Nationwide computer disposal. Secure data destruction and computer recycling
Commputer recycling

Destroying your Data.....

Protecting the Environment    

Secure Data Destruction - Secure Sanitisation Services

Secure Sanitisation Level (SSL) Impact Levels (IL0-6)

The main factors for any organisation to consider is the type of information held, the type of storage device the data is held on, the confidentiality (security level) of the data.

First and foremost is to identify the potential risk of data confidentiality, what would happen if it fell into the wrong hands, could it cause short term embarrassment - or have a permanent damaging effect on the organisation, could it cause financial loss, or impact on individuals within the organisation.

Secondly decide on the process required - should the sanitisation process be applied in-house or externally sourced, will any of the media be considered for re-use, or physical destruction - also consider environmental issues, time scales and above all costs.

Clear: - the process of overwriting, with a series 0's then repeating the process using a series of 1's and finally randomly writing a series of 0's and 1's. This process is suitable for:

  • Hard Drives

  • Network Hard Drives

  • Printer Hard Drives

  • Flash Hard Drive

  • Zip, Jaz, Floppy, LS120 &

  • USB and other Flash Media

Purge: - the process of degaussing - degaussing involves passing magnetic media under a strong magnetic field, disrupting data patterns, degaussing also destroys the firmware of Hard Drives so should not be considered if re-use is an option.  This process is suitable for:

  • Hard Drives

  • Data Tapes - DAT, DLT, CCTV, Audio, Video, cassettes

Destroy: - the process of destruction, physical destruction involves disintegration, incineration or shredding. this is the ultimate media sanitisation method. the media is totally destroyed to particle sizes, 15mm to 6mm.  This process is suitable for all the above media forms, Plus:

  • Optical media - CD's, DVD's, Blu-ray, HD DVD, mini discs

  • DVD-RAM Discs

  • Documents - Paper based

  • Documents - Microfiche

  • Plus many more

The standards below define a Secure Sanitisation Level at three different levels, SSL1, SSL2 and SSL3. Each SSL is related to the (IL) Impact Level  of compromise of confidentiality and is defined below.

Impact Levels: - Impact Levels relate directly to standard protective markings:

Impact Levels 0-2   PROTECT
Impact Level 3   RESTRICTED
Impact Level 4   CONFIDENTIAL
Impact Level 5   SECRET
Impact Level 6  
TOP SECRET
there is no equivalent set of markings for Integrity or Availability.

Each SSL has three Options:

  1. Clear
  2. Purge
  3. Destroy

This will enable organisations to make their own decisions, by taking into account security, cost and environmental concerns, as to whether the items are to be re-used  or physical destruction is the only option available to them.

Once the media that is to be re-used has been through the Sanitisation process, inline  with the standards above - using the appropriate SSL, then the media may be handled as shown in the table below.

SSL CLEAR PURGE
1 IL0 - 2 No Change IL0 - 2 may be handled as IL0
2 IL3 - 4 No Change IL3 - 4 may be handled as IL0
3
IL5 may be handled as IL4
IL6 may be handled as IL5
 
IL5 may be handled as IL2 or IL3
IL6 may be handled as IL3 or IL4
(Dependent on risk assessment)
 
  1. SSL1 - this level is used for the Sanitisation of all storage media types that are storing data from IL0 - IL2

  2. SSL2 - this level is used for the Sanitisation of all storage media types that are storing data from IL3 - IL4

  3. SSL3 - this level is used for the Sanitisation of all storage media types that are storing data from IL5 - IL6

SSL CLEAR
Hard/Data Drives USB Memory Sticks,  Flash Media CD's - DVD's
1 Overwrite with unassured products CESG Manual S (Table 8A) Use CD erase software
2 Overwrite with CC EAL 1  or CCT Mark Products CESG Manual S (Table 8A) N/A
3 Overwrite with CESG Lower  or CC EAL 2 Products CESG Manual S (Table 8A) N/A
SSL PURGE
Hard/Data Drives USB Memory Sticks,  Flash Media CD's - DVD's
1 Overwrite with CC EAL 2 Products CESG Manual S (Table 8A) N/A
2 Overwrite with ATA Secure Erase or CESG Higher Products CESG Manual S (Table 8A) N/A
3 Overwrite with CESG Higher Products CESG Manual S (Table 8A) N/A
SSL DESTROY
Hard/Data Drives USB Memory Sticks,  Flash Media CD's - DVD's
1 CBP
2 Degauss at CESG Lower then/or CBP CESG Guidance or CBP
3 Degauss at CESG Higher Products then destroy to CESG CESG Guidance

if you require more information or clarification on any of the BUSINESS IMPACT LEVEL TABLES above then click here to view the HMG Infosec Standards as defined by www.cesg.gov.uk


Copyright 2003-2009 secure-data-destruction.eu