Secure Destruction of Confidential Materials: BS8470 superseded by BS15713
There have been many horror stories about organisations “losing” sensitive and often personal information. Such losses are at least damaging to the reputation of the organisation but can also result in lost business, loss of trust and sanctions and/or fines from the Information Commissioners Office in relation to breaches of the requirements of the Data Protection Act.
Agenda has always taken information security seriously, its secure facilities, security screened staff, penetration tested IT systems and certification to the ISO27001 Information Security Management Standard are testament to that. But, what about the secure destruction of confidential materials? Agenda used to follow the guidelines of BS8470 that required the permanent destruction of hard copy and electronic confidential information and incorporated these requirements into its ISO27001 externally audited processes. Military grade shredders on site deal effectively with all forms of hard copy waste whilst sophisticated zapping processes ensure that electronic data is overwritten sufficient times and destroyed permanently. However, BS8470 has been superseded by the BS EN 15713:2009 Secure Destruction of Confidential Material – Code of Practice
Agenda has reviewed and introduced into its processes the requirements of BS EN 15713:2009 Secure Destruction of Confidential Material – Code of Practice. This Code (like BS8470 before it) contains a useful table identifying appropriate methods of destruction for a variety of materials such as paper records, SIM cards, hard drives and even X rays. But, importantly it goes further in terms of the security of the facilities, alarm and CCTV systems and authorised entry procedures. It specifically mentions the importance of contracts between organisations and destruction companies that destroy their confidential waste. Audit trails and compliance measures in particular are highlighted. Of course there are specific requirements to security screen all staff involved in the handling of confidential materials and the signing of confidentiality agreements is proposed. If you do use a third party destruction service the Code covers the importance of effective handover and collection processes to ensure nothing is lost in between putting the waste out to be destroyed and the waste being picked up. There have been cases where entire confidential waste bins have been taken by third parties! The code also mentions the type of vehicle that providers should have and the categories of different types of confidential materials.
One thing is for sure, by using Agenda’s pre-employment screening services you can be confident that all of your confidential information is kept confidential!
If you would like any more information about Agenda’s Data Protection Act compliance, information security processes or about the BS15713 Code of Practice contact info@agenda-security.co.uk for a fast and confidential response.
