Three Grades of Data Security Based on HM Government/ CESG Standards to Meet Your Specific Needs.
Data Eliminate One-Off Jobs and Annual Service Contracts are available at three different levels of security to suit the needs of individual customers. These grades are based on a classified document called Information Assurance Standard No 5 (IA5) produced by CESG (part of Cheltenham GCHQ) which is responsible for Information Assurance across UK Government.
Information Assurance Standard No 5 is like a ‘recipe book’ or prescription that tells you, among other things, how to destroy data depending on its sensitivity, where it is located and the media on which it is stored. For more info on Information Assurance Standard No 5 (IA5) – click here.
Below is a guide to the selection of Data Eliminate’s Service Grades typically made by customers in line with their organisation type, activity and internal security policies. For information on service features which apply to each grade click here.
|Security Grade||Organisation Type||Drivers for Selection||Examples of Relevant Regulation|
|SME Grade||Small and Medium Sized Businesses;
Clubs and Societies;
|Meet Basic Statutory Obligations;
Peace of Mind;
Protection Against ID Fraud.
|Data Protection Act.|
|HM Government / Corporate Grade||National and Local Government;
Professional and Financial Services;
Organisations with large amounts of sensitive data eg credit card details.
|Protect Reputation and Intellectual Property;
Comply with Specific Statutory, Regulatory or Contractual Duties.
|Financial Services Authority;
Security Policy Framework
GSI Code of Connection
|Military Grade||Military and Diplomatic Services;
Critical National Infrastructure;
Law Enforcement Agencies.
|National Security.||Security Agency Best Practice – (CESG, CPNI or MOD Guidelines).|
HM Government’s Security Policy Framework
There are two key documents for HM Government organisations. These are IA5 and the Cabinet Office’s HMG’s Security Policy Framework, (SPF). The SPF defines the government’s protective security and risk strategy. The SPF mandates the Security Policy Requirements that HMG Agencies and Departments must follow.
The SPF states that sensitive data must be destroyed in line with HMG Information Assurance Standard No 5 – Secure Sanitisation of Protectively Marked or Sensitive Information. There is a specific Mandatory Requirement of the SPF which relates to data destruction.
HMG Information Assurance Standard No 5, list the type of destruction that is needed for Protectively Marked information at different Business Impact Levels (BIL). Below is a guide to these.
IA5 Features Three Tiers for Physical Destruction:
Secure Sanitisation Level 1 (SSL1), is for information that is Protectively Marked “Unclassified – IL1″ and “Protect – IL2″. IA5 states that IL1 & 2 information be destroyed to Commercial Best Practice standards. Data Eliminate’s truck mounted shredder/disintegrator shreds computer hard disks and magnetic tapes to this Commercial Best Practice specification.
Secure Sanitisation Level 2, SSL2, is for information that is Protectively Marked “Restricted – IL3″ and “Confidential – IL4″. IA5 states that IL3 information needs to be degaussed or shredded in line with the Lower Level Degaussing Standard. E.g. that when the data bearing device is reconnected to a reading device cannot be read. For IL4 Confidential both degaussing and shredding are required for off-site services. This work should normally be done by SC cleared staff.
Secure Sanitisation Level 3, SSL3, is for information that is Protectively Marked “Secret – IL5″ and “Top Secret – IL6″. IL5 & 6 media must be degaussed to CESG’s Higher Level and shredded to 6mm particles if the media is magnetic media, and shredded to 2mm particles if the media is optical.
For An Instant Estimate – Click Here.
For guidance on any of the above, call us on Tel: 0345-1234400