93 729 63 82

información y pedidos en España

Nueva Norma DIN 66399 de clasificación niveles de seguridad

The new DIN 66399 for destruction of data carriers

What is new?

THREE PROTECTION CATEGORIES
The determination of the protection requirements and the allocation of the protection class as well as the security levels serve the classification of arising data.

SIX MATERIAL CATEGORIES
For the first time the norm defines different material classifications, also reflecting the size of the information presented on the data carrier (paper documents, optical, magnetic or electronic data carriers and hard drives).

SEVEN SECURITY LEVELS
Instead of the previous five security levels, the new DIN 66399 now defines seven security levels. One major difference is the new security level P-4 with a material particle surface of maximum 160 mm², the previous level 4 becomes level P-5 and the previous level 5 becomes P-6. “Level 6”, which was not previously reflected in the DIN norm, will become level P-7.

Security levels according to DIN 66399 for information presentation inoriginal size, for example for paper documents

P. PAPER DOCUMENTS:

SECURITY LEVEL P-2

Recommended for instance for data carriers with internal data, which have to be made illegible. Material particle surface ≤ 800 mm2 or strip width ≤ 6 mm Strip length not determined.

SECURITY LEVEL P-3

Recommend for instance for data carriers with sensitive and confidential information. Material particle surface ≤ 320 mm2 (for example particles 4 x 80 mm) or strip width ≤ 2 mm Strip length not determined.

SECURITY LEVEL P-4

Recommended for instance for data carriers with especially sensitive and confidential information. Material particle surface ≤ 160 mm2 and for regular particles: strip width ≤ 6 mm (for example particles 4 x 40 mm).

SECURITY LEVEL P-5

Recommended for instance for data carriers with secret information. Material particle surface ≤ 30 mm2 and for regular particles: strip width ≤ 2 mm (for example particles 2 x 15 mm).

SECURITY LEVEL P-6

Recommended for instance for data carriers with secret data in case extraordinarily high security precautions have to be respected. Material particle surface ≤ 10 mm2 and for regular particles: strip width ≤ 1 mm (for example particles 0.8 x 12 mm).

SECURITY LEVEL P-7

Recommended for instance for data carriers with strictly confidential data in case the highest security precautions have to be respected. Material particle surface ≤ 5 mm2 and for regular particles: strip width ≤ 1 mm (for example particles 0.8 x 5 mm).
Material classification according to the new DIN 66399

 

All DATA carriers:

P 1 – P 7. PAPER

Information presentation in original size, for example paper, films, printing plates. Security levels P-1 to P-7

F 1 – D 7. FILM DATA CARRIERS

Reduced information presentation, for example micro films, foil. Security levels F-1 to F-7

O 1 – O 7. OPTICAL DATA CARRIERS

Information presentation on optical data carriers, for example CDs/DVDs. Security levels O-1 to O-7

T 1 – T 7. MAGNETIC DATA CARRIERS “soft”

Information presentation on magnetic data carriers, for example ID-cards, diskettes. Security levels T-1 to T-7

H 1 – H 7. MAGNETIC DATA CARRIERS “hard”

Information presentation on magnetic data carriers, for example hard drives. Security levels T-1 to T-7

E 1 – E 7. ELECTRONIC DATA CARRIERS

Information presentation on electronic data carriers, for example flash drives, chip cards Security levels E-1 to E-7
Determination of the protection requirement and allocation of the protection class
In order to respect the principles of economic efficiency vis-a-vis appropriateness when destroying data, it is necessary to categorize the data into protection classes. In this context, the degree of protection is crucial to the choice of security level with respect to the destruction of the data carriers.

 

Protection classes:

PROTECTION CLASS 1:

Normal protection requirement for internal data. This information is determined and made available to bigger sized groups. Unauthorized disclosure would have limited negative effects on the company. Protection of personal data has to be ensured. Examples: not know-how relevant correspondence, personalized advertising, catalogues, circulars, notes …

PROTECTION CLASS 2:

High protection requirement for confidential data, which is accessible to a small circle of people. Unauthorized disclosure would have substantial effects on the company and could violate contractual commitments or laws. Protection of personal related data must relate to high requirements. Examples: know-how relevant correspondence like offers, inquiries, memos, posts, personal data …

PROTECTION CLASS 3:

Very high protection requirement for very confidential and secret data, accessible to a small circle of authorized people, whose names are known. Unauthorized disclosure would have serious, existence- Threatening effects on the company and would violate professional secrets, contracts and laws. Protection of personal data must be ensured thoroughly. Examples: management documents, R&D documents, financial data, confidential information …