The destruction of sensitive items should be undertaken via a secure process. This section provides those responsible for information assurance and physical security with best practice guidance on:
- The need for a secure destruction process
- The development of robust procedures
- How to select reputable manufacturers and service providers
With immediate effect, the following destruction techniques can only destroy classified material to OFFICIAL:
- Mobile paper destruction service providers;
- Waste to energy incineration (excluding DSTL) service providers
These types of destruction techniques do not comply with CPNI’s secure destruction standard regarding the particle sizes media should meet. However, CPNI recognises that in some circumstances it may be more appropriate for an organisation to use mobile paper destruction techniques on their establishment compared to fixed site destruction techniques, which results in material being transited prior to being destroyed.
If end users wish to continue using these types of destruction techniques for classified material above OFFICIAL, they do so at their own risk.
The CPNI standard is intended to be applied to sensitive items assigned a government security classification (defined by the UK Cabinet Office) of SECRET or TOP SECRET; or equivalent classification as determined by the item owner, however the tools and techniques described may also be appropriate for the secure destruction of items assigned a lower level of classification. End users are therefore advised to carry out their own risk assessment if mobile destruction services are to be used for destruction of media other than ‘official’ documents.
CPNI’s decision was based on their exhaustive research. Please contact your CPNI Adviser for further advice.
What are the threats to the destruction process
There are many potential threats to the destruction process. These can occur before, during or after the destruction process. These threats include:
- Accidental loss
- Emergency abandonment
- Hijack or vehicle theft
- Insider attack
Assessing the strengths and weaknesses of destruction procedures
Once the nature of the threat is understood, practitioners should take a methodical and considered approach to determine the most appropriate and proportionate destruction procedures, using the guidance documents presented on this page.
Mitigating the risk of sensitive information falling into the wrong hands
Based on the structured assessment of the need, consider options to achieve the desired balance between security and operational effectiveness. For example:
- Confirm the highest level of protective marking or sensitivity of information
- Identify the type of storage media; this will determine the most suitable methods of destruction
- Storage of sensitive assets – both on and off-site locations will require suitable secure storage locations.
- Method of destruction – a number of options are available with specific advantages and drawbacks that should be matched to needs
- Location of destruction facilities – on-site will require either the purchase or hire of approved destruction equipment, or contracting of an approved service provider with a mobile destruction facility. Off-site will require the support of an approved service provider
- Transportation – consider appropriate communication, handling in transit procedures, manning level, vehicle tracking etc.
- Personal escort and/or witnessing of physical destruction – can provide an extra level of confidence but will also require staff time
- Vetting – all those involved in the disposal process should be vetted to the appropriate level
- Audit trail and records keeping – provide confirmation and assurance that material has been disposed of according to the agreed requirements
CPNI supports a programme certifying secure destruction service providers. As a minimum, confirm that secure destruction services have been subject to an independent assessment by a reputable organisation.