NSA Shredder Security Levels
When shopping for a paper shredder, you may come across the term “security level.” But what does it mean?
Security levels are part of the DIN 66399 standard, which defines destruction requirements for different types of data carriers. The level indicates the minimal size of the data carrier’s particles after shredding.
Level One is great for disposing of general documents that don’t carry any confidential information. Old brochures, forms, memos, travel guidelines and out-of-date instructions fall under this category.
This is the first shredding level that’s compliant with HIPAA and FACTA regulations. P-3 shredders create cross-cut particles that are noticeably smaller than basic strips. Reconstructing these tiny pieces is difficult, if not impossible.
Level two shredders are perfect for businesses with limited internal data that needs to be rendered illegible. For example, law firms and medical facilities often use this type of shredded paper.
These machines feature cross-cutting that improves security by reducing the size of each piece. Reconstructing shredded paper at this level is extremely difficult.
P-4 is an in-between level that offers slightly more security than the old level 3 standard. This type of shredded paper has a similar shape to level 3, but it is noticeably smaller.
If your company is dealing with sensitive information that demands the highest levels of security, you should consider a level five shredder. The micro cut particles of a level five shredder meet NSA/CSS specifications for top secret shredding. This means that it would be nearly impossible to reproduce the shredded data using current state of the art equipment.
Similarly to level two, this is an ideal shredding level for internal memos that contain slightly sensitive information and out-of-date instructions or travel guidelines. It does not however, provide enough security for HIPAA or FACTA compliance. It is also more expensive to run than lower security levels.
A level 4 shredder is suitable for business documents with a higher degree of sensitivity. This includes documents like out-of-date forms with no personal information, sales reports, or travel guidelines. They also meet HIPAA and FACTA compliance requirements.
This level of protection uses cross cut shredding which adds an extra layer of security. It creates a confetti like pile of paper fragments, making it very difficult to reconstruct the original document.
This is considered the highest level of security for most commercial applications. It meets NSA standards for top secret documents and is used by the military offices, homeland security agencies, and national security organizations.
P-2 shredding involves cutting paper into smaller strips, making information less legible. This level of shredding is a good choice for business records, account numbers and other sensitive documents. It’s also the minimum requirement for HIPAA compliance.
At level four, industrial shredders start using cross cut technology to create very small particles. The size of the shreds makes reconstructing them difficult, if not impossible. This is an excellent option for people who need extra security over what level two offers. However, it does not meet NSA standards for shredding classified documents. This is the lowest level that can be used to destroy PII.
Level P-6 is reserved for information demanding the highest security standards. The shredded data at this level can only be reproduced with state-of-the-art equipment and a significant amount of time.
It’s recommended that this level of shredding be used by larger businesses whose sensitive data could cause them serious financial loss. Medical facilities and law firms are two common examples of businesses that need this level of protection. This level uses a cross-cut shredding process that produces paper particles that resemble confetti, making it very difficult to reconstruct. It also offers the highest throughput and the biggest particle size that satisfies HIPAA regulations.