Anyone who has data media destroyed using a shredder, or plans to purchase a shredder themselves, should carefully study the DIN 66399 standards. Not every shredder, or shredding service provider, fulfills the necessary devices or safety certifications for the reliable destruction of the respective data media.
Even if a shredder is certified according to DIN 66399, this does not automatically mean that this certification applies to all data media. Especially when shredding, it is important to consider which data carriers/media are shredded/destroyed. Depending on the type of source material, different material classes apply for the definition of the security level. This is particularly important, as the different source materials, such as HDD, SSD, flash memory chips, paper, etc., there are different possibilities for reproducing the data. Basically, this means that the smaller/fine the shredded pieces are after the shredding process, the lower the possibility of data recovery and therefore, the more reliable the destruction process is.
On the other hand, there is the problem that there are very different types of data carriers with regard to the material. Uniform shredding to identical end particles would be nonsensical and uneconomical. Shredding a compactly built metal HDD requires much more power and energy than shredding paper. The material classes take this aspect into account and ensure that a reasonable, standardised shredding process can still be used for each storage medium, according to the reproduction possibilities.
Classification & organisation of the standard:
In principle, the classification of a shredder device / or a shredder service according to the DIN 66399 standard the following aspects:
| Material classes: |
Define with letters for which type of data carrier the unit is designed/conceived. |
| Security levels: |
Define in combination with the material class with numbers 1-7 which security classification a device/service achieves for the respective data carrier. |
| Protection classes: |
These simply divide the 7 security levels into three main categories. |
Examples: E-4 = This unit/service is designed for electronic media (SSD) & reaches max. security level 4. H-5 = This unit/service is designed for magnetic hard disks (HDD) & reaches max. security level 5 T-4 = This unit/service is designed for magnetic media (LTO backup tapes) & reaches max. security level 4
Shredding digital data material-classes:
Material-classes Source material / data carrier Examples:
| Material-classes |
Source Material / Data Carrier |
Examples |
| O |
Optical Data Carriers |
CD, DVD, Blue-Ray, Laser-Disk, MiniDisk etc. |
| T |
Magnetic Data Carriers (excl. hard disks) |
Any magnetic tapes such as LTO tapes, also floppy disks, |
| H |
Magnetically Built Hard Disks |
HDD-hard disks |
| E |
Electronic Data Carriers |
Semiconductor hard disks (solid-state drives / SSD) Smart cards (SD cards etc.) Memory chips, USB sticks, motherboards & circuit boards, mobile communication devices such as smartphones. |
The security levels: Security relevance / type of data to be destroyed:
| Security level |
Security relevance / type of data to be destroyed |
|
| 1 |
General, not particularly relevant data: |
Reproduction is possible with simple effort |
| 2 |
Internal data: |
Reproduction is easily possible with special effort |
| 3 |
Sensitive data, minimum requirement for irrelevant, non-structured, personal data: |
Reproduction is possible with considerable effort |
| 4 |
Data to be kept secret / minimum requirements for relevant or structured personal data: |
Reproduction is possible with exceptional effort |
| 5 |
Data to be kept secret: |
Reproduction is almost impossible and would be extremely costly |
| 6 |
Secret, highly sensitive security-relevant data: |
Reproduction is technically not possible today |
| 7 |
Top secret, high security data: |
Reproduction is completely ruled out |
The results/particle size that are permissible after completion of the shredding process, depending on the material class and security level, are explained in detail further down.
Final particle size after finishing the shredding activity:
| Material-class: O |
| Optical data carriers: e.g. CD, DVD etc. |
| Security level |
Final state, shape & size |
Permitted tolerance deviation |
| |
(after shredding) |
for 10 % of the material |
| O-1 |
Area of the material particles max. 2’000 mm2 |
Area of the material particles max. 3’800 mm2 |
| O-2 |
Area of the material particles max. 800 mm2 |
Area of the material particles max. 2’000 mm2 |
| O-3 |
Area of the material particles max. 160 mm2 |
Area of the material particles max. 480 mm2 |
| O-4 |
Area of the material particles max. 30 mm2 |
Area of the material particles max. 90 mm2 |
| O-5 |
Area of the material particles max. 10 mm2 |
Area of the material particles max. 30 mm2 |
| O-6 |
Area of the material particles max. 5 mm2 |
Area of the material particles max. 15 mm2 |
| O-7 |
Area of the material particles max. 0.2 mm2 |
Area of the material particles Max. 0.6 mm2 |
| Material-class: T |
| Magnetic data carriers: e.g. magnetic tapes, cards with magnetic stripes, floppy disks etc. |
| Security level |
Final state, shape & size |
Permitted tolerance deviation |
| |
(after shredding) |
for 10 % of the material |
| T-1 |
Medium inoperative |
|
| T-2 |
Medium divided several times and area of material particles ≤ 2’000mm2 |
Area of the material particles max. 3’800 mm2 |
| T-3 |
Area of the material particles ≤ 320mm2 |
Area of the material particles max. 800 mm2 |
| T-4 |
Area of the material particles ≤ 160mm2 |
Area of the material particles max. 480 mm2 |
| T-5 |
Area of the material particles ≤ 30mm2 |
Area of the material particles max. 90 mm2 |
| T-6 |
Area of the material particles ≤ 10mm2 |
Area of the material particles max. 30 mm2 |
| T-7 |
Area of the material particles ≤ 2,5mm2 |
Area of the material particles max. 7.5 mm2 |
| Material-class: H |
| Magnetic hard drives e.g. HDD-disks etc. |
| Security level |
Final state, shape & size |
Permitted tolerance deviation |
| |
(after shredding) |
for 10 % of the material |
| H-1 |
Hard disk inoperative |
|
| H-2 |
Data carrier damaged |
|
| H-3 |
Data carrier deformed |
|
| H-4 |
Data carrier divided and deformed several times and surface of the material particles max. 2’000 mm2 |
Area of the material particles max. 3’800 mm2 |
| H-5 |
Data carrier divided and deformed several times and surface of the material particles max. 320 mm2 |
Area of the material particles max. 800 mm2 |
| H-6 |
Data carrier divided and deformed several times and surface of the material particles max. 10 mm2 |
Area of the material particles max. 30 mm2 |
| H-7 |
Data carrier divided and deformed several times and surface of the material particles max. 5 mm2 |
Area of the material particles max. 15 mm2 |
| Material-class: E |
| Electronic data carriers e.g. SSDs, USB Sticks, Smartphones etc. |
| Security level |
Final state, shape & size |
Permitted tolerance deviation |
| |
(after shredding) |
for 10 % of the material |
| E-1 |
Medium non-functional |
|
| E-2 |
Medium divided |
|
| E-3 |
Medium divided & area of material particles max. 160 mm2 |
Area of the material particles max. 480 mm2 |
| E-4 |
Medium divided & area of material particles max. 30 mm2 |
Area of the material particles max. 90 mm2 |
| E-5 |
Medium divided & area of material particles max. 10 mm2 |
Area of the material particles max. 30 mm2 |
| E-6 |
Medium divided & area of material particles max. 1 mm2 |
Area of the material particles max. 3 mm2 |
| E-7 |
Medium divided & area of material particles max. 0.5 mm2 |
Area of the material particles max. 1.5 mm2 |
Ontrack Data Erasure Verification-Services:
The independent Ontrack specialists audit the results of data erasure or data media destruction carried out by the client or their IT service provider. The focus is not on the direct examination of the erasure technology used or internal procedures and/or processes. The Ontrack specialists focus completely on the essential, on the result of the data deletion/destruction carried out. The independent, audit compliant Ontrack Data Erasure Verification Service offers the following certifications:
| Applied Data Erasure Technology: |
Check through Onyrack Erasure Verification service: |
| Software-Tools |
Has the data been deleted comprehensively and without errors, or can residual data or traces of data be found? |
| Degausser (demagnetise) |
Was the complete data carrier completely destroyed & rendered unusable |
| Shredder |
Does the final condition of the shredded material meet the requirements for material or safety certification according to DIN 66399 |
For more information:
Data Deletion, Destruction and Erasure Solutions
or
Contact us
Singapore | English
Locations
Search
Back to listing
