When it comes to destroying documents, there are different levels of standards that certain industries must comply with in order to ensure that proper privacy and security practices are in place. The shredding industry provides different standards of compliance for personal shredder units and for professional shredding service providers. When considering your own shredding solution, you should be aware of the options and of the requirements you may need to follow.
DIN 66399 Shredder Classifications and P Levels
When considering options to purchase a personal shredder, the standard classification for security levels is called DIN 66399. For paper shredders, there are seven security levels ranging from P-1 to P-7. As the number gets higher, the shredded particle size gets smaller. For example, P-1 shredders have the largest particle size, and P-7 shredders have the smallest particle size. P-1 is considered the lowest security rating, while P-7 is the highest. P-1 shredders have an average shredded particle width of 12 mm and can shred one piece of paper into 17.5 strips. P-7 shredders have a shredded particle width of less than 1 mm and can shred one piece of paper into more than 12,000 particles.
NAID AAA Certification Standards
The professional shredding industry has a standards-setting body called the National Association for Information Destruction (NAID). Shredding companies who are NAID AAA certified have met rigorous industry-leading standards for privacy and security. NAID AAA certified companies are audited on a continuous basis and are assessed in areas such as operational and facility security, data destruction processes, and employee hiring practices. Choosing a NAID AAA certified company for your shredding project helps ensure that you are fulfilling regulatory requirements related to data protection such as HIPAA, FACTA, SOX, GLB, and state laws.
Chain Of Custody vs. Shredder Type
When it comes to having a secure document destruction process, the chain of custody is equally as important as other factors are, such as shredder type and shredded particle size. You need to know where your documents are going and who is responsible for them from the time you are ready for disposal until the “end of life” for those documents. When a professional shredding company comes to pick up your documents, do you know who is responsible for the potential data breach if the documents get lost during the pick-up or during transit? Do you know where the documents are transported to and what happens to the documents when they get there? Is your shredding company providing the pick-up and transportation or are they hiring a 3rd party for freight? When you put your documents inside of a shredding company’s container at your office, who becomes responsible for the documents then? These are all critical questions you need to know for your shredding process. It is important that your shredding company provides a clear and upfront response to all of these questions, so that you know if you are meeting your requirements.