The ISO/IEC 21964 standard is now referenced at the international level for data carrier destruction requirements. This standard is based on the German norm DIN 66399.

The standard defines principles for the destruction of data carriers, requirements for machinery in order to ensure safe destruction, and destruction methods for all parties involved in this process.

The element most used so far from DIN 66399 is a chart of particle sizes. However, you this grid is used in relation to 3 protection classes, 6 security levels and 6 different groups of data carriers, making it relatively complicated to apply.  You can find more about this on our website in ‘DIN 6639/ ISO/IEC 21964 explained’ and in ‘Destructing data carriers, not so simple’.

The Internationalization of the old DIN 66399

DIN 32757 is an old norm for paper destruction which originates from 1985. The latest version, published in 2012, became DIN 66399 and includes electronic data carriers.

The IEC works closely with ISO to ensure that standards do not overlap or result in duplication. The IEC and ISO Joint Technical Committee 1 (ISO/IEC JTC 1) bring experts together from around the world to develop international standards for information and communication technology. In 2018 this committee decided to elevate German norm 66399 for data destruction as the international standard ISO/IEC 21964.

It is helpful that there is now an international standard, but it only concerns the physical destruction of data carriers – and this is only one sanitization method. One can still observe its origins in document (paper) destruction. This in practice means that applying the standard to electronic data carriers is not always very easy. We will have a critical look and provide some advice in the article ‘Is ISOIEC 21964 good enough?’.

Read more in our report (free PDF download):

Shred Standard ISO IEC 21964 or DIN 66399 Explained | 422 KB

Please login or register free to get access to our papers