For the average small to medium sized business data safes and fireproof document cabinets are of increasing relevance since the arrival of the General Data Protection Regulation which imposes heavy fines if data relevant to individuals is not adequately protected. Unfortunately, it is often the case that during day to day operations access to data held in documents, on CCTV, flash drives or portable electronic devices are inadequately protected against unauthorised access and therefore wide open to exploitation by a dishonest employee or contractor.
For larger businesses, government, and the financial sector however, the ever increasing availability of small high-tech devices which can be used both by opportunist criminals and highly organised cyber-crime has led to an exponential growth in the risk of a successful cyber-attack leveraging an employee or contractor's physical access to servers, routers, environments, industrial control systems or networks to disrupt operations, steal valuable information or commit acts of terrorism. In short, physical cyber, data assets and sensitive documents represent a huge risk to both physical and cybersecurity and can be targeted by criminals, separately or simultaneously to devastating effect.
Qualified Expert Advice Is Critical
When it comes to any type of physical protection and audited access control for physical data and infrastructure, knowledgeable, experienced, and qualified advice is the most important and indispensable factor critical to long-term dependability and regulatory compliance. Considerations such as certification, burglary protection and audited access control are just the starting point. As different types of data media have different degradation levels under different stress factors advice needs to be specific to both the environment and the data media or infrastructure that has to be defended. There is no substitute for knowledge and proven solution delivery expertise in this field.
Avoiding addressing issues professionally can be at the least, costly and embarrassing for any size enterprise. From the small home office to government installations many of the same issues can apply. Paper, magnetic data, hard-drives, USB drives and laptops all have different degradation parameters in a fire. These degradation parameters need to be quantified and addressed by the chosen data safe, data cabinet or fireproof filing cabinet solution. Burglary or unauthorised access is another major risk that needs to be countered, something that in reality is statistically a lot more likely than a fire. A burglary may not have data as its target but in many cases files, USB sticks and laptops will be removed, a huge problem for the small business with sensitive files covered by the G.D.P.R. and an even bigger problem if a laptop or other such data device holds exploitable business or government data.
When controlling access to physical documents for example, it is common that access to document cabinets is controlled by very low security mechanical key locks for which keys can be easily copied, even from a photograph, while no record of access is maintained despite the fact that audit locks can track access to such cabinets automatically.
Accredited European Certification
EU Parliament regulation 765/2008 created the system that provides the legal basis of accreditation for the certification of a safe or cabinet for the protection of paper documents or data from fire, however, such certification will always be indicated separately under standard EN15659 (Light Fire) and EN1047-1 (Data). There is absolutely no connection between the grade of a safe and the unit's fire resistance. As is the case with burglary resistance, a safe or cabinet with properly accredited European certification for fire resistance will display a stamped metal certification plate on the inside of the door, with the unit's fire resistance and standard clearly marked. This information will be completely separate to any burglary resistance certification plate such as EN1143-1 or EN11450 that may be present. The same information will be available on accredited certification documents which are freely available and should always be asked for.
"Accredited European certification that a unit is suitable to protect paper or data from fire and structural collapse will always be displayed on a stamped metal plate on the inside of the unit's door. This information will never appear on a sticker or written in indelible ink. Fire resistance certification will be completely separate to any burglary resistance certification plate that may appear."
What Certification Looks Like
Below are the logos of three certification bodies with European accreditation to certify data cabinets, data safes and data rooms for fire and burglary resistance. The example images of certification plates below them are from ECB-S.
EN15659 is the “Light Fire Storage” certification standard (LFS). Units tested to this standard are designed to provide differing levels of protection against fire usually from 30 minutes (LFS30P) to 60 minutes (LFS60P). The certification plate for light fire storage will appear separately to a burglary resistance certification that may appear on the unit. Air humidity is not measure for this standard.
EN1047-1 is the data standard for safes and cabinets. S60P and S120P are standards for the protection of paper documents both having an internal temperature limit of 170°C during testing. Units marked S60D and S120D have an internal temperature limit of 70°C and a humidity limit of 85% during testing. Units marked S60DIS and S120DIS have an internal temperature limit of 52°C and a humidity limit of 85% during testing. Certification plates for this standard will appear separately to any burglary resistance certification that may appear on the unit
Warning Regarding: The NT017 Mark
Certified Safes Ireland™ does not supply fire or data safes and cabinets with the NT FIRE 017 mark. NT FIRE 017 is a conformity assessment of Nordtest originally founded in 1973 under the Nordic Council of Ministers. This is NOT a European standard of fire resistance so is not backed by EU Parliament regulation 765/2008, the legal basis of accreditation and proof of standard for safes and cabinets in Europe.
NT017 may be applied to filing cabinets, data cabinets or diskette cabinets of identical construction to tested units provided that the external volume is not less than half of and not more than twice the volume of the tested cabinet. Therefore, all cabinets certified NT017 are not necessarily fire tested. It should also be noted that NT017 does not include a drop test to simulate structural collapse of the kind that would likely happen in an intense fire.
European Standards For Physical Data
Protection class quality characteristic for fireproof protection
European Standards EN1047-1, EN1047-2 and EN15659
|Protection classes of products for the protection of data and systems|
|Light fireproof unit||LFS 30 P||EN 15659|
|LFS 60 P||EN 15659|
|Data cabinet||S 60 P||EN 1047-1|
|S 120 P||EN 1047-1|
|S 60 D||EN 1047-1|
|S 120 D||EN 1047-1|
|S 60 DIS||EN 1047-1|
|S 120 DIS||EN 1047-1|
|Diskette insert||DI 60 P/DIS||EN 1047-1|
|DI 120 P/DIS||EN 1047-1|
|Data container||C 60 D||EN 1047-2|
|Data room||R 60 D
|R 60 D
The abbreviations in the table stand for:
Expert Advice: Pre-2000 Asbestos
Do not entertain the idea of buying a fire retardant safe or cabinet manufactured before 2000 second-hand, and have any such unit in your possession checked. Chrysotile asbestos was widely used in door seals and as a principle fire retardant in fireproof safes, strongrooms and filing cabinets up to 1996. This invariably took the form of woven asbestos tape adhered around the door frame against which the door would close. Abrasion caused by the opening and shutting of the safe door or filing cabinet door in such close proximity to the user is a high-risk issue, particularly as someone could be opening and closing a unit for decades in a closed environment such as an office. Chrysotile asbestos fibres, which in the case of safe and cabinet manufacturing are the main type of asbestos fibres we are concerned with, are highly carcinogenic if inhaled. A safe or cabinet that contains asbestos within its structure is also a potent danger to maintenance technicians or locksmiths called to work on such units or to firefighters that may be exposed as the result of a fire.
Certified Safes Ireland™ director Alan Donohoe Redd is a member of the European CEN263 Working Group responsible for writing European Standards for safes, strongrooms (vaults), secure cabinets and physical data protection for the European Union. A registered NATO supplier and a longstanding member of the European Security Systems Association, Alan has a vast range of experience spanning almost 40 years and encompassing installation of safes, strongrooms, physical data protection, CCTV, alarms, access control, secure storage control systems and Sensitive Compartmented Information Facility (SCIF) specification, design, and installation.
Alan is an expert on standards and fraud issues related to secure storage in Europe and the UK, has had articles related to these subjects published by The Law Society Gazette and Irish Broker Magazine, has forced retractions of multiple false claims related to secure storage offerings to the public, including some published by the Irish Times, and has been pivotal in having misleading standards and practises recognised and withdrawn in Ireland, the UK and at a European level.
Alan’s expertise has been relied upon by;
N.A.T.O. Europe, The U.S. Air Force (Europe), PayPal (Worldwide), Grant Thornton, The Department Of Communications (Cyber Security) (Ireland), The Revenue Commissioners, Electricity Supply Board (Cyber Security) (Ireland), The Danish Defence Forces (Afghanistan), The Insurance Institute of Ireland, The Royal College Of Surgeons, BFC Bank, Interxion Data Centres, The Private Security Authority, Isle of Man Gold Bullion, Brown Thomas, Bvlgari, Druids Glen, The Shelbourne, and many others ....
Alan's seminars on safes, strongrooms and HNW secure storage have been part of Continuing Professional Development for underwriters and insurers having been awarded CPD points by the Insurance Institute of Ireland and the Chartered Insurance Institute (UK).