Your Basket is Empty
United Kingdom Business Impact Levels (BIL), Guidelines & Desctruction Procedures Explained
An Introduction to Business Impact Levels
The Security Policy Framework (SPF) sets out new responsibilities regarding the Protective Security and Risk Management required within Government Departments and Agencies whilst recognising the wider implication for the Commercial Sector which plays an increasingly intimate role within the UK Government matrix, as well as making up the core sectors within the Critical National Infrastructure (energy, water, agriculture, etc). Similarly, organisations such as the National Health Service, Police forces and local Government all handle Government Assets on a regular basis.
The SPF specifies the key elements within the Governmentís Protective Security System, which details the minimum mandatory requirements relating to the Handling of Personal Data and Managing Information Risk within Government Departments. These requirements are formalised within a new Information Assurance Standard - IA Standard no.6.
The enclosed has been prepared by Don Ruffles Limited using commercially available documentation specifically for the ShreddingMachines.co.uk and Degaussers.eu websites due to the high number of prospects requesting explanations. The enclosed should only be used as a guideline only, as it is implicitly recognised that all Organisations should consult with their Security Advisors for specific advice on their individual Requirements Alternatively discuss with Don Ruffles Limited expert advisors for specific advice - 0845 5555 007
When assessing the Level of Impact that is likely to result from the Loss or Compromise of Information including that of Sensitive Data, Departments and Agencies must refer to specific Business Impact Levels or BILís, which range from BIL 0 - which indicates that there is NO IMPACT to BIL6 which indicates the HIGHEST SECURITY IMPLICATIONS.
Business Impact Levels provide a very handy seven-point scale which allows Departments, Agencies and Commercial Customers to make a balanced assessment of what Countermeasures would be required to effectively meet their Risk Management requirements of Confidentiality and Integrity.
In many cases these recommendations are Minimum Requirements as Organisations must review where large amounts of data are aggregated, accumulated, or associated with other data, to determine whether a Higher Impact Level, and therefore Greater Protection may be required. Impact Levels are produced specific to different types of Organisation (Defence, Public Services, Law etc. - as below)
Business Impact Level Sector Tables
The CESG the National Technical Authority for Information Assurance in conjunction with the Cabinet Office have issued a Non Protectively Marked Document which makes available details of Business Impact Level Tables to help Organisations and Individuals assess the Specific Impact of a Loss that would relate to various Sectors within the UK.
These Sectors include:
An example of Business Impact Level may include:
Business Impact Level 0 (BIL0) - NO IMPACT
Business Impact Level 1 (BIL1) - UNCLASSIFIED or NON PROTECTIVELY MARKED assets
Business Impact Level 2 (BIL2) - Criteria for assessing PROTECT (Sub-national security marking) assets:
Business Impact Level 3 (BIL3) - Criteria for assessing RESTRICTED assets:
Business Impact Level 4 (BIL4) - Criteria for assessing CONFIDENTIAL assets:
Business Impact Level 5 (BIL5) - Criteria for assessing SECRET assets:
Business Impact Level 6 (BIL6) - Criteria for assessing TOP SECRET assets:
Business Impact Level Destruction Procedures
Once it has been ascertained as to what Level of Risk relates to your Specific Organisational requirements, it is necessary then to decide on an appropriate Code of Practice for the Secure Destruction or Sanitisation dependent on the Material to be destroyed.
For Details on the Destruction Procedure Recommended for the following Product Categories please refer to HMG 1A Standard No. 5 - Secure Sanitisation for details or Contact Don Ruffles on 0845 5555 007
Paper Based Products
Magnetic Media, Hard Drives, and Magnetic Tapes includes removable Magnetic Hard Drives, ZIP Drives, Floppy Disks, SCSI Drives and Software-encrypted Disks commonly found on Desktop or Lap Top Computers, Videotape, Audiotape, Computer Back-up tape include procedures as follows:
CDs, DVDs and Blu-ray Disks includes CD-Roms, CD-Rs, CD-RWs, DVD-ROMs, DVD-Rs, DVD-RWs, DVD+Rs, DVD+RWs, DVDRAMs, BD-ROMs, BD-Rs and BD-Rs:
Microform includes microfiche, microfilm and other reduced image photo negatives:
Other Media to consider may include:
Dynamic RAM (DRAM), EEPROM and EPROM - electrically Erasable PROM
Flash Drives - USB Sticks, Hybrid Hard Drives, SD Cards
FPGA (non volatile and volatile)
Monitors - CRT, Plasma, LCD Screens
Network Devices - switches, routers, interface cards, enterprise networks
Office Equipment - Printers, Scanners, Faxes, Photocopiers, Multi-function Devices
Personal Electronic Devices (PEDs) - Mobile Phones, Smart Phones, Personal Digital Assistants (PDAs)
Screen Controllers - Graphics Cards, Chipsets, Dedicated Graphics Controllers
Smart Cards and SIM Cards - Key Cards, Tablet PCs
Static RAM (SRAM) - Battery-backed or Capacitor-backed SRAM and SRAM without power or backup.