S 2.435 Selecting suitable shredders

Initiation responsibility: IT Security Officer, Head of Organisation

Implementation responsibility: Purchasing Department, IT Security Officer

Using shredders, it is possible to cut up paper documents, but also chip cards and CDs so that the original information cannot be easily read from the fragments. Whether or not it is possible to reconstruct the information, and if so, how much effort is required, depends on the quality of the device used for shredding. In the DIN 66399:2012 "Destruction of data carriers" standard, three protection classes and seven security levels are defined. The basis for the assignment to a protection class is the protection requirement of the data. The standard specifies the associated security levels for each protection class and thus the size of the particles generated by shredders. In the lower security levels, there are shredders cutting the material into strips (straight cut). In the higher security levels, there are shredders generating particles using another cutting technique (e.g. cross cut). With straight-cut shredders, though, it is still highly probable that it will be possible to reconstruct the shredded documents. Especially in cases where there is little mixing, i.e. only a few documents are shredded, it is even possible to reconstruct documents cut by a straight-cut shredder into very narrow strips in accordance with the Security Level 3 specification. To destroy documents containing information requiring protection, shredders with a particle cut (cross-cut shredder in Security Level 3 or higher) should be used.

The requirements to be met by such equipment are described in the DIN 66399:2012 Part 2 "Requirements for equipment for destruction of data carriers" standard. Each different type of data media is assigned a security level that places different requirements on the size of the destroyed material. In DIN 66399, security levels are indicated by a material identifier and the number of the level, such as "Paper, Security Level 3 (P-3)". A paper shredder is not necessarily enough for the destruction of chip cards or similar data media. For the values specified in the following for particle sizes, DIN 66399 Part 2 requires a compliance of 90 %, i.e. 10 % of the particles in a sample may be larger.

• Security Level 3: For files (P-3), the particle size must not exceed 320 square millimetres. For straight-cut shredders, the strips can be up to a maximum of 2 millimetres wide. For microfilms (F-3), 10 square millimetres are required, and for chip cards (E-3) 160 square millimetres. Reproduction of the information is only possible with considerable effort (in terms of personnel, resources, and time).
• Security Level 4: The particle size must not exceed 160 square millimetres for files (P-4) and 2.5 square millimetres for microfilms (F-4). For chip cards (E-4), the particle size must not exceed 30 square millimetres; here, the chip must be divided at least once. The information can only be reproduced using aids and with exceptional effort.
• Security Level 5: The particle size (P-5) must not exceed 30 square millimetres and 1 square millimetre for microfilms (F-5). For chip cards (E-5), the particle size must not exceed 10 square millimetres; here, the chip must be divided several times. Reproduction of the information is only possible using non-commercial or custom-built equipment.

For the destruction of data media with normal protection requirements, shredding device with Security Level 3 (with the restrictions stated above) or above can be used. For higher protection requirements, Security Level 4 or 5 devices should be used.

When selecting the appropriate security level, the following should be considered to achieve an optimal balance between cost and security:

• The smaller the particle size is, the more security is offered when shredding. Especially crucial to documents is whether individual particles include information requiring protection or if information requiring protection is only available by assembling several particles. There may be situations in which individual ultralarge particles, which are perfectly admissible according to the standard's tolerance range, may contain information requiring protection and the protection objective may not be reached with the selected security level.
  To a certain extent, the security is also increased when a shredder with a high throughput is used and the particles are therefore already mixed well during the shredding operation. Shredders for office use usually only mix the shredded particles to a low extent. The security is reduced further if the colour or other features of the shredded material facilitate the reconstruction.
• The throughput of the device is lower when generating smaller particle sizes. To achieve the desired throughput, it may be necessary to purchase a more powerful, larger (and therefore more expensive) shredder. In this case, the general requirements should be examined to see if they permit the use of a lower security level, and therefore of a less expensive device, as long as the protection requirements are complied with.

This is illustrated in the following two examples:

• A company must often destroy and shred files with the highest protection requirements ("confidential commercial information", "classified/secret information"). Due to the small number of such files, the company does not expect that large amounts of paper will need to be shredded. In this case, a Security Level P-6 or P-7 shredder must be used.
• In a company, an enormous amount of public documents and documents up to normal protection requirements ("for internal use only") need to be destroyed. Documents consisting of a few pages with higher protection requirements must only be destroyed rarely. In this case, the use of a Security Level P-5 shredder is reasonable. The documents with higher protection requirements can then be destroyed together with other documents (e.g. public documents) to obtain an adequate mixture of the shredded particles.

Data media containing miniature versions of documents (e.g. microfilm and microfiche) as well as magnetic strip cards, chip cards, CDs and DVDs can generally be destroyed using suitable shredding devices. However, the media need to be cut into smaller particles to achieve the same level of security. The DIN 663992 Part 2 standard also specifies particle sizes for microfilms. However, there are currently no microfilm shredders available on the market. Destroying microfilms is thus only possible by burning or melting.

When used, shredding devices are subject to normal wear and tear. Shredding material for which the shredding device is not suitable might result in damage. In both cases, the cutting quality is impaired so that it is necessary to check the shredded material at regular intervals. For this purpose, it is often sufficient to compare the shredded material to the information provided in the documentation of the device by means of a visual inspection.

Review questions:

• Does the particle size meet the protection requirements of the information?
• Are cross-cut shredders used to destroy information requiring protection?
• Was the throughput of the shredder taken into account during the selection process?
• Is the shredded material checked at regular intervals to make sure the particle size is complied with?