Expert Advice Community

Guest

Control A.8.3.2 and commercial shredders

  Quote
Guest
Guest user Created:   Feb 15, 2019 Last commented:   Feb 15, 2019

Control A.8.3.2 and commercial shredders

Because of control A.8.3.2 we want to buy a disk shredder. Does this shredder need some specific specifications (for example a specific security level?).
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Feb 15, 2019

I know the ISO Standard doesn’t specify anything about that but we don’t want to buy a shredder and afterwards the shredder doesn’t fulfill the requirements of the ISO standard. Maybe you as an expert can share some experience with us.

Answer:

Commercial shredders are normally classified in security levels that can range from a low-security P-1 up to a maximum-security P-7, the higher the value, the smaller the pieces produced.

P-4 shredder is the minimum security level for sensitive information, while a high security shredder is either a Micro-Cut (P-5), Super Micro-Cut (P-6), or a High Security-Cut shredder (P-7). P-6 and P-7 are most used by security firms and government agencies.

So, you have to evaluate which types of information you will use on the shredder to define the proper specification.

This article can provide you further information:
- 5 practical tips for media dis posal according to ISO 27001 https://advisera.com/27001academy/blog/2018/10/22/5-practical-tips-for-media-disposal-according-to-iso-27001/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 15, 2019

Feb 15, 2019

Suggested Topics

Guest user Created:   15h ago ISO 27001 & 22301
Replies: 1
0 0

A.15 Control section

Guest user Created:   Dec 03, 2021 ISO 27001 & 22301
Replies: 1
0 0

Controls A.17.1