ISO/IEC 21964 (DIN 66399) Standards

11:00 am Heidi White

ISO/IEC 21964 (DIN 66399) Standards

UPDATE August 2018: DIN 66399 has been globally standardized to ISO/IEC 21964.

The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), who together form the specialized system for worldwide standardization, have established a joint technical committee, ISO/IEC JTC, in the field of information technology. In August of 2018, ISO/IEC JTC internationally standardized the German Institute for Standardization’s DIN 66399 terms and principles for destruction of information technology data carriers. This standard, ISO/IEC 21964, is now being referenced by organizations on an international level when referring to data destruction requirements. The materials referred to in security levels are identical to those referenced in DIN 66399.

DIN 66399

DIN Standards are the result of work at the national, European, and international level. Proposals for new standards are submitted and, once accepted, the standards project is carried out according to set rules of procedure by the relevant DIN Standards Committee, the relevant Technical Committee of the European standards organization CEN (CENELEC for electrotechnical standards), or the relevant committee at the International Standards Organization, ISO (IEC for electrotechnical projects). DIN Standards are reviewed at least every five years. If a standard no longer reflects the current state of technology, it is either revised or withdrawn.

Three Protection Classes of DIN 66399

The protection requirement of data is classified into three different classes. To determine the specific protection requirement and resulting protection class, it is necessary to assess data type.

  • Class 1 is for the Normal Protection required for Internal Data where disclosure would have a negative impact on a company or a risk of identity theft of an Individual.
  • Class 2 is for the Higher Protection for Confidential Data where disclosure would have a considerably negative effect or could breach legal obligations of a company, or offer a risk of adverse social or financial standing of an individual.
  • Class 3 Is for Very High Protection for Confidential and Top Secret Data which, if disclosed, could have terminal consequences for a company or government entity, and have a health and safety or personal freedom risk to individuals.

DIN Standard Film

Film Based Products including micro-film, microfiche, slides


DIN Standard Optical Media

Optical Media including CDs, DVDs, Blu-Ray discs


DIN Standard Magnetic Media

Magnetic Data Media including floppy disks, ID cards, magnetic tapes, cassettes


DIN Standard Hard Drives

Hard Drives from computers, laptops, servers


DIN Standard Electronic Media

Electronic Data Media including memory sticks, cards, solid state drives, mobile phones


DIN Standard Paper

Information presentation including paper, films and printer plates

Explore More