{"id":4772,"date":"2025-06-05T13:47:42","date_gmt":"2025-06-05T11:47:42","guid":{"rendered":"https:\/\/it-recycling.nl\/blog\/din-66399-iso-27001-nist-800-88-and-ca-what-about-data-destruction\/"},"modified":"2026-04-07T07:20:02","modified_gmt":"2026-04-07T05:20:02","slug":"din-66399-iso-27001-nist-800-88-and-ca-what-about-data-destruction","status":"publish","type":"blog","link":"https:\/\/it-recycling.nl\/en\/blog\/din-66399-iso-27001-nist-800-88-and-ca-what-about-data-destruction\/","title":{"rendered":"DIN 66399, ISO 27001, NIST 800-88 and CA+: what about data destruction?"},"content":{"rendered":"<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<p>As digitization took off at the turn of the century, protecting and destroying <a href=\"https:\/\/it-recycling.nl\/en\/data-destruction\/\"><strong>digital data<\/strong> <\/a>became just as important. After all, what do you do with the hard drive from an old server? Or that USB stick from the help desk?  <\/p>\n<p>Data destruction changed from something physical (paper) to something technical:<br \/><strong><a href=\"https:\/\/it-recycling.nl\/en\/data-destruction\/hard-disk-shredder\/\">shredding<\/a>, <a href=\"https:\/\/it-recycling.nl\/en\/data-destruction\/erasing-hard-drives\/\">erasure<\/a>, <a href=\"https:\/\/it-recycling.nl\/en\/data-destruction\/degausser\/\">de-magnetization<\/a><\/strong> and everything in between.<\/p>\n<p>This created a need for clear rules. Standards, in other words. These came from different quarters:  <\/p>\n<ul class=\"wp-block-list\">\n<li>Germany: <strong><a href=\"https:\/\/din66399.eu\/nl\/\" target=\"_blank\" rel=\"noopener\">DIN 66399<\/a><\/strong> &#8211; A technical standard for how fine to shred<\/li>\n<li>America: NIST 800-88 &#8211; a guideline for safe data disposal<\/li>\n<li>International: <strong>ISO standards<\/strong> for quality assurance and information security<\/li>\n<li>Netherlands: <strong><a href=\"http:\/\/www.weeelabex.org\" target=\"_blank\" rel=\"noopener\">WEEELABEX<\/a><\/strong> &#8211; standards for responsible disposal of e-waste<\/li>\n<\/ul>\n<\/div>\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"700\" height=\"467\" sizes=\"auto, (max-width: 700px) 100vw, 700px\" src=\"https:\/\/it-recycling.nl\/wp-content\/uploads\/2024\/05\/Datavernietiging-1-1.jpg\" alt=\"\" class=\"wp-image-833\" title=\"\" srcset=\"https:\/\/it-recycling.nl\/wp-content\/uploads\/2024\/05\/Datavernietiging-1-1.jpg 700w, https:\/\/it-recycling.nl\/wp-content\/uploads\/2024\/05\/Datavernietiging-1-1-300x200.jpg 300w, https:\/\/it-recycling.nl\/wp-content\/uploads\/2024\/05\/Datavernietiging-1-1-555x370.jpg 555w, https:\/\/it-recycling.nl\/wp-content\/uploads\/2024\/05\/Datavernietiging-1-1-124x83.jpg 124w, https:\/\/it-recycling.nl\/wp-content\/uploads\/2024\/05\/Datavernietiging-1-1-477x318.jpg 477w\" \/><\/figure>\n<\/div>\n<\/div>\n<p>By now, it is impossible to imagine doing without these standards.<br \/>For companies, it has long since ceased to be about &#8220;just wiping a hard drive,&#8221; but about demonstrable security, compliance, <a href=\"https:\/\/it-recycling.nl\/en\/avg-statement\/\" data-type=\"page\" data-id=\"289\">AVG-proof<\/a> work and professionally responsible recycling.<\/p>\n<p>And that&#8217;s exactly where we as IT recyclers come in.<\/p>\n<h2 class=\"wp-block-heading\"><strong>\ud83d\udd39 <\/strong>DIN 66399 &#8211; Only a technical standard, not a certificate<\/h2>\n<p>DIN 66399 is a German technical standard that defines how large the particles should be after destruction of information carriers. There are different categories (P, H, T, E, etc.) depending on the type of media (paper, hard disk, tape, etc.), and within each category there are security classes (1 to 7) that say something about the fineness of destruction. <\/p>\n<p>But note:<br \/>DIN 66399 says nothing about how well or how safe you work as a company. There is: <\/p>\n<ul class=\"wp-block-list\">\n<li><strong>No audit<\/strong><\/li>\n<li><strong>No certification<\/strong><\/li>\n<li><strong>No checking whether you really stick to it<\/strong><\/li>\n<\/ul>\n<p>Choosing the protection class is up to the customer, depending on how sensitive the data is.<br \/>So saying &#8220;destroys according to DIN 66399 H-5&#8221; only means:<br \/>\ud83d\udc49 The pieces are smaller than 10 mm\u00b2. No more, no less. <\/p>\n<p>In IT recycling, we destroy:<\/p>\n<ul class=\"wp-block-list\">\n<li><strong><a href=\"https:\/\/it-recycling.nl\/en\/data-destruction\/hard-drives-destruction-collection\/\" data-type=\"page\" data-id=\"944\">Hard drives<\/a>, <a href=\"https:\/\/it-recycling.nl\/en\/data-destruction\/destruction-of-tapes\/\" data-type=\"page\" data-id=\"1016\">tapes<\/a> and <\/strong><strong> <a href=\"https:\/\/it-recycling.nl\/en\/data-destruction\/destroying-phones\/\" data-type=\"page\" data-id=\"1019\">telephones<\/a><\/strong> Standard at H-5 level (max. 9 mm\u00b2)<\/li>\n<li>Modern digital media such as <a href=\"https:\/\/it-recycling.nl\/en\/data-destruction\/destroying-usb-sticks\/\" data-type=\"page\" data-id=\"1022\">USB sticks<\/a>, CF cards, SIM cards, SD cards and SSDs at E-6 or T-6<strong> level<\/strong>: 2 mm fine<strong>, <\/strong>on site. We are the only one in the country can do this. <\/li>\n<\/ul>\n<p>That way you know exactly how thorough the physical destruction is.<\/p>\n<h2 class=\"wp-block-heading\">Overview of DIN 66399 destruction levels<\/h2>\n<figure class=\"wp-block-table\">\n<table class=\"has-fixed-layout\">\n<thead>\n<tr>\n<th><strong>Category<\/strong><\/th>\n<th><strong>Application<\/strong><\/th>\n<th><strong>Security levels<\/strong><\/th>\n<th><strong>Maximum particle size<\/strong><\/th>\n<th><strong>Note<\/strong><\/th>\n<\/tr>\n<\/thead>\n<\/table>\n<\/figure>\n<figure class=\"wp-block-table\">\n<table class=\"has-fixed-layout\">\n<tbody>\n<tr>\n<td><strong>P<\/strong><\/td>\n<td>Paper, microfilm<\/td>\n<td>P-1 to P-7<\/td>\n<td>P-1: 12 mm strips<br \/>P-7: max. 5 mm\u00b2<\/td>\n<td>For paper documents<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n<figure class=\"wp-block-table\">\n<table class=\"has-fixed-layout\">\n<tbody>\n<tr>\n<td><strong>H<\/strong><\/td>\n<td>Hard drives (magnetic)<\/td>\n<td>H-1 to H-5<\/td>\n<td>H-5: max 320 mm\u00b2, max 10 mm<\/td>\n<td>H-5 = recommended for sensitive info<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n<figure class=\"wp-block-table\">\n<table class=\"has-fixed-layout\">\n<tbody>\n<tr>\n<td><strong>T<\/strong><\/td>\n<td>Magnetic tapes (e.g., backup tapes)<\/td>\n<td>T-1 to T-5<\/td>\n<td>T-5: max. 10 mm\u00b2<\/td>\n<td>Much the same as H category in terms of requirements<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n<figure class=\"wp-block-table\">\n<table class=\"has-fixed-layout\">\n<tbody>\n<tr>\n<td><strong>E<\/strong><\/td>\n<td>Electronic storage media (USB, SSD)<\/td>\n<td>E-1 to E-5<\/td>\n<td>E-5: max. 10 mm\u00b2<\/td>\n<td>Also applicable to smartphones, SIM cards, etc.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n<figure class=\"wp-block-table\">\n<table class=\"has-fixed-layout\">\n<tbody>\n<tr>\n<td><strong>F<\/strong><\/td>\n<td>Optical media (CD\/DVD\/Blu-ray)<\/td>\n<td>F-1 to F-3<\/td>\n<td>F-3: max. 0.5 mm\u00b2<\/td>\n<td>For extremely sensitive data<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n<figure class=\"wp-block-table\">\n<table class=\"has-fixed-layout\">\n<tbody>\n<tr>\n<td><strong>O<\/strong><\/td>\n<td>Film\/microfiche<\/td>\n<td>O-1 to O-6<\/td>\n<td>O-6: max. 0.2 mm\u00b2<\/td>\n<td>Very specific for archival film<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<h2 class=\"wp-block-heading\"><strong>\ud83d\udd39 <\/strong>ISO 27001 &#8211; Management system for information security.<\/h2>\n<p>ISO 27001 is a true certification, with an annual external audit.<br \/>This standard is not about how big pieces are, but about how you handle information security in the broadest sense as an organization.<\/p>\n<p>At IT recycling, we have ISO 27001 certification hanging on the wall.<br \/>The standard requires us to:<\/p>\n<ul class=\"wp-block-list\">\n<li>Analyze and manage risks<\/li>\n<li>To learn from mistakes and incidents<\/li>\n<li>Ensure business continuity<\/li>\n<li>Establish and implement control measures<\/li>\n<li>Document everything and evaluate it regularly<\/li>\n<\/ul>\n<p>Because we destroy confidential data every day, ISO 27001 is largely about the risks surrounding data destruction and processing. It is the standard that demonstrates that you take information security seriously. <\/p>\n<h2 class=\"wp-block-heading\"><strong>\ud83d\udd39 <\/strong>ISO 9001 and 14001 &#8211; Quality and environment<\/h2>\n<p>We are also ISO 9001 (quality) and ISO 14001 (environment) certified.<br \/>That means we are continuously working on:<\/p>\n<ul class=\"wp-block-list\">\n<li>Customer Satisfaction<\/li>\n<li>Efficient processes<\/li>\n<li>Environmentally conscious processing<\/li>\n<li>Complying with laws and regulations<\/li>\n<\/ul>\n<p>The combination of these three ISO standards shows that, as a company, we work professionally, reliably and sustainably.<\/p>\n<\/div>\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"768\" height=\"1024\" sizes=\"auto, (max-width: 768px) 100vw, 768px\" src=\"https:\/\/it-recycling.nl\/wp-content\/uploads\/2025\/06\/disksss-768x1024.jpg\" alt=\"\" class=\"wp-image-3636\" title=\"\" srcset=\"https:\/\/it-recycling.nl\/wp-content\/uploads\/2025\/06\/disksss-768x1024.jpg 768w, https:\/\/it-recycling.nl\/wp-content\/uploads\/2025\/06\/disksss-225x300.jpg 225w, https:\/\/it-recycling.nl\/wp-content\/uploads\/2025\/06\/disksss-1152x1536.jpg 1152w, https:\/\/it-recycling.nl\/wp-content\/uploads\/2025\/06\/disksss-1140x1520.jpg 1140w, https:\/\/it-recycling.nl\/wp-content\/uploads\/2025\/06\/disksss-555x740.jpg 555w, https:\/\/it-recycling.nl\/wp-content\/uploads\/2025\/06\/disksss-124x165.jpg 124w, https:\/\/it-recycling.nl\/wp-content\/uploads\/2025\/06\/disksss-817x1089.jpg 817w, https:\/\/it-recycling.nl\/wp-content\/uploads\/2025\/06\/disksss.jpg 1200w\" \/><\/figure>\n<\/div>\n<\/div>\n<h2 class=\"wp-block-heading\"><strong>\ud83d\udd39 <\/strong>NIST 800-88 &#8211; The American Standard<\/h2>\n<p><strong>NIST 800-88<\/strong> is a standard from the U.S. NIST (National Institute of Standards and Technology).<br \/>It deals exclusively with how to destroy data, both via software (erasure) and physically (shredding).<\/p>\n<p>In the Netherlands, this standard is hardly known, and no one here is officially certified on it. Still, some customers ask about it, for example because they have read something on the Internet or because their parent company is in the US. <\/p>\n<p>Fact is: our methodology exceeds NIST 800-88 in practice.<br \/>Thanks to our combination of:<\/p>\n<ul class=\"wp-block-list\">\n<li>ISO 27001 (information security)<\/li>\n<li>Weeelabex (responsible disposal of e-waste)<\/li>\n<li>DIN 66399 (technical implementation standard)<\/li>\n<\/ul>\n<p>&#8230;we more than meet what NIST 800-88 requires. And in some ways even more.<br \/>There are only a few minor details from the NIST standard that <strong>cut across<\/strong>, but they do not detract from the quality of our service. <\/p>\n<h2 class=\"wp-block-heading\"><strong>\ud83d\udd39 <\/strong>CA+? Not applicable to us <\/h2>\n<p><a href=\"https:\/\/www.ca-plus.nl\/\" target=\"_blank\" rel=\"noopener\">CA+ is a seal of approval<\/a> for paper archive destruction.<br \/>That means: secure transport, sealed containers, central processing.<\/p>\n<p>We do not do paper or transport confidential data.<br \/>We come on site with our mobile shredder and destroy the data carriers there under the customer&#8217;s supervision.<\/p>\n<p>Therefore, CA+ is simply not suitable for <a href=\"http:\/\/www.it-recycling.nl\">IT recycling<\/a>.<br \/>We are all about hard drives, SSDs, USB sticks, tapes and smartphones. Not boxes full of paper. <\/p>\n<h2 class=\"wp-block-heading\"><strong>\ud83d\udd39 <\/strong>And of course: the AVG<\/h2>\n<p>The General Data Protection Regulation (AVG) requires organizations to properly protect personal data. Even if you want to delete them. <\/p>\n<p>When you partner with IT recycling for data destruction:<\/p>\n<ul class=\"wp-block-list\">\n<li>Are you as a customer fully AVG-proof in terms of the data carriers handed in<\/li>\n<li>Does IT recycling act as a processor of this data, under your responsibility<\/li>\n<li>Is all data irreversibly destroyed, under control and with supporting documents<\/li>\n<\/ul>\n<p>IT recycling itself is more than compliant with the AVG:<\/p>\n<ul class=\"wp-block-list\">\n<li>We have an ISO 27001 system for information security<\/li>\n<li>We process personal data only on behalf of customers<\/li>\n<li>We keep a full processing record<\/li>\n<li>We have a clear, up-to-date <a href=\"https:\/\/it-recycling.nl\/en\/avg-statement\/\" data-type=\"page\" data-id=\"289\">AVG statement on our website<\/a><\/li>\n<\/ul>\n<p>That way you can be sure that everything is also legally sound.<\/p>\n<h2 class=\"wp-block-heading\">What can you expect from us?<\/h2>\n<p>With each data destruction you receive:<\/p>\n<ol start=\"1\" class=\"wp-block-list\">\n<li><strong>Certificate of data destruction<\/strong>\n<ul class=\"wp-block-list\">\n<li>Who destroyed<\/li>\n<li>Who was responsible<\/li>\n<li>Which method was used<\/li>\n<li>According to which DIN <strong> 66399<\/strong> category<\/li>\n<\/ul>\n<\/li>\n<li><strong>List of data carriers with serial numbers<\/strong><\/li>\n<li><strong>Environmental Certificate<\/strong>\n<ul class=\"wp-block-list\">\n<li>Who recycled<\/li>\n<li>Who the responsible person was<\/li>\n<li>According to which environmental standards (ISO 14001, Weeelabex)<\/li>\n<\/ul>\n<\/li>\n<li><strong>Official transport documents (for waste streams)<\/strong><\/li>\n<li><strong>Invoice<\/strong><\/li>\n<\/ol>\n<p>This document set is sufficient for any auditor and meets the requirements of all common auditing bodies. No gray areas, no vague promises, just everything laid out in black and white. <\/p>\n","protected":false},"author":5,"featured_media":2265,"template":"","subject":[],"label":[18],"class_list":["post-4772","blog","type-blog","status-publish","has-post-thumbnail","hentry","label-blog-en"],"acf":[],"_links":{"self":[{"href":"https:\/\/it-recycling.nl\/en\/wp-json\/wp\/v2\/blog\/4772","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/it-recycling.nl\/en\/wp-json\/wp\/v2\/blog"}],"about":[{"href":"https:\/\/it-recycling.nl\/en\/wp-json\/wp\/v2\/types\/blog"}],"author":[{"embeddable":true,"href":"https:\/\/it-recycling.nl\/en\/wp-json\/wp\/v2\/users\/5"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/it-recycling.nl\/en\/wp-json\/wp\/v2\/media\/2265"}],"wp:attachment":[{"href":"https:\/\/it-recycling.nl\/en\/wp-json\/wp\/v2\/media?parent=4772"}],"wp:term":[{"taxonomy":"subject","embeddable":true,"href":"https:\/\/it-recycling.nl\/en\/wp-json\/wp\/v2\/subject?post=4772"},{"taxonomy":"label","embeddable":true,"href":"https:\/\/it-recycling.nl\/en\/wp-json\/wp\/v2\/label?post=4772"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}