iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
CEN

prEN 15713

(Main)

Secure destruction of confidential and sensitive material - Code of practice

Secure destruction of confidential and sensitive material - Code of practice

This document provides recommendations and requirements for the procedures, processes and performance monitoring to be implemented for the management and control of the physical destruction of confidential and sensitive material to ensure that such material is disposed of securely and safely.
This document can be referenced by anyone who processes such material on behalf of others and covers the following scenarios:
-   on site - using mobile equipment at the location of use (destruction equipment is brought to the confidential or sensitive material);
-   off site - transport followed by destruction using equipment at a destruction facility (the confidential or sensitive material is brought to the destruction equipment, such as used at a dedicated external facility operated by a service provider);
-   use of equipment at the Data Controller’s location (confidential or sensitive material and destruction equipment co-located, such as a shredder in a building occupied by a client or clients).
Destruction by erasure (e.g. crypto erasure, data overwriting, degaussing or other forms of magnetic/electronic erasure) is not covered in this document.

Sichere Vernichtung von vertraulichen Unterlagen - Verfahrensregeln

Dieses Dokument gibt Empfehlungen und Anforderungen für die Verfahren, Prozesse und Leistungsüberwachung, die für die Durchführung und Überwachung der physischen Vernichtung von vertraulichen und sensiblen Unterlagen eingeführt werden, um sicherzustellen, dass diese Unterlagen zuverlässig und sicher entsorgt werden.
Dieses Dokument kann von jedem, der solche Unterlagen im Auftrag anderer verarbeitet, herangezogen werden und es behandelt die folgenden Szenarien:
   vor Ort – mithilfe mobiler Ausrüstung am Ort der Verwendung (Vernichtungsausrüstung wird zu den vertraulichen und sensiblen Unterlagen gebracht);
   an einem anderen Ort – Transport und anschließende Vernichtung mithilfe von Ausrüstungen in einer Vernichtungsanlage (die vertraulichen und sensiblen Unterlagen werden zur Vernichtungsausrüstung gebracht, wie es in einer von einem Dienstleister betriebenen spezialisierten externen Einrichtung üblich ist);
   Einsatz von Ausrüstung am Standort des Datenbeauftragten (vertrauliche und sensible Unterlagen sowie Vernichtungsausrüstung befinden sich an einem Ort, wie z. B. ein Schredder in einem von einem oder mehreren Auftraggebern belegten Gebäude).
Die Vernichtung durch Löschung (z. B. kryptographische Löschung, Überschreiben von Daten, Entmagnetisierung oder andere Arten der magnetischen/elektronischen Löschung) wird nicht in diesem Dokument behandelt.

Destruction sécurisée de documents confidentiels - Code d'usages

Le présent document fournit des recommandations et des exigences concernant les procédures, les processus et le suivi des performances à mettre en oeuvre pour la gestion et le contrôle de la destruction physique de documents ou matériels confidentiels et sensibles afin d'en assurer une élimination fiable et sécurisée.
Le présent document peut servir de référence à toute personne ayant à traiter ce type de document ou matériel pour le compte d'autrui, et couvre les scénarios suivants :
-   sur site : recours à un équipement mobile sur le lieu d'utilisation (l'équipement de destruction est amené à l'endroit où se trouvent les documents ou matériels confidentiels ou sensibles) ;
-   hors site : transport suivi d'une destruction dans un équipement d'une installation de destruction (les documents ou matériels confidentiels ou sensibles sont amenés jusqu'à l'équipement de destruction, tel qu'il est utilisé dans une installation externe dédiée, exploitée par un prestataire de services) ;
-   recours à des équipements sur le site du responsable du traitement des données (documents ou matériels confidentiels ou sensibles et équipements de destruction regroupés sur un même site, par exemple, déchiqueteuse installée dans un bâtiment occupé par un ou plusieurs clients).
La destruction par effacement (par exemple effacement cryptographique, écrasement des données, démagnétisation ou d'autres formes d'effacement magnétique/électronique) n'est pas traitée dans le présent document.

Varno uničevanje zaupnega gradiva - Pravila ravnanja

General Information

Status
Not Published
Publication Date
31-Dec-2023
ICS
13.310 - Protection against crime
Technical Committee
CEN/TC 263 - Secure storage of cash, valuables and data media
Drafting Committee
CEN/TC 263/WG 5 - Secure destruction of confidential material
Current Stage
5020 - Submission to Vote - Formal Approval
Start Date
26-Jan-2023
Due Date
23-Nov-2021
Completion Date
26-Jan-2023
Ref Project
oSIST prEN 15713:2022 - Secure destruction of confidential material - Code of practice

Relations

Revises
EN 15713:2009 - Secure destruction of confidential material - Code of practice
Effective Date
06-Nov-2019

Buy Standard

prEN 15713:2022prEN 15713:2022
PreviousNext
Draft
prEN 15713:2022
English language
39 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)

SLOVENSKI STANDARD
oSIST prEN 15713:2022
01-junij-2022
Varno uničevanje zaupnega gradiva - Pravila ravnanja
Secure destruction of confidential material - Code of practice
Sichere Vernichtung von vertraulichen Unterlagen - Verfahrensregeln
Destruction sécurisée de documents confidentiels - Code d'usages
Ta slovenski standard je istoveten z: prEN 15713
ICS:
13.310 Varstvo pred kriminalom Protection against crime
oSIST prEN 15713:2022 en,fr,de

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
oSIST prEN 15713:2022
---------------------- Page: 2 ----------------------
oSIST prEN 15713:2022
DRAFT
EUROPEAN STANDARD
prEN 15713
NORME EUROPÉENNE
EUROPÄISCHE NORM
March 2022
ICS 13.310 Will supersede EN 15713:2009
English Version
Secure destruction of confidential material - Code of
practice

Destruction sécurisée de documents confidentiels - Sichere Vernichtung von vertraulichen Unterlagen -

Code d'usages Verfahrensregeln

This draft European Standard is submitted to CEN members for enquiry. It has been drawn up by the Technical Committee

CEN/TC 263.

If this draft becomes a European Standard, CEN members are bound to comply with the CEN/CENELEC Internal Regulations

which stipulate the conditions for giving this European Standard the status of a national standard without any alteration.

This draft European Standard was established by CEN in three official versions (English, French, German). A version in any other

language made by translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC

Management Centre has the same status as the official versions.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,

Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway,

Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and

United Kingdom.

Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of which they are

aware and to provide supporting documentation.

Warning : This document is not a European Standard. It is distributed for review and comments. It is subject to change without

notice and shall not be referred to as a European Standard.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION
EUROPÄISCHES KOMITEE FÜR NORMUNG
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels

© 2022 CEN All rights of exploitation in any form and by any means reserved Ref. No. prEN 15713:2022 E

worldwide for CEN national Members.
---------------------- Page: 3 ----------------------
oSIST prEN 15713:2022
prEN 15713:2022 (E)
Contents Page

European foreword ...................................................................................................................................................... 4

1 Scope .................................................................................................................................................................... 5

2 Normative references .................................................................................................................................... 5

3 Terms, definitions and abbreviations ..................................................................................................... 6

4 Protection class ............................................................................................................................................... 9

4.1 General ................................................................................................................................................................ 9

4.2 Determination of the protection class ..................................................................................................... 9

5 Determination of security level ............................................................................................................... 10

5.1 General .............................................................................................................................................................. 10

6 Increasing the security level ..................................................................................................................... 11

6.1 General .............................................................................................................................................................. 11

7 Destruction equipment ............................................................................................................................... 11

7.1 General .............................................................................................................................................................. 11

7.2 Use of destruction equipment .................................................................................................................. 11

7.3 Operating instructions ................................................................................................................................ 12

7.4 Destruction outcome ................................................................................................................................... 12

7.5 Confirmation of destruction process and its completion ............................................................... 12

7.6 Maintenance and performance monitoring ........................................................................................ 12

7.7 Frequency of destruction equipment assessment ............................................................................ 13

7.8 Redundancy of destruction equipment ................................................................................................ 13

8 Company destruction premises and service provider holding sites .......................................... 14

8.1 Destruction premises and service provider holding site secure areas ..................................... 14

8.2 Security ............................................................................................................................................................. 14

9 Controlled access .......................................................................................................................................... 15

9.1 General .............................................................................................................................................................. 15

9.2 Authorization for access for company personnel ............................................................................. 15

9.3 Accompanied access for company personnel without appropriate training .......................... 16

9.4 Visitors and contractors access to secure area .................................................................................. 16

9.5 Controlled access procedure .................................................................................................................... 16

9.6 Access level requirements ......................................................................................................................... 16

10 Contract ............................................................................................................................................................ 17

10.1 General .............................................................................................................................................................. 17

11 Record of process of collection through to destruction .................................................................. 18

11.1 General .............................................................................................................................................................. 18

11.1.1 Confidential and sensitive material transfer record ....................................................................... 18

11.1.2 Certificate of destruction ........................................................................................................................... 19

12 Subcontracting ............................................................................................................................................... 19

12.1 General .............................................................................................................................................................. 19

13 Company personnel ..................................................................................................................................... 19

13.1 Non-disclosure agreement ........................................................................................................................ 19

13.2 Security clearance of personnel .............................................................................................................. 20

13.3 Training of personnel .................................................................................................................................. 20

---------------------- Page: 4 ----------------------
oSIST prEN 15713:2022
prEN 15713:2022 (E)

13.4 Control of company drivers ...................................................................................................................... 21

14 Collection and transport of confidential and sensitive material ................................................. 21

14.1 General ............................................................................................................................................................. 21

14.2 Mobile shredding and collection vehicles ............................................................................................ 21

14.3 Security containers ...................................................................................................................................... 22

14.4 Shredding bags .............................................................................................................................................. 22

15 Storage and retention of confidential and sensitive material at destruction facility .......... 23

15.1 General ............................................................................................................................................................. 23

16 Business continuity planning and responding to security incidents ......................................... 23

16.1 General ............................................................................................................................................................. 23

17 Retention of records .................................................................................................................................... 23

17.1 General ............................................................................................................................................................. 23

18 Categories of confidential and sensitive material ............................................................................ 24

18.1 General ............................................................................................................................................................. 24

19 End product waste disposal ...................................................................................................................... 25

19.1 General ............................................................................................................................................................. 25

20 Supply chain .................................................................................................................................................... 25

20.1 Critical suppliers ........................................................................................................................................... 25

21 Information security .................................................................................................................................... 25

21.1 General ............................................................................................................................................................. 25

Annex A (informative) Destruction outcomes tables ...................................................................................... 26

Annex B (normative) Secure destruction process ........................................................................................... 33

Bibliography ................................................................................................................................................................. 39

---------------------- Page: 5 ----------------------
oSIST prEN 15713:2022
prEN 15713:2022 (E)
European foreword

This document (prEN 15713:2022) has been prepared by Technical Committee CEN/TC 263 “Secure

storage of cash, valuables and data media”, the secretariat of which is held by BSI.

This document is currently submitted to the CEN Enquiry.
This document will supersede EN 15713:2009.

In comparison with the previous edition, the following technical modifications have been made:

This document has been technically revised to provide a benchmark for the appropriate processes and

procedures available for any person or organization that seeks to safely destroy confidential or sensitive

material when it is no longer required.

This document is intended to be applicable for objects requiring destruction to ensure product or brand

integrity.

In this context, safely destroyed means that any object or data carrier containing confidential or sensitive

data must be destroyed in such a way that reproduction of the information on them is either impossible

or is only possible with considerable expenditure (in terms of personnel, resources and time).

---------------------- Page: 6 ----------------------
oSIST prEN 15713:2022
prEN 15713:2022 (E)
1 Scope

This document provides recommendations and requirements for the procedures, processes and

performance monitoring to be implemented for the management and control of the mechanical

destruction of confidential and sensitive material to ensure that such material is disposed of securely and

safely.

This document can be referenced by anyone who processes such material for themselves or on behalf of

others and covers the following scenarios:

— on site - using mobile equipment at the location of use (destruction equipment is brought to the

confidential or sensitive material);

— off site - transport followed by destruction using equipment at a destruction facility (the confidential

or sensitive material is brought to the destruction equipment, such as used at a dedicated external

facility operated by a service provider);

— using static equipment at the location of use (confidential or sensitive material and destruction

equipment co-located, such as a shredder in a building occupied by a client or clients).

Destruction by erasure is not covered in this document.
2 Normative references

The following documents are referred to in the text in such a way that some or all of their content

constitutes requirements of this document. For dated references, only the edition cited applies. For

undated references, the latest edition of the referenced document (including any amendments) applies.

EN 50131-1:2006, Alarm systems – Intrusion and hold-up systems – System requirements

EN 62676-4, Video surveillance systems for use in security applications - Part 4: Application guidelines

ISO/IEC 21964-2:2018, Information technology — Destruction of data carriers — Part 2: Requirements for

equipment for destruction of data carriers

EN 1627:2021, Pedestrian doorsets, windows, curtain walling, grilles and shutters — Burglar resistance —

Requirements and classification

EN 1628:2021, Pedestrian doorsets, windows, curtain walling, grilles and shutters — Burglar resistance —

Test method for the determination of resistance under static loading

EN 1629:2021, Pedestrian doorsets, windows, curtain walling, grilles and shutters — Burglar resistance —

Test method for the determination of resistance under dynamic loading

EN 1630:2021, Pedestrian doorsets, windows, curtain walling, grilles and shutters — Burglar resistance —

Test method for the determination of resistance to manual burglary attempts

As impacted by EN 50131-1:2006/A1:2009, EN 50131-1:2006/A2:2017 and EN 50131-1:2006/A3:2020.

---------------------- Page: 7 ----------------------
oSIST prEN 15713:2022
prEN 15713:2022 (E)
3 Terms, definitions and abbreviations
For the purposes of this document, the following terms and definitions apply.

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

• IEC Electropedia: available at https://www.electropedia.org/
• ISO Online browsing platform: available at https://www.iso.org/obp
— COD = Certificate of Destruction
— GDPR = Regulation (EU) 2016/679 (General Data Protection Regulation)
— VSS = Video Surveillance Systems (CCTV)
— RC = Routine Confidential
— OS = Official Sensitive
— HS = Highly Sensitive
— ANPR = Automatic number-plate recognition
3.1
authorized person

trusted individual granted unaccompanied access to confidential or sensitive material in accordance with

the needs of their job who has been security cleared to the appropriate national standard

3.2
Certificate of Destruction (COD)

confirmation that the confidential and sensitive material recorded on the COD has been through the

destruction process
3.3
client

owner of confidential or sensitive material who retains a company to provide destruction services in

accordance with an agreed contract
3.4
company

entity employed by the client designated as a service provider offering one or more capabilities, typically

on a commercial basis, to whom the client has delegated one or more tasks relating to the destruction

process
3.5
competent person

individual with necessary knowledge or skill gained through relevant experience, training or qualification

3.6
confidential information

stored facts or knowledge such as medical records, financial records or software source code contained

on data carriers, the confidentiality of which the client wishes to protect
3.7
---------------------- Page: 8 ----------------------
oSIST prEN 15713:2022
prEN 15713:2022 (E)
contract
written document covering all transactions between the client and the company
3.8
critical supplier

contractors that supply personnel or suppliers who provide equipment that will be used in any area,

including vehicles, where confidential or sensitive material may be stored or destroyed

3.9
data controller

natural or legal person, public authority, agency or other body who (either alone or jointly or in common

with other persons) determines the purpose for which and the manner in which any personal data are,

or are to be, processed. Owners of personal data will be data controllers
3.10
data processor

natural or legal person, public authority, agency or other body who processes the data on behalf of the

data controller. Destruction company and service providers destroying personal data will be data

processors
3.11
deforming of data carrier
process of making a data carrier unreadable

Note 1 to entry: Deforming Category E material to the extent that the disk or media cannot be passed over a reader

as a means of data destruction, can be specified up to and including Level 3.
3.12
destruction
process through which confidential or sensitive material becomes waste
3.13
destruction outcome

reduction in size or reduction in composition such that the material becomes, unreadable, illegible,

unusable and unable to be reconstructed
3.14
destruction output

material that has been through the destruction process and is converted to waste, as defined in this

document
3.15
documented procedure
recorded description of a process to be followed to meet an objective
3.16
destruction facility

premises or mobile destruction vehicle where destruction equipment is set up and operated

3.17
holding site

non-destruction site of the service provider for the secure retention of confidential and sensitive material

designated for destruction prior to the transportation to the destruction facility

---------------------- Page: 9 ----------------------
oSIST prEN 15713:2022
prEN 15713:2022 (E)
3.18
locked

physically secured to prevent unauthorised access and requiring a protected input to open such as a key,

token or passphrase
3.19
material type

differentiation of confidential and sensitive material dependent on the information density and the scale

of information combined with the construction of the object
3.20
protection class

classification of the protection requirement of confidential and sensitive material

3.21
record
paper or electronic document describing an event or completion of a process
3.22
sealed

physically secured by means of an attached plastic pull tight seal, adhesive seal tape or other tamper-

evident seal preventing access and withdrawal of confidential and sensitive material

3.23
secure area

building, room, reception area or shredding compartment of a mobile destruction vehicle or an area

containing confidential and sensitive material which is controlled and protected from unauthorised

access
3.24
shredding bag

sealable opaque bag designed to securely contain confidential or sensitive material whilst in storage or

transit prior to shredding
3.25
security container

lockable container, e.g. a console or bin capable of providing secure protection of confidential or sensitive

material including data carriers
3.26
security level

classification of the effort needed to recover data and/or information or reconstitute objects to their

original form
3.27
sensitive material

any object or data carrier which, if compromised, would have an adverse impact on the client; or any

individual, organisation connected to the object. Sensitive material includes objects containing

confidential information or sensitive data (paper, film, optical, electronic) and other objects containing

sensitive material (validation seals, mechanical/electronic lock keys, defective products, obsolete

branded merchandise)
---------------------- Page: 10 ----------------------
oSIST prEN 15713:2022
prEN 15713:2022 (E)
3.28
service provider

organisation or individual, including subcontractors, offering one or more capabilities relating to the

destruction process, typically on a commercial basis, to whom the client has delegated one or more tasks

3.29
subcontractor

service provider or a transport service provider not directly employed by the Client, contracted to carry

out work on behalf of the Company
3.30
transport service provider

entity offering a capability to convey confidential or sensitive material to a destruction facility

3.31
VSS
Video Surveillance Systems – formerly called CCTV
3.32
waste

output from the destruction process that is no longer sensitive or confidential where the material meets

the destruction output as specified by the client
3.33
written notification

paper or electronic communication whereby the delivery of the message to the recipient is confirmed; for

example a letter sent by recorded post or electronic mail where a read-receipt is received

4 Protection class
4.1 General

This document recognizes that clients and data controllers will determine different security and

protection requirements with regard to processes to be followed after confidential or sensitive material

is allocated for destruction through to the point that material is destroyed.

The degree of the material sensitivity or its data and information content will inform and determine the

need to protect it from violation of the basic principles of confidentiality, integrity and availability, taking

into account the harm which would arise from such a violation.
There are three classifications of protection:
— routine confidential—requiring normal protective measures;
— official sensitive - requiring heightened protective measure;
— highly sensitive — requiring very high protective measures.
4.2 Determination of the protection class

In order for the destruction of data carriers to comply with the principles of economy and proportionality,

the data contained on them shall be assigned a protection class. The security level which is chosen for the

destruction of the data carriers is determined by the protection level of the data.

---------------------- Page: 11 ----------------------
oSIST prEN 15713:2022
prEN 15713:2022 (E)

Protection Class RC (Routine Confidential), normal protection level for internal data:

— the most common classification of information, intended for large groups of people;

— unauthorized disclosure or transfer would have limited negative effects on the organization;

— protection of personal data shall be ensured. Otherwise there is a risk that persons affected may

suffer damage to their reputation and economic circumstances.
Protection Class OS (Official Sensitive).
Higher protection level for confidential data:
— the information is restricted to a small group of people;

— unauthorized disclosure would have serious effects on the organization and may lead to violation of

laws or contractual obligations;

— the protection of personal data shall meet stringent requirements. Otherwise there is a risk that

persons affected may suffer serious damage to their social standing or economic circumstances.

Protection Class HS (Highly Sensitive).
Very high protection level for strictly confidential and secret data:

— the information is restricted to a very small group of persons, known by name, who are authorized

to access it;

— unauthorized disclosure would have serious (existence-threatening) effects on the organization

and/or would lead to violation of professional secrets, contracts and laws;

— the protection of personal data shall be strictly ensured. Otherwise, the life and safety of persons

affected may be at risk, or their personal freedom may be jeopardized.
5 Determination of security level
5.1 General

A level of destruction is to be determined by selection of an outcome that produces waste that is no longer

confidential or sensitive.

Taking into account the state of the art, the costs of implementation and the nature, scope, context and

purposes of processing as well as the risk of varying likelihood and severity of a security breach, the client

as controller and the company/service provider as processor shall implement and approve appropriate

technical and organisational measures and the method of destruction to ensure a level of security

appropriate to the risk, including the ability to ensure the ongoing confidentiality, integrity, and resilience

of processing systems and services until the material is destroyed to the required destruction outcome

(GDPR Article 32. One (b)) to ensure that it is unreadable, illegible, unusable and unable to be

reconstructed.

A Security Level from 1 to 7 together with the method of destruction shall be chosen appropriate to the

Protection Class that will provide the destruction outcome approved by the client as appropriate for the

confidential and sensitive material on completion of destruction. See Table 2 below.

---------------------- Page: 12 ----------------------
oSIST prEN 15713:2022
prEN 15713:2022 (E)
Table 2 — Assignment of security levels and protection classes
Protection Security Levels
Class
1 2 3 4 5 6 7
RC a a x
x x
OS x x x
HS x x x x
This combination cannot be used for personal data.
6 Increasing the security level
6.1 General

For destruction output within Category P and Category F only, material which has been destroyed to

security level 1,2 or 3, mixing and compacting may increase security to the next higher level once only,

up to a maximum of security level 4 provided the following criteria is met:

— mixing comprises a minimum of 100 kg of any single Category P Material Type to be presented as the

aggregate mass of particles or fragments within the destroyed output which shall be destroyed in a

single, uninterrupted cycle of the machine or equipment;

— the Company/Service Provider obtains explicit confirmation from the Client that the methods of

increasing the security level may be applied for this specific work order.

Mixing and compacting material destroyed at security levels 1 and 2 shall not be used as a means of

increasing the security level for the destruction of personal data classified as Material Category P.

It is recommended that the client or data controller of the material gives consideration to the storage of

the destruction output once it has been converted to waste. A paper document is easier to reconstitute if

all of its particles are kept in one place. It is recognized that mixing and compacting destruction output in

larger volumes and from multiple sources dissipates the waste and may make reconstitution less likely.

This does not affect the possible information content of individual particles of material.

When selecting the appropriate security level, the density and/or size of the represented information on

...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

CEN
EN 17646:2022(Main)
Secure storage units - Classification for high security locks according to their resistance to unauthorized opening - Distributed systems
SIST EN 17646:2022

This document is applicable to Distributed Systems (DS), i.e. high security locks with components which have a wired or wireless connection via a transmission system in order to execute fixed operating conditions using different individually fixed access possibilities.
Products which are to be tested on the basis of this document comply with the generally recognized state of the art at the time of testing. Due to the short innovation cycles in the field of electronic and, in particular, information technology applications, the technical possibilities available at the time of product development should also be taken into account during implementation.
Distributed systems can be used, for example, to operate high security locks of secure storage units (safes and strongrooms).
High security locks (HSL) are used in DS as locking unit.
This document does not apply for stand-alone HSL, which are not part of a distributed system. For these stand-alone HSL EN 1300 is applicable only.
The document will be revised with a frequency of 3 years as the research in the area of cryptography and relevant attacks evolve with high speed as well as the referenced standards.

  • Standard
    28 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    27 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
prEN 1300(Main)
Secure storage units - Classification for high security locks according to their resistance to unauthorized opening
oSIST prEN 1300:2022

This document specifies requirements for high security locks (HSL) for reliability, resistance to burglary and manipulation with methods of testing. It also provides a scheme for classifying HSL in accordance with their assessed resistance to burglary and unauthorized opening.
It is applicable to mechanical and electronic HSL. For electronic locks used in a distributed system, see EN 17646 for further information.
The following features can be included as optional subjects but they are not mandatory:
a)   recognized code for preventing code altering and/or enabling/disabling parallel codes;
b)   recognized code for disabling time set up;
c)   integration of alarm components or functions;
d)   resistance to attacks with acids;
e)   resistance to X-rays;
f)   resistance to explosives;
g)   time functions.

  • Draft
    58 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 1047-2:2009/FprA1(Amendment)
Secure storage units - Classification and methods of test for resistance to fire - Part 2: Data rooms and data container
SIST EN 1047-2:2009/kFprA1:2012

Data rooms and data containers are fire protection security products whose purpose is to protect temperature and humidity sensitive data media and hardware systems from the effects of fire. These fire resistance products do not provide any defined protection against burglary.
Based on these objectives, the CEN/TC 263 Working Group WG2 Fire Resistance unanimously noted at its meeting on 8 March 2012 that the requirement for a certified high security lock according to EN 1300 for data rooms and data containers suggests protection that is not provided and does not reflect the requirements of the market.
For the reasons explained above, WG2 unanimously recommended deletion of the requirements for a certified high security lock according to EN 1300 without replacement from EN 1047-2:2009. In the interest of the market, this change in this European Standard shall be implemented very soon via an Amendment to EN 1047-2:2009. The necessary decision shall be taken in a 3 months shortened UAP. The necessary application shall be filed with the CEN/TC 263 via DIN.
The draft for Amendment A1 to EN 1047-2:2009 shall be presented to the CEN/TC 263 together with the application for changes in this European Standard.

  • Amendment
    5 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
CEN/TS 14383-2:2022(Main)
Crime prevention through building design, urban planning and city maintenance - Part 2: Principles and process
kSIST-TS FprCEN/TS 14383-2:2022

This document establishes general principles and specifies the framework for a process of Crime Prevention Through Environmental Design (CPTED).
It specifies the assessment of risk of crime problems (crime and/or feelings of insecurity) and the framework, process, measures and procedures aimed at reducing these risks in a specific new to build or existing environment. The crimes covered by this document are often of an opportunistic nature and are crimes against property (e.g. burglary, theft, vandalism, pickpocketing, arson), violent crimes (e.g. assaults, robbery, terrorism, harassment, sexual violence) as well as other criminal behaviour (see Annex A). The exact choice of which types of crime will be included in an approach has to be taken locally and is part of the processes and procedures described in this document. Annex A gives an overview of all foreseeable types of crime in all European languages. Feelings of insecurity are also defined as a ‘crime problem’ in this document.
This document provides guidelines and strategies for a CPTED-process in specific types of environments to prevent or reduce the risks of potential or identified crime problems. Guidelines for a step-by-step process are given to involve all stakeholders engaged in urban planning and environmental crime reduction. It also allows for all other stakeholders to be engaged – mainly local and regional authorities and residents/businesses/institutes – in the multi-disciplinary action needed to minimize the risks of crime problems (crime and feelings of insecurity).
This document introduces a process that is applicable to the planning process of new, as well as existing, urban areas. Such an area can be the neighbourhood or environment ranging from just one building to a few buildings or streets to a whole district. This document also introduces a higher-level framework that is often city wide – or regional or sometimes even national – and democratically legitimised for regular implementing CPTED in specific areas and for specific (new/existing) urban planning, design and management projects.
This document provides all relevant actors with guidelines aimed at reducing or managing the risk of crime problems in a specific defined environment.

  • Technical specification
    62 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 17646:2022(Main)
Secure storage units - Classification for high security locks according to their resistance to unauthorized opening - Distributed systems
SIST EN 17646:2022

This document is applicable to Distributed Systems (DS), i.e. high security locks with components which have a wired or wireless connection via a transmission system in order to execute fixed operating conditions using different individually fixed access possibilities.
Products which are to be tested on the basis of this document comply with the generally recognized state of the art at the time of testing. Due to the short innovation cycles in the field of electronic and, in particular, information technology applications, the technical possibilities available at the time of product development should also be taken into account during implementation.
Distributed systems can be used, for example, to operate high security locks of secure storage units (safes and strongrooms).
High security locks (HSL) are used in DS as locking unit.
This document does not apply for stand-alone HSL, which are not part of a distributed system. For these stand-alone HSL EN 1300 is applicable only.
The document will be revised with a frequency of 3 years as the research in the area of cryptography and relevant attacks evolve with high speed as well as the referenced standards.

  • Standard
    28 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    27 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
CEN/TS 14383-6:2022(Main)
Prevention of crime - Urban planning and building design - Part 6: Schools and educational institutions
SIST-TS CEN/TS 14383-6:2022

This document gives guidance and recommendations for reducing the crime risk and antisocial behaviour against people and property in schools through planning and design stage by preventative risk management.
This document is usable for public and private schools and educational institutions. This document can be used particularly but not exclusively for the security risks. Proposal and implementation of crime prevention measures work with risk management. It is essential to consider changing social and cultural unwished behaviours in school and educational premises with preventive risk management.
This document is not addressed to universities. However, it can be used as methodology for crime prevention and risk management as well as to ensure the level of physical protection in universities as well.

  • Technical specification
    43 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Technical specification
    45 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
CEN/TS 17159:2018(Main)
Societal and citizen security - Guidance for the security of hazardous materials (CBRNE) in healthcare facilities
SIST-TS CEN/TS 17159:2018

This Technical Specification provides guidance for managing security of (high risk) chemical, biological, radioactive, nuclear or Explosive materials, such as those covered by the EU CBRN action plan, that are used within healthcare facilities (HCF); it covers the lifecycle of such materials within a HCF’s span of control. In this Technical Specification these materials are referred to as ‘CBRNE materials’.
It covers the protection of (high risk) CBRNE materials used in healthcare facilities against security threats relating to their deliberate misuse. It covers the protection of people, assets and information related to CBRNE materials.
This Technical Specification also applies to circumstances where healthcare is provided at locations remote from the normal location of the HCF.
This Technical Specification also provides guidance to all stakeholders that are responsible for each step in a lifecycle of CBRNE materials within the HCF such as such as administrator staff, facility management staff, logistics and transport staff, medical staff, waste management staff, domestic staff and security staff as well as visitors and contractors working on the HCF premises.
This Technical Specification can be applied as part of generic management systems such as EN ISO 9001 [2], EN ISO 22301 [3], ISO 22320 [4] and possibly ISO 28001 [5].
It does not apply to occupational health and safety issues deriving from the proper and improper use of such materials.

  • Technical specification
    37 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
CEN/TS 16850:2015(Main)
Societal and Citizen Security - Guidance for managing security in healthcare facilities
SIST-TS CEN/TS 16850:2015

The standard will specify requirements for planning, establishing, implementing, operating, monitoring, reviewing, maintaining and continually improving a documented security management system in healthcare facilities.

  • Technical specification
    39 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
CEN/TR 16705:2014(Main)
Perimeter protection - Performance classification methodology
SIST-TP CEN/TR 16705:2014

This Technical Report aims at providing information to be used for the design of the future activities for making a 'perimeter protection standard'.
This CEN Technical Report describes a performance classification methodology for the identification of the desired systems performance for perimeter protection systems. It also gives a conceptual framework for matching the desired performance and the capabilities of a possible solution.
Furthermore this CEN Technical Report presents the results of inventories that have been made on current systems and (generic type) products, relevant member states regulations, relevant documents from CEN, CEN/TC 325, ISO and other sources. It should be noted that these inventories cannot be considered complete and any values given should be considered indicative values.
The following subjects are not covered by this Technical Report:
−   threats approaching from the sea side;
−   threats approaching through the air.
It is recognized that with regard to vital infrastructure and very high risk objects the generic system approach indicated in this Technical Report may not suffice and additional checklists and risk assessment tools may be required.

  • Technical report
    110 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
CEN/TR 14383-5:2010(Main)
Prevention of crime - Urban planning and building design - Part 5: Petrol stations
SIST-TP CEN/TR 14383-5:2010

This Technical Report gives guidelines for a recommended strategy for efficiently combating the different types of crime liable to be committed against petrol stations.
NOTE   Crimes that are liable to be committed against petrol stations could include: armed robbery, violent theft, burglary (usually by breaking in at night), theft, fraud (failure to pay, use of stolen credit cards or cheques and other frauds), arson, vandalism and other crimes and offences.
This Technical Report is applicable to new and existing petrol station buildings that are open to and accessible by the public.

  • Technical report
    50 pages
    English language
    sale 10% off
    e-Library read for
    1 day