SCEC-approved destruction service scheme
ASIO-T4 NO LONGER MANAGES THE DESTRUCTION SERVICE SCHEME. PREVIOUS DESTRUCTION SERVICES LIST EXPIRED FROM 1 JULY 2019
Check out www.naidonline.org for the current list of "Australian Firms: Approved for Gov't Official Information"
external_destruction_diagram_final.pdf
The information provided on this webpage is advice on the destruction of paper-based sensitive and security-classified information.
ASD provides advice on the destruction of information and communications technology (ICT) media in the Information Security Manual (ISM).
All destruction companies wishing to destroy sensitive and classified information must meet National Association for Information Destruction (NAID) AAA Certification with Protective Security Policy Framework (PSPF) endorsement or be an agency-approved destruction service.
Sensitive and security-classified information must be destroyed in accordance with the minimum requirements of the PSPF -Sensitive and classified information, section C.5.7 and the ISM-Guidlines for media management
Approved destruction equipment includes:
1. equipment listed in the SCEC Security Equipment Catalogue (SEC) purchased before March 2015;
2. equipment purchased after March 2015 and assessed by the agency against relevant ASIO security equipment guides (SEG)
- SEG-001 Class A and Class B shredders;
- SEG-009 Optical media shredders; and
- SEG-018 Destructors
3. equipment purchased after March 2015 and assessed by an independent test house such as National Association of Testing Authorities (NATA), against the relevant ASIO-T4 criteria; and
4. equipment listed in the United States National Security Agency, Central Security Service (NSA/CSS) Evaluated Products Lists (and meeting the Australian particle size requirements)
Security Equipment Guide on Shredders
Government agencies will be able to use SEG 001 Class A and Class B Shredders (accessible via login) as a guide to select a range of security products.
The United States NSA/CSS has a standard which is used for the destruction of classified, printed-based material that will typically meet Australian government requirements. Paper shredders which are listed on the NSA/CSS Evaluated Products List (EPL) as meeting the standard are considered to be suitable for the destruction of paper-based material classified at SECRET or above, without any addition testing.
Frequently Asked Questions:
Where can I find a list of endorsed destruction companies?
External destruction companies must be NAID AAA PSPF Certified. Check out www.naidonline.org for the current list of "Australian Firms: Approved for Gov't Official Information"
How do I become a NAID AAA PSPF Endorsed company?
As a member of NAID, you can apply for NAID AAA Certification by submitting an application and paying an applicable fee. A scheduled audit will be conducted to verify all aspect of compliance before being approved. More details on the process are available on the NAID website Obtaining Certification
As a government agency, can we make our own assessment of a destruction service if its not listed with NAID?
Yes, agencies may conduct their own assessment of an external destruction service company to destroy their sensistive or security-classified information using PSC167 Destruction of Sensitive and Security Classified Information (accessible via login)
You must use Annex A - 'Criteria: agency-assessed destruction service' to assess destruction services for agency-specific approval. An agency may need to apply additional security requirements such as providing security clearances for external destruction service company staff or establishing appropriate security zones for handling and storing informaiton before destruction. Procedural control guidance is in Annex B - 'Procedures guide'
I have a previously approved shredder, does it now need to be replaced?
Shredders purchased before 2016 which were included in the Security Equipment Catalogue (now known as SEEPL) may continue to be used if it meets and maintains the SEG 001 Class A and Class B Shredders (accessible via login) guidelines.