Control A.8.3.2 and commercial shredders
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
I know the ISO Standard doesn’t specify anything about that but we don’t want to buy a shredder and afterwards the shredder doesn’t fulfill the requirements of the ISO standard. Maybe you as an expert can share some experience with us.
Answer:
Commercial shredders are normally classified in security levels that can range from a low-security P-1 up to a maximum-security P-7, the higher the value, the smaller the pieces produced.
P-4 shredder is the minimum security level for sensitive information, while a high security shredder is either a Micro-Cut (P-5), Super Micro-Cut (P-6), or a High Security-Cut shredder (P-7). P-6 and P-7 are most used by security firms and government agencies.
So, you have to evaluate which types of information you will use on the shredder to define the proper specification.
This article can provide you further information:
- 5 practical tips for media dis posal according to ISO 27001 https://advisera.com/27001academy/blog/2018/10/22/5-practical-tips-for-media-disposal-according-to-iso-27001/
Comment as guest or Sign in
Feb 15, 2019