ISO/IEC 21964-2:2018

INTERNATIONAL ISO/IEC
STANDARD 21964-2
First edition
2018-08
Information technology — Destruction
of data carriers —
Part 2:
Requirements for equipment for
destruction of data carriers
Technologies de l'information — Destruction de véhicules de
données —
Partie 2: Exigences aux machines de destruction de véhicules de
données
Reference number
©
ISO/IEC 2018
© ISO/IEC 2018
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO/IEC 2018 – All rights reserved

Contents Page
Foreword .iv
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Requirements . 1
4.1 Degree of destruction . 1
4.2 Materials referred to in security levels . 1
4.3 Limits for particle sizes . 2
4.4 Feed and collection apparatus . 5
4.5 Checking that destruction is complete . 6
5 Testing . 6
5.1 Ambient conditions . 6
5.2 Test material . 6
5.3 Testing the rated throughput . 6
5.4 Testing the degree of destruction . 7
5.4.1 Purpose of the test. 7
5.4.2 Feeding in the test material . 7
5.4.3 Sample quantity . 7
5.4.4 Sampling from destroyed test material . 7
5.4.5 Analysis . 7
5.4.6 Evalu ation . 8
6 Test report . 8
7 Test certificate . 8
© ISO/IEC 2018 – All rights reserved iii

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work. In the field of information technology, ISO and IEC have established a joint technical committee,
ISO/IEC JTC 1.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the
different types of document should be noted (see www .iso .org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www .iso .org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following
URL: www .iso .org/iso/foreword .html.
This document was prepared by DIN, German Institute for Standardization (as national standard
DIN 66399-2) and drafted in accordance with its editorial rules. It was assigned to Joint Technical
Committee ISO/IEC JTC 1, Information technology, and adopted under the “fast-track procedure”.
A list of all parts in the ISO/IEC 21964 series can be found on the ISO website.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/members .html.
iv © ISO/IEC 2018 – All rights reserved

INTERNATIONAL STANDARD ISO/IEC 21964-2:2018(E)
Information technology — Destruction of data carriers —
Part 2:
Requirements for equipment for destruction of data
carriers
1 Scope
This standard applies to machines for the destruction of data carriers. This standard specifies the
requirements for machines in order to ensure the safe destruction of data carriers.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.
DIN 19054, Transparent microfiche, size A6 — General requirements, microfilming methods, headers and
title areas in technical documents and catalogues
ISO/IEC 21964-1, Information Technology — Destruction of data carriers — Part 1: Principles and
definitions
ISO 216, Writing paper and certain classes of printed matter — Trimmed sizes — A and B series, and
indication of machine direction
3 Terms and definitions
For the purposes of this document, the terms and definitions in ISO/IEC 21964-1 apply
4 Requirements
4.1 Degree of destruction
Machines and equipment that comply with this standard shall meet at least the requirements in Tables 1
to 6 as regards the degree of destruction.
4.2 Materials referred to in security levels
P – information in original size (paper, film, printing plates etc.)
F – information in miniaturized form (microfilm/microfiche etc.)
O – information on optical data carriers (CD/DVD etc.)
T – information on magnetic data carriers (floppy discs, ID cards, magnetic tape cassettes etc.)
H – information on hard drives with magnetic data carriers (hard drives)
E – information on electronic data carriers (memory sticks, chip cards, solid-state drives, mobile
communication equipment etc.)
© ISO/IEC 2018 – All rights reserved 1

4.3 Limits for particle sizes
The machines and equipment for destroying data carriers are classified according to the degree of
destruction, taking the type of data carrier into consideration. The following table shows the limit
values of each security level as regards the condition, shape and size after destruction.
The security level shall be tested and demonstrated in the form of a test certificate, declaration of
conformity, certificate, expertise or other assessment. This can be carried out by the manufacturer or
other competent bodies. The certificate shall be suitably enclosed with the user documentation for the
machine.
For all data carriers, the additionally specified methods for the highest security levels shall also cover
the requirements for the lower security levels.
Users should check the particle size during the operating life of the machine or equipment, because
wear or damage to the shredding tools can reduce security.
Table 1 — Information in the original size
Information in the original size
e.g. paper, film, printing plates
Condition, shape and size after
Security level Tolerance
destruction
Particle size ≤ 2 000 mm
10 % of the material may exceed the
or
P-1 specified particle size, but shall not
Strip width ≤ 12,0 mm
be more than 3 800 mm in size.
Unlimited strip length
Particle size ≤ 800 mm
10 % of the material may exceed the
or
P-2 specified particle size, but shall not
Strip width ≤ 6,0 mm
be more than 2 000 mm in size.
Unlimited strip length
Particle size ≤ 320 mm
10 % of the material may exceed the
or
P-3 specified particle size, but shall not
Strip width ≤ 2 mm
be more than 800 mm in size.
Unlimited strip length
Particle size ≤ 160 mm 10 % of the material may exceed the
P-4 and for regular particles: specified particle size, but shall not
Strip width ≤ 6 mm be more than 480 mm in size.
Particle size ≤ 30 mm 10 % of the material may exceed the
P-5 and for regular particles: specified particle size, but shall not
Strip width ≤ 2 mm be more than 90 mm in size.
Particle size ≤ 10 mm 10 % of the material may exceed the
P-6 and for regular particles: specified particle size, but shall not
Strip width ≤ 1 mm be more than 30 mm in size.
Particle size ≤ 5 mm
and for regular particles:
Strip width ≤ 1 mm
or
The particle size shall not be ex-
P-7 Dissolved
ceeded.
with particle size ≤ 5 mm
or
Shredded ash with
particle size ≤ 5 mm
2 © ISO/IEC 2018 – All rights reserved

Table 2 — Information in miniaturized form
Information in miniaturized form
e.g.: microfilm
Condition, shape and size after
Security level Tolerance
destruction
10 % of the material may exceed the spec-
F-1 Particle size ≤ 160 mm ified particle size, but shall not be more
than 480 mm in size.
10 % of the material may exceed the spec-
F-2 Particle size ≤ 30 mm ified particle size, but shall not be more
than 90 mm in size.
10 % of the material may exceed the spec-
F-3 Particle size ≤ 10 mm ified particle size, but shall not be more
than 30 mm in size.
10 % of the material may exceed the spec-
F-4 Particle size ≤ 2,5 mm ified particle size,
...