DIN 66399 - What you should know!

Materials referred to in security levels
according to the new DIN 66399
Ideal document shredder for your internal
data protection and security concept
The previous pages mainly dealt with information in the original size (data carrier “paper” etc.). In these
modern times of communication, there are however numerous new data carriers, which are also respected
in the new DIN 66399. This is a short summary:
Here are some examples from our comprehensive range of shredders,
comprising more than 50 model versions, starting with the compact machine
for desk-side use, and going up to the powerful high volume shredders:
Information in miniaturised form,
for example microfilms.
Security levels F-1 to F-7
Information on optical data carriers,
for example CDs/DVDs.
Security levels O-1 to O-7
Information on magnetic data carriers,
for example ID-cards, diskettes.
Security levels T-1 to T-7
Information on hard drives with
magnetic data carriers.
Security levels H-1 to H-7
Information on electronic data carriers,
for example chip cards, memory sticks.
Security levels E-1 to E-7
Desk-side shredders
Data protection directly at the working place or for small-group offices
Model
EBA 1324 S
EBA 1324 C
EBA 1324 C
EBA 1324 CC
EBA 1324 CCC
Cutting width Cutting type
4 mm
Straight Cut
4 x 40 mm Cross Cut
2 x 15 mm Cross Cut
0.8 x 12 mm Micro Cut
0.8 x 5 mm Super Micro Cut
Information about the new DIN 66399
for destruction of data carriers
Security level
P-2 -T-3*
P-4 -T-4*
P-5 -T-5*
P-6- P-7- -
Office shredders
Central data protection in the office, for example next to the copying machine
Model
EBA 2326 S
EBA 2326 C
EBA 2326 C
EBA 2326 CC
EBA 2326 CCC
Cutting width Cutting type
4 mm
Straight Cut
4 x 40 mm Cross Cut
2 x 15 mm Cross Cut
0.8 x 12 mm Micro Cut
0.8 x 5 mm Super Micro Cut
Security level
P-2 O-2T-3*
P-4 O-3T-4*
P-5 O-4T-5*
P-6- P-7- -
All details and technical specifications are approximate. Subject to change. 06/2013
Information in original size,
for example paper, films, printing plates.
Security levels P-1 to P-7
What you should know!
Departmental shredders
Powerful, central office shredder with high shred volume
Model
EBA 5141 S
EBA 5141 C
EBA 5141 C
EBA 5141 CC
EBA 5141 CCC
Cutting width Cutting type
6 mm
Straight Cut
4 x 40 mm Cross Cut
2 x 15 mm Cross Cut
0.8 x 12 mm Micro Cut
0.8 x 5 mm Super Micro Cut
Security level
P-2 O-2T-2*
P-4 O-3T-4*
P-5 O-4T-5*
P-6- P-7- -
* only valid for plastic cards with magnetic strip
www.eba.de
First Class Security
What is new about DIN 66399?
Identifying the sensitivity of data
and assigning the classification level
The new DIN 66399 replaces the hitherto DIN 32757. The most significant changes are:
In order for the destruction of data carriers to comply with the principles of economy and proportionality, the data
contained on them shall be assigned a classification level. The security level which is chosen for the destruction
of the data carriers is determined by the sensitivity of the data.
Three classification levels
A risk analysis shall be carried out for the data carriers and the data contained assigned to one of the three
classification levels. The classification level determines the security level which is chosen for the destruction of
the data carriers.
Six material categories
For the first time the norm defines different material classifications, also reflecting the size of the information
presented on the data carrier (paper documents, optical, magnetic or electronic data carriers and hard drives).
Seven security levels
Instead of the previous five security levels, the new DIN 66399 now defines seven security levels. One major
difference is the new security level P-4 with a material particle surface of maximum 160 mm², the previous
level 4 becomes level P-5 and the previous level 5 becomes P-6. “Level 6”, which was not previously reflected in
the DIN norm, will become level P-7.
Security levels according to DIN 66399 for
information presentation in original size,
for example paper documents
Classification level 1:
Normal sensitivity for internal data: the most common classification of information, intended for large groups of
people. Unauthorised disclosure or transfer would have limited negative effects on the company. Protection of
personal data shall be guaranteed. Otherwise there is a risk that persons affected may suffer damage to their
reputation and economic circumstances.
Classification level 2:
Higher sensitivity for confidential data: the information is restricted to a small group of people. Unauthorised
disclosure would have serious effects on the company and may lead to violation of laws or contractual obligations. The protection of personal data shall meet stringent requirements. Otherwise there is a risk that persons
affected may suffer serious damage to their social standing or economic circumstances.
Classification level 3:
Very high sensitivity for confidential and secret data: the information is restricted to a very small group of
persons, known by name, who are authorised to access it. Unauthorised disclosure would have serious,
existence-threatening effects on the company and/or would lead to violation of trade secrets, contracts and
laws. The protection of personal data shall be absolutely guaranteed. Otherwise, the life and safety of persons
affected may be at risk, or their personal freedom may be jeopardised.
Assignment of classification levels and security levels see table below:
Important details related to the new DIN 66399:
SecuritySecuritySecuritySecurity SecuritySecuritySecurity
level 1level 2level 3level 4level 5level 6 level 7
• If it is possible for data controllers to destroy data carriers directly on site at any time, this
increases security and is preferable to other methods, provided the selected security level
is used.
Classification level 1
• If there are data carriers with different security levels at the collection point, they should
be sorted there by security level for economical and environmental reasons. If this is not
possible, all the data carriers shall always be destroyed according to the higher security
level. This is to minimize the risk of incorrect assignment leading to inadequate destruction
of data carriers containing sensitive data.
1
1
Classification level 2
Classification level 3
1
2
This combination can not be used for personal data.
A higher security level covers the protection class in a better way.
2
2
2
2
2
2
P-1
P-2
P-3
P-4
P-5
P-6
P-7
Recommended for instance
for data carriers with general
data, which have to be made
illegible.
Recommended, for example,
for data carriers with internal
data, which have to be made
illegible.
Particle size
≤ 2000 mm2 or
strip width ≤ 12 mm.
Unlimited strip length.
Particle size
≤ 800 mm2 or
strip width ≤ 6 mm
Unlimited strip length.
Recommended, for example,
for data carriers with sensitive
and confidential data.
Particle size
≤ 320 mm2 (for example
particles 6 x 50 mm) or
strip width ≤ 2 mm
Unlimited strip length.
Recommended, for example,
for data carriers with particularly sensitive and confidential
data.
Particle size
≤ 160 mm2
and for regular particles:
strip width ≤ 6 mm (for
example particles 4 x 40 mm).
Recommended, for example,
for data carriers with secret
data.
Particle size
≤ 30 mm2
and for regular particles:
strip width ≤ 2 mm (for
example particles 2 x 15 mm).
Recommended, for example,
for data carriers with secret
data where unusually high
security standards shall be
maintained.
Particle size
≤ 10 mm2
and for regular particles: strip
width ≤ 1 mm (for example
particles 0.8 x 12 mm).
Recommended, for example,
for data carriers with top
secret data where the
strictest security standards
shall be maintained.
Particle size
≤ 5 mm2
and for regular particles: strip
width ≤ 1 mm (for example
particles 0.8 x 5 mm).
Download PDF
Similar pages