欢迎来到麦多课文档分享! | 帮助中心 海量文档,免费浏览,给你所需,享你所想!
麦多课文档分享
全部分类
  • 标准规范>
  • 教学课件>
  • 考试资料>
  • 办公文档>
  • 学术论文>
  • 行业资料>
  • 易语言源码>
  • ImageVerifierCode 换一换
    首页 麦多课文档分享 > 资源分类 > PDF文档下载
    分享到微信 分享到微博 分享到QQ空间

    DIN 66399-1-2012 Office machines - Destruction of data carriers - Part 1 Principles and definitions《办公机械 资料载体的销毁 第1部分 原理和定义》.pdf

    • 资源ID:661051       资源大小:644.29KB        全文页数:8页
    • 资源格式: PDF        下载积分:10000积分
    快捷下载 游客一键下载
    账号登录下载
    微信登录下载
    二维码
    微信扫一扫登录
    下载资源需要10000积分(如需开发票,请勿充值!)
    邮箱/手机:
    温馨提示:
    如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
    如需开发票,请勿充值!如填写123,账号就是123,密码也是123。
    支付方式: 支付宝扫码支付    微信扫码支付   
    验证码:   换一换

    加入VIP,交流精品资源
     
    账号:
    密码:
    验证码:   换一换
      忘记密码?
        
    友情提示
    2、PDF文件下载后,可能会被浏览器默认打开,此种情况可以点击浏览器菜单,保存网页到桌面,就可以正常下载了。
    3、本站不支持迅雷下载,请使用电脑自带的IE浏览器,或者360浏览器、谷歌浏览器下载即可。
    4、本站资源下载后的文档和图纸-无水印,预览文档经过压缩,下载后原文更清晰。
    5、试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。

    DIN 66399-1-2012 Office machines - Destruction of data carriers - Part 1 Principles and definitions《办公机械 资料载体的销毁 第1部分 原理和定义》.pdf

    1、October 2012DEUTSCHE NORM Normenausschuss Informationstechnik und Anwendungen (NIA) im DINDIN-SprachendienstEnglish price group 6No part of this translation may be reproduced without prior permission ofDIN Deutsches Institut fr Normung e. V., Berlin. Beuth Verlag GmbH, 10772 Berlin, Germany,has the

    2、exclusive right of sale for German Standards (DIN-Normen).ICS 35.260!$-b“1941063www.din.deDDIN 66399-1Office machines Destruction of data carriers Part 1: Principles and definitions,English translation of DIN 66399-1:2012-10Bro- und Datentechnik Vernichten von Datentrgern Teil 1: Grundlagen und Begr

    3、iffe,Englische bersetzung von DIN 66399-1:2012-10Bureautique et informatique Destruction de vhicules de donnes Partie 1: Principes et concepts,Traduction anglaise de DIN 66399-1:2012-10Together with DIN 66399-2:2012-10,supersedesDIN 32757-1:1995-01www.beuth.deDocument comprises 8 pages08.13 DIN 6639

    4、9-1:2012-10 2 A comma is used as the decimal marker. Contents Page Foreword . 3 Introduction 4 1 Scope . 4 2 Terms and definitions 4 3 Identifying the protection requirement and assigning the protection class 6 4 Security levels for data carriers 7 5 Assignment of protection classes and security lev

    5、els . 8 5.1 Selection of security level 8 5.2 Altering the security level 8 DIN 66399-1:2012-10 3 Foreword This document has been prepared by Working Committee NA 043-01-51 AA Vernichtung von Datentrgern of the DIN Normenausschuss Informationstechnik und Anwendungen (NIA) (Information Technology and

    6、 Selected IT Applications Standards Committee). Attention is drawn to the possibility that some elements of this document may be the subject of patent rights. DIN and/or DKE shall not be held responsible for identifying any or all such patent rights. DIN 66399 consists of the following parts: DIN 66

    7、399-1, Office machines Destruction of data carriers Part 1: Principles and definitions DIN 66399-2, Office machines Destruction of data carriers Part 2: Requirements for equipment for destruction of data carriers DIN SPEC 66399-3, Office machines Destruction of data carriers Part 3: Process for dest

    8、ruction of data carriers Amendments The standard differs from DIN 32757-1:1995-01 as follows: a) the title has been changed; b) the series of standards has been restructured: the principles and definitions are now included in Part 1 and the requirements for equipment and testing have been moved to P

    9、art 2; c) the new security levels 6 and 7 have been introduced; d) the old Clause 4 “Designation” has been omitted; e) the new Clause 3 “Identifying the protection requirement and assigning the protection class” has been added; f) conditions affecting the security level have been added; g) the defin

    10、itions of security levels 3 upwards have been revised; h) the “Explanatory Notes” clause has been omitted; i) requirements for operating instructions are now contained in Part 2. Previous editions DIN 32757-1: 1985-10, 1995-01 DIN 66399-1:2012-10 4 Introduction Anyone who processes confidential, per

    11、sonal and/or sensitive data for themselves or on behalf of others must ensure that data carriers containing such information are safely destroyed in a way that ensures privacy. In this context, safely destroyed means that data carriers containing sensitive data must be destroyed in such a way that r

    12、eproduction of the information on them is either impossible or is only possible with considerable expenditure (in terms of personnel, resources and time). NOTE This standard takes into account that data carriers have different physical characteristics and contain information with various levels of s

    13、ensitivity. 1 Scope This standard defines terms and principles for the destruction of data carriers. 2 Terms and definitions For the purposes of this document, the following terms and definitions apply: 2.1 destruction process in which the form or condition of data carriers is changed, usually by sh

    14、redding, dissolving, melting, heating or burning 2.2 personal data details of the personal or material circumstances of an identified or identifiable natural person 2.3 data representation of facts, concepts, or instructions in a formalized manner, suitable for communication, interpretation, or proc

    15、essing by humans or by automatic means DIN EN 14968:2006-11 2.4 information meaningful data DIN EN ISO 9000:2005-12 2.5 data carrier object or item that contains data NOTE Typical data carriers include paper or electronic, magnetic and optical storage media. 2.6 outsourced data processing collection

    16、, processing and use of data by assigned third parties DIN 66399-1:2012-10 5 NOTE The destruction of data carriers is also a form of outsourced data processing. 2.7 destruction of data carriers process by which the form or condition of data carriers is changed, usually by shredding, dissolving, melt

    17、ing, heating or burning, making it difficult or impossible to recover the information 2.8 security level classification of the effort needed to recover information 2.9 regular particles particles which, as a result of the cutting process used, have a generally unalterable, mostly rectangular shape,

    18、as well as a specified length and width 2.10 equipment collection of spatially and functionally linked machinery for the purpose of destroying data carriers 2.11 protection requirement property of data and information which describes the need to protect it from violation of the basic principles of c

    19、onfidentiality, integrity and availability, taking into account the harm which would arise from such a violation NOTE 1 The protection requirement is classified as normal, high or very high. NOTE 2 For the destruction of data carriers, the higher the protection requirement of the data they contain,

    20、the higher the protection class. 2.12 protection class classification of the protection requirement of data 2.13 data controller any person or body which collects, processes or uses data for itself or assigns others to do so 2.14 collection point place where data carriers are kept before they are de

    21、stroyed 2.15 dissolving transforming the data carrier to a suspension 2.16 intruder alarm system alarm system to detect and indicate the presence, entry or attempted entry of an intruder into supervised premises DIN EN 50131:2010-02 2.17 security zone area protected according to the protection class

    22、 DIN 66399-1:2012-10 6 3 Identifying the protection requirement and assigning the protection class In order for the destruction of data carriers to comply with the principles of economy and proportionality, the data contained on them shall be assigned a protection class. The security level which is

    23、chosen for the destruction of the data carriers is determined by the protection level of the data. Protection class 1 Normal protection level for internal data: The most common classification of information, intended for large groups of people. Unauthorized disclosure or transfer would have limited

    24、negative effects on the company. Protection of personal data shall be guaranteed. Otherwise there is a risk that persons affected may suffer damage to their reputation and economic circumstances. Protection class 2 Higher protection level for confidential data: The information is restricted to a sma

    25、ll group of people. Unauthorized disclosure would have serious effects on the company and may lead to violation of laws or contractual obligations. The protection of personal data shall meet stringent requirements. Otherwise there is a risk that persons affected may suffer serious damage to their so

    26、cial standing or economic circumstances. Protection class 3 Very high protection level for strictly confidential and secret data: The information is restricted to a very small group of persons, known by name, who are authorized to access it. Unauthorized disclosure would have serious (existence-thre

    27、atening) effects on the company and/or would lead to violation of professional secrets, contracts and laws. The protection of personal data shall be absolutely guaranteed. Otherwise, the life and safety of persons affected may be at risk, or their personal freedom may be jeopardized. DIN 66399-1:201

    28、2-10 7 4 Security levels for data carriers Table 1 shows the various security levels for data carriers. Table 1 Security levels for data carriers Security level Explanation 1 Destruction of data carriers in such a way the data on them can be reproduced without special tools or skills, but not withou

    29、t a certain expenditure of time Recommended, for example, for data carriers containing general data to be rendered unreadable. 2 Destruction of data carriers in such a way that the data on them can only be reproduced with tools and a certain amount of effort. Recommended, for example, for data carri

    30、ers containing internal data to be rendered unreadable. 3 Destruction of data carriers in such a way that the data on them can only be reproduced with considerable expenditure (in terms of personnel, resources and time) Recommended, for example, for data carriers with sensitive and confidential data

    31、. 4 Destruction of data carriers in such a way that the data can only be reproduced with extraordinary expenditure (in terms of personnel, resources and time) Recommended, for example, for data carriers with particularly sensitive and confidential data. 5 Destruction of data carriers in such a way t

    32、hat the data on them can only be reproduced with non-standard or specially designed equipment, or using forensic methods Recommended, for example, for data carriers with secret data. 6 Destruction of data carriers in such a way that the data on them cannot be reproduced with current technology Recom

    33、mended, for example, for data carriers with secret data where unusually high security measures shall be maintained. 7 Destruction of data carriers in such a way that the data on them cannot be reproduced with current technology or scientific knowledge Recommended, for example, for data carriers with

    34、 top secret data where the highest security measures shall be maintained. DIN 66399-1:2012-10 8 5 Assignment of protection classes and security levels 5.1 Selection of security level The three protection classes can be assigned to the security levels using Table 2, but a risk analysis should be carr

    35、ied out in each case. If there are data carriers with different security levels at the collection point, they should be sorted there by security level for economical and environmental reasons. If this is not possible, all the data carriers shall always be destroyed according to the higher security l

    36、evel. This is to minimize the risk of incorrect assignment leading to inadequate destruction of data carriers containing sensitive data. When selecting the appropriate security level, the density and/or size of the represented information on the data carrier shall be taken into consideration. If the

    37、 colour or other characteristics of the data carrier make it easier to reconstruct, a higher security level may have to be selected. Table 2 Assignment of security levels and protection classes Protection class Security levels 1 2 3 4 5 6 7 1 xa xa x 2 x x x 3 x x x x aThis combination can not be us

    38、ed for personal data. 5.2 Altering the security level Mixing and compacting the destroyed data carriers impedes reproduction. This does not affect the possible information content of individual particles of material. For data carriers with information shown in the original size or miniaturized, whic

    39、h are destroyed according to security level one, two or three, mixing and compacting increases security to the next higher level once only, up to a maximum of security level four. This method of increasing the security level shall be determined by the data controller, insofar as the protection level

    40、 and the applicable regulations allow it. This procedure requires a minimum of 100 kg of data carriers, which shall be destroyed in a single, uninterrupted cycle of the machine or equipment. The security level of the machine and how this is assured shall be openly and clearly indicated. If it is possible for data controllers to destroy data carriers directly on site at any time, this increases security and is preferable to other methods, provided the selected security level is used.


    注意事项

    本文(DIN 66399-1-2012 Office machines - Destruction of data carriers - Part 1 Principles and definitions《办公机械 资料载体的销毁 第1部分 原理和定义》.pdf)为本站会员(jobexamine331)主动上传,麦多课文档分享仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文档分享(点击联系客服),我们立即给予删除!




    关于我们 - 网站声明 - 网站地图 - 资源地图 - 友情链接 - 网站客服 - 联系我们

    copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
    备案/许可证编号:苏ICP备17064731号-1 

    收起
    展开