ISO/IEC 21964 Officially Replaces DIN 66399.

Secure data carrier destruction becomes an international standard.

Information security and data destruction have reached a new level. ISO/IEC 21964 has officially replaced the former German standard DIN 66399, establishing a unified international standard for the destruction of data carriers that can be applied consistently across all countries.

This development represents a decisive step for organisations operating in global and regulated environments, as it introduces consistent, comparable and internationally recognised criteria for the secure destruction of data, regardless of country or industry sector.

From the national standard DIN 66399 to the global reference ISO/IEC 21964.

For many years, DIN 66399 was the primary reference for data destruction, particularly in Europe. However, as a nationally developed standard, its applicability and recognition were limited outside specific markets.

ISO/IEC 21964 addresses this gap by internationalising the same fundamental principles defined in DIN 66399, while maintaining:

• Information protection classes.
• Security levels linked to data risk.
• Technical destruction criteria, including the maximum particle sizes resulting from the destruction process.

What has changed is the scope: these requirements are now valid and recognised on a global scale.

Protection classes, security levels and particle sizes identical to DIN 66399.

Like its predecessor, ISO/IEC 21964 follows a risk-based approach. Information is classified according to its level of sensitivity and the potential impact in the event of unauthorised access.

Each security level defines clear technical requirements for destruction, as they were identified on the DIN 66399, including:

• The type of destruction process to be applied (shredding, degaussing, physical destruction, among others).
• The maximum particle sizes, for both paper and digital data carriers (hard drives, SSDs, magnetic tapes, optical media, etc.).

These technical specifications are essential to ensure that destroyed data cannot be reconstructed, even using advanced recovery methods.

A clear framework for paper and digital data carriers.

Like the DIN 66399 standard, the ISO/IEC 21964 applies to a wide range of data carriers, including:

• Paper documents.
• Hard disk drives and SSDs.
• USB devices.
• CDs, DVDs and other optical media.
• Magnetic tapes and industrial storage media.

By defining objective requirements for each type of data carrier, the standard removes ambiguity and strengthens trust in organisational data destruction processes.

REISSWOLF’s commitment to the international standard.

For REISSWOLF, adopting the criteria set out in ISO/IEC 21964 (former DIN 66399) is not merely a regulatory update — it is a clear commitment to the highest international standards of information security.

The entire REISSWOLF international franchise network can now align its data carrier destruction activities with the requirements of this standard, ensuring:

• Compliance with international secure destruction requirements.
• Strict application of defined security levels and particle sizes.
• Consistency and uniformity of services across all markets.

From now on, all references to DIN 66399 must be replaced by ISO/IEC 21964, the standard officially followed by REISSWOLF at an international level.

A new level of trust and compliance.

In an environment marked by increasing regulation, growing cyber threats and higher expectations from clients and regulatory authorities, ISO/IEC 21964 (former DIN 66399) provides a clear and globally recognised framework for secure data destruction.

Because secure information destruction is not only a legal obligation — it is a fundamental pillar of trust.