Destruction of Classified Material

All destruction companies wishing to destroy sensitive and classified information must meet National Association for Information Destruction (NAID) AAA Certification with Protective Security Policy Framework (PSPF) endorsement or be an agency-approved destruction service. 

The register of approved providers is available on the website www.naidonline.org (click on 'find' from the home page, then 'NAID AAA Certified' - note the abbreviation for Australia is AU)

ASD provides advice on the destruction of information and communications technology (ICT) media in the Information Security Manual (ISM).

On 1 March 2015 document shredders were withdrawn from the Security Equipment Catalogue (SEEPL). Approved destruction equipment now includes:

  • Equipment assessed by an independent test house such as National Association of Testing Authorities (NATA), against the relevant ASIO-T4 criteria; and
  • Equipment listed in the United States National Security Agency, Central Security Service (NSA/CSS) Evaluated Products Lists (and meeting the Australian particle size requirements)

Frequently Asked Questions:

How do I become a NAID AAA PSPF Endorsed company?

As a member of NAID, you can apply for NAID AAA Certification by submitting an application and paying an applicable fee. A scheduled audit will be conducted to verify all aspect of compliance before being approved. More details on the process are available on the NAID website Obtaining Certification

As a government agency, can we make our own assessment of a destruction service if its not listed with NAID?

Yes, agencies may conduct their own assessment of an external destruction service company to destroy their sensistive or security-classified information using PSC167 Destruction of Sensitive and Security Classified Information (accessible via login)

You must use Annex A - 'Criteria: agency-assessed destruction service' to assess destruction services for agency-specific approval. An agency may need to apply additional security requirements such as providing security clearances for external destruction service company staff or establishing appropriate security zones for handling and storing informaiton before destruction. Procedural control guidance is in Annex B - 'Procedures guide' 

I have a previously approved shredder, does it now need to be replaced?

Shredders purchased before 2016 which were included in the Security Equipment Catalogue (now known as SEEPL) may continue to be used if it meets and maintains the SEG 001 Class A and Class B Shredders (accessible via login) guidelines.