DSM Supplementary Document Annex I to DSM Part 2:30 Classificvation and Protection of Official Information - Disposal and Destruction of Protectively Marked Information and Assets Version 7 ation date July 2015 Amendment list 18 Optimised for Screen; Print; Screen Reader Releasable to Compliance Requirements Compliance requirements for this supplementary document are the same as for its parent document. Copyright Commonwealth of Australia 2010 This work is copyright. Apart from any use as permitted under the Copyright Act 1968, no part may be reproduced by any process without prior written permission from the Department of Defence. Requests and inquiries concerning reproduction and rights should be addressed to Defence Publishing Services, Department of Defence.
Disposal and Destruction of Protectively Marked Information and Assets 1. Any disposal of Commonwealth records is to be done in accordance with the Archives Act 1983. Under the Act it is illegal to destroy Commonwealth records without the permission of the National Archives of Australia (NAA), or in accordance with a practice or procedure approved by the NAA, unless the destruction is required by law. Note: For Defence policy see the Defence Records Management Policy Manual. 2. The Australian public has a statutory right of access to all open period Commonwealth records; refer DI(G) ADMIN 27-2 for details. Disposal and Destruction Procedures 3. When TOP SECRET information and assets or Accountable Material are required to be destroyed, the destruction must be conducted under the supervision of two persons who are security cleared to at least the classification of the information or asset being destroyed. Recording Disposal and Destruction 4. Details of the disposal of all classified documents or assets recorded in the Classified Document Register (CDR) must be clearly annotated alongside each individual document record and those carrying out the destruction must sign the CDR or document register. 5. The originator of a copy-numbered classified document must be consulted prior to the destruction of such a document. If the originator approves destruction of the copy-numbered document, the destruction must also be recorded by completing form XC024 - Certificate of Destruction for Classified Material. The completed form XC024 is then to be sent to the document originator. 6. For as long as any one document recorded in a given CDR is still in existence, the CDR must be maintained. Following destruction of the final document recorded in a CDR, the CDR must be retained for at least five years before being transferred to the Defence repository in the relevant state or territory. 7. The book of XC051 - Dispatch Advice/Receipt for Classified Matter must be retained for at least five years after the last form XC051 is returned. For information regarding CDR, refer to the DSM Part 2:33 Physical Transfer of Classified Information and Assets. Methods of Destruction 8. Protectively marked information and unclassified information not for public release, must be disposed of using Security Construction and Equipment Committee (SCEC) approved destruction equipment in one of following methods: a. Pulping - transforming used paper into a moist, slightly cohering mass, from which new paper products will be made; b. Burning - in accordance with relevant environment protection restrictions; c. Pulverising - using hammermills with rotating steel hammers to pulverise the material; d. Disintegrating - using blades to cut and gradually reduce the waste particle to a given size determined by a removable screen; and e. Shredding - using strip-shredders and crosscut shredders (only crosscut shredders are SCECapproved for security classified information). Annex I to DSM Part 2:30 Page 2 of 5
f. Details on destruction equipment and methods of destruction can be found in the SCEC Security Equipment Catalogue and by contacting the Defence Security and Vetting Service (DS&VS) Regional Office. 9. Sensitive: Cabinet. Information which bears the DLM Sensitive: Cabinet is to be disposed of in accordance with the practices mandated by the Department of the Prime Minister and Cabinet. Refer to the Cabinet Handbook. 10. High grade cryptography and communications security. High grade cryptography and communications security (COMSEC) material is to be handled in accordance with the DSM and its authoritative sources. 11. Electronic media. Electronic media is sanitised/destroyed in accordance with the requirements of the ISM. Shredders 12. Where the disposal method is shredding, and the information is classified as: a. SECRET or above (including all Codeword, AUSTEO, AGAO and Sensitive: Cabinet information), it must be shredded in a SCEC-approved A Class crosscut shredder (maximum particle size 1 mm x 20 mm). b. CONFIDENTIAL or PROTECTED, it must be shredded in a B Class crosscut shredder (maximum particle size 2.3 mm x 25 mm) or SCEC-approved A Class crosscut shredder. Note: Commercial strip shredders are not suitable for the destruction of classified or sensitive information. The smaller the particle size the more secure the results. For further details on selecting shredders see the SCEC Security Equipment Catalogue. 13. ICT media shredders. Refer to the SCEC Security Equipment Catalogue to select SCEC-approved media shredders to destroy ICT media. Garbage and Recycling 14. Protectively marked information must not be disposed of by garbage or unsecure recycling collection unless it has already been through a SCEC-approved destruction process. 15. Garbage, whether it is placed in a garbage hopper or other area for collection or delivered directly to a garbage disposal service, is extremely vulnerable. Only information that is public domain information or has already undergone a SCEC-approved destruction process, such as shredding, may be discarded in Defence's general garbage. 16. Recycling or discarding intact documents does not serve the same purpose as document destruction and can only be used for public domain information disposal or when information has already undergone some form of appropriate destruction, such as shredding. Contracted Disposal and Destruction 17. It may be considered necessary, after a comprehensive risk assessment, for the disposal of security classified waste to be undertaken by an authorised disposal company. Authorised companies have had both transport and disposal facilities approved by ASIO-T4 and equipment approved by SCEC. Defence personnel or external service providers setting up a contract for destruction of classified information must contact DS&VS or the Service Security Authority (SSA) and formally register the advice provided by either. DS&VS or SSA can provide advice on appropriate procedures and level of security throughout the pick up, transportation and destruction of the waste. Annex I to DSM Part 2:30 Page 3 of 5
18. The destruction of TOP SECRET or Accountable information or assets should occur within a Defence facility. The originator of the information may also apply special conditions to the destruction of some classified information which might prohibit the use of contractors. Form XC024 - Certificate of Destruction for Classified Material must be sent to the originator upon destruction of the material. 19. Classified waste bags are used to temporarily store classified waste until a contractor can carry out complete destruction. Classified waste bags must [Auth:None] be stored according to the highest level of classification of their contents. Destruction of Classified Information Overseas 20. If possible, classified information or assets located overseas must be taken to an Australian controlled area, such as an Australian Embassy or High Commission, for destruction. If this is not possible, Defence personnel and external service providers must [Auth:None] ensure that the classified waste is completely destroyed. Emergency Destruction Plan 21. Defence units are sometimes in sensitive areas where there is a risk of uninvited entry by unfriendly forces. In such cases, an emergency destruction plan must be developed. The security officer, or an appointed officer on deployment, is responsible for keeping the plan current. 22. The plan must: a. identify the order and method of destruction of all classified documents and information embedded in electronic systems; and b. ensure that the most highly classified and sensitive information or assets are destroyed first if the complete destruction of all classified information is necessary. 23. If Security Standing Orders are applicable to a unit on deployment, the plan must be incorporated into those orders. 24. Aircraft. Contingent commanders who have aircraft making flights over foreign territories must develop: a. a list of security classified information or assets carried on each type of aircraft; and b. a plan detailing the order and method of destruction of each classified item. 25. An authorised technical officer will provide instruction on the methods of destruction for those items. Additional Requirements for Classified Assets 26. Classified assets must be destroyed so that: a. the security nature of the asset cannot be identified; b. security classified performance details or data cannot be recovered; c. components, if not totally destroyed, are no longer operational; and d. the relationship of components to the overall asset cannot be identified. Annex I to DSM Part 2:30 Page 4 of 5
Appendixes and Attachments N/A This annex currently has no appendixes or attachments. Annex I to DSM Part 2:30 Page 5 of 5