bro- und Datentechnik Vernichten von Datentrgern Teil 1: Grundlagen und Begr
3、iffe,Englische bersetzung von DIN 66399-1:2012-10Bureautique et informatique Destruction de vhicules de donnes Partie 1: Principes et concepts,Traduction anglaise de DIN 66399-1:2012-10Together with DIN 66399-2:2012-10,supersedesDIN 32757-1:1995-01www.beuth.deDocument comprises 8 pages08.13 DIN 6639
4、9-1:2012-10 2 A comma is used as the decimal marker. Contents Page Foreword . 3 Introduction 4 1 Scope . 4 2 Terms and definitions 4 3 Identifying the protection requirement and assigning the protection class 6 4 Security levels for data carriers 7 5 Assignment of protection classes and security lev
5、els . 8 5.1 Selection of security level 8 5.2 Altering the security level 8 DIN 66399-1:2012-10 3 Foreword This document has been prepared by Working Committee NA 043-01-51 AA Vernichtung von Datentrgern of the DIN Normenausschuss Informationstechnik und Anwendungen (NIA) (Information Technology and
6、 Selected IT Applications Standards Committee). Attention is drawn to the possibility that some elements of this document may be the subject of patent rights. DIN and/or DKE shall not be held responsible for identifying any or all such patent rights. DIN 66399 consists of the following parts: DIN 66
7、399-1, Office machines Destruction of data carriers Part 1: Principles and definitions DIN 66399-2, Office machines Destruction of data carriers Part 2: Requirements for equipment for destruction of data carriers DIN SPEC 66399-3, Office machines Destruction of data carriers Part 3: Process for dest
8、ruction of data carriers Amendments The standard differs from DIN 32757-1:1995-01 as follows: a) the title has been changed; b) the series of standards has been restructured: the principles and definitions are now included in Part 1 and the requirements for equipment and testing have been moved to P
9、art 2; c) the new security levels 6 and 7 have been introduced; d) the old Clause 4 “Designation” has been omitted; e) the new Clause 3 “Identifying the protection requirement and assigning the protection class” has been added; f) conditions affecting the security level have been added; g) the defin
10、itions of security levels 3 upwards have been revised; h) the “Explanatory Notes” clause has been omitted; i) requirements for operating instructions are now contained in Part 2. Previous editions DIN 32757-1: 1985-10, 1995-01 DIN 66399-1:2012-10 4 Introduction Anyone who processes confidential, per
11、sonal and/or sensitive data for themselves or on behalf of others must ensure that data carriers containing such information are safely destroyed in a way that ensures privacy. In this context, safely destroyed means that data carriers containing sensitive data must be destroyed in such a way that r
12、eproduction of the information on them is either impossible or is only possible with considerable expenditure (in terms of personnel, resources and time). NOTE This standard takes into account that data carriers have different physical characteristics and contain information with various levels of s
13、ensitivity. 1 Scope This standard defines terms and principles for the destruction of data carriers. 2 Terms and definitions For the purposes of this document, the following terms and definitions apply: 2.1 destruction process in which the form or condition of data carriers is changed, usually by sh
14、redding, dissolving, melting, heating or burning 2.2 personal data details of the personal or material circumstances of an identified or identifiable natural person 2.3 data representation of facts, concepts, or instructions in a formalized manner, suitable for communication, interpretation, or proc
15、essing by humans or by automatic means DIN EN 14968:2006-11 2.4 information meaningful data DIN EN ISO 9000:2005-12 2.5 data carrier object or item that contains data NOTE Typical data carriers include paper or electronic, magnetic and optical storage media. 2.6 outsourced data processing collection
16、, processing and use of data by assigned third parties DIN 66399-1:2012-10 5 NOTE The destruction of data carriers is also a form of outsourced data processing. 2.7 destruction of data carriers process by which the form or condition of data carriers is changed, usually by shredding, dissolving, melt
17、ing, heating or burning, making it difficult or impossible to recover the information 2.8 security level classification of the effort needed to recover information 2.9 regular particles particles which, as a result of the cutting process used, have a generally unalterable, mostly rectangular shape,
18、as well as a specified length and width 2.10 equipment collection of spatially and functionally linked machinery for the purpose of destroying data carriers 2.11 protection requirement property of data and information which describes the need to protect it from violation of the basic principles of c
19、onfidentiality, integrity and availability, taking into account the harm which would arise from such a violation NOTE 1 The protection requirement is classified as normal, high or very high. NOTE 2 For the destruction of data carriers, the higher the protection requirement of the data they contain,
20、the higher the protection class. 2.12 protection class classification of the protection requirement of data 2.13 data controller any person or body which collects, processes or uses data for itself or assigns others to do so 2.14 collection point place where data carriers are kept before they are de
21、stroyed 2.15 dissolving transforming the data carrier to a suspension 2.16 intruder alarm system alarm system to detect and indicate the presence, entry or attempted entry of an intruder into supervised premises DIN EN 50131:2010-02 2.17 security zone area protected according to the protection class
22、 DIN 66399-1:2012-10 6 3 Identifying the protection requirement and assigning the protection class In order for the destruction of data carriers to comply with the principles of economy and proportionality, the data contained on them shall be assigned a protection class. The security level which is
23、chosen for the destruction of the data carriers is determined by the protection level of the data. Protection class 1 Normal protection level for internal data: The most common classification of information, intended for large groups of people. Unauthorized disclosure or transfer would have limited
24、negative effects on the company. Protection of personal data shall be guaranteed. Otherwise there is a risk that persons affected may suffer damage to their reputation and economic circumstances. Protection class 2 Higher protection level for confidential data: The information is restricted to a sma
25、ll group of people. Unauthorized disclosure would have serious effects on the company and may lead to violation of laws or contractual obligations. The protection of personal data shall meet stringent requirements. Otherwise there is a risk that persons affected may suffer serious damage to their so
26、cial standing or economic circumstances. Protection class 3 Very high protection level for strictly confidential and secret data: The information is restricted to a very small group of persons, known by name, who are authorized to access it. Unauthorized disclosure would have serious (existence-thre
27、atening) effects on the company and/or would lead to violation of professional secrets, contracts and laws. The protection of personal data shall be absolutely guaranteed. Otherwise, the life and safety of persons affected may be at risk, or their personal freedom may be jeopardized. DIN 66399-1:201
28、2-10 7 4 Security levels for data carriers Table 1 shows the various security levels for data carriers. Table 1 Security levels for data carriers Security level Explanation 1 Destruction of data carriers in such a way the data on them can be reproduced without special tools or skills, but not withou
29、t a certain expenditure of time Recommended, for example, for data carriers containing general data to be rendered unreadable. 2 Destruction of data carriers in such a way that the data on them can only be reproduced with tools and a certain amount of effort. Recommended, for example, for data carri
30、ers containing internal data to be rendered unreadable. 3 Destruction of data carriers in such a way that the data on them can only be reproduced with considerable expenditure (in terms of personnel, resources and time) Recommended, for example, for data carriers with sensitive and confidential data
31、. 4 Destruction of data carriers in such a way that the data can only be reproduced with extraordinary expenditure (in terms of personnel, resources and time) Recommended, for example, for data carriers with particularly sensitive and confidential data. 5 Destruction of data carriers in such a way t
32、hat the data on them can only be reproduced with non-standard or specially designed equipment, or using forensic methods Recommended, for example, for data carriers with secret data. 6 Destruction of data carriers in such a way that the data on them cannot be reproduced with current technology Recom
33、mended, for example, for data carriers with secret data where unusually high security measures shall be maintained. 7 Destruction of data carriers in such a way that the data on them cannot be reproduced with current technology or scientific knowledge Recommended, for example, for data carriers with
34、 top secret data where the highest security measures shall be maintained. DIN 66399-1:2012-10 8 5 Assignment of protection classes and security levels 5.1 Selection of security level The three protection classes can be assigned to the security levels using Table 2, but a risk analysis should be carr
35、ied out in each case. If there are data carriers with different security levels at the collection point, they should be sorted there by security level for economical and environmental reasons. If this is not possible, all the data carriers shall always be destroyed according to the higher security l
36、evel. This is to minimize the risk of incorrect assignment leading to inadequate destruction of data carriers containing sensitive data. When selecting the appropriate security level, the density and/or size of the represented information on the data carrier shall be taken into consideration. If the
37、 colour or other characteristics of the data carrier make it easier to reconstruct, a higher security level may have to be selected. Table 2 Assignment of security levels and protection classes Protection class Security levels 1 2 3 4 5 6 7 1 xa xa x 2 x x x 3 x x x x aThis combination can not be us
38、ed for personal data. 5.2 Altering the security level Mixing and compacting the destroyed data carriers impedes reproduction. This does not affect the possible information content of individual particles of material. For data carriers with information shown in the original size or miniaturized, whic
39、h are destroyed according to security level one, two or three, mixing and compacting increases security to the next higher level once only, up to a maximum of security level four. This method of increasing the security level shall be determined by the data controller, insofar as the protection level
40、 and the applicable regulations allow it. This procedure requires a minimum of 100 kg of data carriers, which shall be destroyed in a single, uninterrupted cycle of the machine or equipment. The security level of the machine and how this is assured shall be openly and clearly indicated. If it is possible for data controllers to destroy data carriers directly on site at any time, this increases security and is preferable to other methods, provided the selected security level is used.
