Call Us: 01 7076011

Safes, Fire Safes & Cabinets
  • About Us
  • Contact Us
  • Guide To European Certification
  • Insurance Rates (ISRG)
  • Help For Insurers
  • Advice Videos
  • Lock Videos
  • Testimonials
  • Blog

isrg logo vds certification logo essa certification logo a2p certification logo

Call Us: + 353 (01) 7076011

isrg logo vds certification logo essa certification logo a2p certification logo

Call Us: + 353 (01) 7076011

  • About Us
  • Contact Us
  • Guide To European Certification
  • Insurance Rates (ISRG)
  • Help For Insurers
  • Advice Videos
  • Lock Videos
  • Testimonials
  • Blog

Don't Be A Victim of Data & Fire Cabinet Mis-Selling

Many businesses, government departments and even cyber security organisations in Ireland have been lured into a false sense of security due to misleading advice on their physical data, document and back-up storage.

Invariably most businesses and public sector departments will tell you they are confident that their physical protection measures for data and documents are more adequate to counter most contingencies, but how justified is that confidence when the bulk of information coming from big name suppliers regarding the protection offered by fire and data safes, cabinets and strongrooms is less than reliable, and the procurement of such equipment usually happens in the absence of genuine expert advice.

Physical data secure storage procurement questions

  • Are there accredited European certification documents providing a legal proof of standard to back-up the claimed physical security or fire resistance attributes of data safes, cabinets and rooms?
  • In the case of magnetic data is the equipment certified for temperature and humidity limits that will protect magnetic data in an intense fire?
  • Is the equipment certified against the kind of structural collapse that is likely to result from an intense fire?
  • How is equipment intended to protect sensitive data, hard drives and other devices from fire, burglary or other threats sourced?
  • If expert advice was sought on the procurement of physical data protection equipment and its suitability for various types of media before purchase, what were the qualifications of the source of that advice?
  • Does all physical data protection equipment have at least one stamped metal certification plate from an accredited European certification body matching the fire and burglary standards required?

Qualified expert advice is critical to avoid the risk of catastrophic data or document loss

An expert understanding of accredited, certified, data safe, data cabinet and data room testing, and relevance of that certification in relation to risk and operation, is essential to avoid costly or even catastrophic mistakes. Considerations such as certification of fire resistance and burglary protection are just the starting point as different types of data media have varying degradation levels under a range of stress factors. 

For example, humidity as well as temperature is a critical factor in preserving magnetic data in a fire, whereas paper documents have a far higher stress level, yet, it is often the case that safes or cabinets which may be barely suitable for storing paper documents, are being used in businesses and government departments to protect magnetic data and back-ups.

 

Accredited European Certification

european parliament logo

EU Parliament regulation 765/2008 created the system that provides the legal basis of accreditation for the burglary resistance certification of safes and cabinets to:

  • European standard EN1143-1, the burglary resistance certification for safes
  • European standard EN14450, the burglary resistance certification for cabinets
  • European standard EN15659 the protection of paper documents from fire
  • European standard EN1047-1 the protection of data from fire

These are the logos of the four certification bodies with accreditation to ISO IEC17065 to certify safes to European standards you will most likely encounter on a genuine certification plate in Ireland.

vds certification logo essa certification logo SBSC certification logo a2p certification logo

The ultimate protection against misrepresentation and a legal proof of standard of burglary and fire resistance, accredited European certification is the most important factor in maintaining insurance cover long term, as well as being the basis for all insurance rate recommendations in Europe. When there is a need to ensure regulatory compliance, for the storage of important legal documents or data, anything less than accredited European certification and the legal proof of standard it provides can leave an organisation or individual vulnerable. European accredited certification for safes and strongrooms is backed by regular auditing, market surveillance and is verifiable, proof of standard for both insurance and litigation purposes.

If you consider that 70% of safes tested for burglary resistance by accredited European testing labs fail on the first attempt the practical implications of accepting unaccredited claims of burglary or fire resistance are also obvious.

 

What Certified Physical Data Storage Certification Looks Like

Certification for physical data storage will be indicated under standard EN1047-1 (Data). 

Accredited European certification that a safe or cabinet is suitable to protect paper or data will always be displayed on a stamped metal plate on the inside of the unit's door. This information will never appear on a sticker.

Data certification is completely separate to any burglary resistance certification plate that a safe may have. There is absolutely no connection between the grade of a safe and the unit's fire resistance.The same information will be available on accredited certification documents which are freely available and should always be asked for.

Sistec SE15 Data Safe Certification

Fire & impact data protection standard EN1047-1

  • Units suitable for paper documents are certified S60P and S120P and have an internal temperature limit of 170°C during testing.
  • Units suitable for digital data are certified S60D and S120D and have an internal temperature limit of 70°C and a humidity limit of 85% during testing. 
  • Units suitable for magnetic data are certified S60DIS and S120DIS have an internal temperature limit of 52°C and a humidity limit of 85% during testing. 
  • All EN1047-1 certified safes and cabinets undergo a structural impact test which consists of a nine meter drop onto a gravel floor while heated to simulate a structural collapse during an intense fire.

data cabinet certification badge

 

An Example Of How Physical Data Security Procurement Can Go Very Badly Wrong

Case study

Close up photos below show a very popular unit sold for fire protection of paper documents in Ireland known as the “Fire Chief”. This is one of fourteen units that was purchased by an enterprise for the protection of client documents and back-up data, some of which would fall under the GDPR. Procurement selected the unit based on several factors but low price and name recognition certainly came into it.

When Certified Safes Ireland™ were asked to examine the units by a senior member of the management team it was clear to us that rather than purchasing fire and burglary resistant data cabinets, the client had in fact purchased thousands of Euros worth of relatively expensive light steel storage cabinets with no accredited certified fire or burglary resistance whatsoever.

Our examination found the following:

  • There was no indication anywhere on the cabinets of a claim the "Fire Chief” was fire resistant in any way.
  • There were no fire protection strips or seals anywhere on the cabinets.
  • Air gaps around door frames were so wide the locking bolts of the cabinet were clearly visible. These gaps would aid airflow for combustion rather than deny it as well as allowing the locking bolts to be cut in seconds with a battery powered angle grinder. (Photo below - left)
  • The only mark found anywhere on the cabinets was an unaccredited sticker which claimed the units are S1 security cabinets, the lowest level of protection under European standards

Phoenix Fire Chief Air Gap Phoenix Fire Chief S1

The legal situation

Obviously, metal cabinets with no accredited certified fire or burglary resistance is not what the procurement department of the business had in mind. The mistake meant that data and documents held by the organisation were not only at the same level of risk from fire as was the case before the purchase, but the information was not being stored in compliance with the groups GDPR risk assessment, opening up the possibility of sanctions, and even legal action if unlawful destruction was caused to third party data due to burglary or fire. 

The fact remains however, that nowhere on the data sheet for the "Fire Chief” did the supplier make the claim that these units were certified for fire resistance. The only reference to “Fire Resistance” states, “Recommended for 30 minutes fire protection for paper records”, but as no accredited certification of fire resistance was referred to, this recommendation is simply the unsubstantiated opinion of the supplier, however misleading that may be. 

Of course, it can't be denied that the name “Fire Chief” does give the impression that the unit is fire resistant in some way, but not in any way that matters. The only certification claim we could find was a claim that the cabinets were S1 Security Cabinet certified by Trezor Test in the Czech Republic. S1 is the lowest level of burglary resistance for a cabinet test with hand tools, but even this claim was unaccredited. The test time for an S1 Security Cabinet is 1.5 minutes. 

 

A Warning On The NT FIRE 017 Test For Data

NT FIRE 017 is a conformity assessment of Nordtest. Originally founded in 1973 under the Nordic Council of Ministers the emphasis of Nordtest is to develop, promote Nordic test methods and pre-normative activity. NT FIRE 017 is NOT a European Standard.

NT017-Fire

Not being a European standard, NT FIRE 017 is not a legal proof of standard for litigation purposes in the European Union, but there are several other important differences in testing and application of the NT FIRE 017 mark that set it apart from European standards that consumers should also be aware of.

  • Humidity not measured *** (Particularly important for data)
Particularly important to the preservation of digital data under European standards, there are strict parameters on permitted humidity levels inside a data safe or cabinet being tested, with relative humidity inside a tested safe or cabinet being measured both during testing and during a cooling phase after testing. NT Fire 017 doesn’t measure humidity at all during testing.
  • Limited scope of testing
The first important difference between cabinets and safes marked NT Fire 017 and those certified under European standards is NT Fire 017 may be applied to units of identical construction to a tested unit, provided that the external volume of the untested units are not less than half of, and not more than twice the volume of the tested unit. In other words, in a series of five sizes only one unit may have been tested, something impossible under the European testing regime. This is why, unlike NT fire 017, a series of five sizes of safes or cabinets certified to European standards will usually have differing fire certification times, as might be expected, due to differing sizes and volumes. 
  • More favourable temperature measurement
There are also substantial differences between European standards and NT Fire 017 in the way temperature inside a tested unit is measured which to the casual observer may appear to produce a more favourable result for NT Fire 017. Everybody knows that if you heat a rectangular object that the internal corners of that object are likely going to heat more rapidly, and this is exactly where thermocouples are placed in European fire testing, however, in NT Fire testing thermocouples are placed in the centre of safe panels, an area that will likely heat last.
  • Undefined marking
As NT Fire 017 has no defined method of marking tested units it leaves a manufacturer or supplier free to mark products in a variety of "creative" manners. In the case of the mark above, a facsimile of a plate appearing on a safe from a UK supplier, NT FIRE 017 appears on a stamped metal plate that is strikingly similar to an accredited European certification plate for a safe, with the word "safe" in block capitals in the left hand corner. A consumer might be forgiven for thinking that the plate below is both certifying that the product is a burglary resistant safe and is fire resistant, particularly as under the word "safe" the words "type tested and certified according to NT 017" appear with any mention of the word "fire".

 

A Warning On Asbestos In Pre-2000 Data Safes

Asbestos

Contrary to what most people might think, Asbestos was widely used in door seals on safes, fireproof safes, data safes and fireproof filing cabinets into the 1990s, while safes, document and filing cabinets that contain asbestos continue to be sold on the second-hand market in Ireland, even by well-known safe suppliers. The ban on asbestos in Ireland in 2000, far from seeing a reduction in the amount of safes and cabinets that contained asbestos instead saw a surge, as thousands of contaminated safes became available on the second-hand market as they were removed from all over Europe and the UK. Asbestos is a deadly carcinogen and is not only a danger to anyone who might use such a unit, but is also a life threatening danger to technicians, locksmith and fire fighters. Any safe manufactured before 2000 must be presumed to contain asbestos.

 

European Fire Standards For Physical Data & Paper Documents

Protection class quality characteristic for fireproof protection
European Standards EN1047-1, EN1047-2 and EN15659

Protection classes of products for the protection of data and systems
Product Protection class Certification
Light fireproof unit LFS 30 P EN 15659
LFS 60 P EN 15659
Data cabinet S 60 P EN 1047-1
S 120 P EN 1047-1
S 60 D EN 1047-1
S 120 D EN 1047-1
S 60 DIS EN 1047-1
S 120 DIS EN 1047-1
Diskette insert DI 60 P/DIS EN 1047-1
DI 120 P/DIS EN 1047-1
Data container C 60 D EN 1047-2
Data room R 60 D
Type A
EN 1047-2
R 60 D
Type B
EN 1047-2

The abbreviations in the table stand for:

  • Fireproof - Light fireproof storage unit to EN 15659
  • S  - Data cabinet to EN 1047-1
  • DI - Diskette insert for installation into a data cabinet of protection class S 60 P and S 120 P
  • C - Data container to EN 1047-2
  • R - Data room to EN 1047-2
  • 30 - Exposure to flames for 30 minutes
  • 60 - Exposure to flames for 60 minutes
  • 120 - Exposure to flames for 120 minutes
  • P - Suited for heat sensitive paper documents with stress limits up to 170°C
  • D - Suited for heat and humidity sensitive data media with stress limits up to 70°C and 85% air humidity
  • DIS - Suited for heat and humidity sensitive data media with stress limits up to 52°C and 85% air humidity

 


 For advice call: +353 1 7076011


Alan Redd Certified Safes Ireland NSAI

Certified Safes Ireland™ director Alan Donohoe Redd is a member of the European CEN263 Working Group responsible for writing European Standards for safes, strongrooms (vaults), secure cabinets and physical data protection for the European Union. A registered NATO supplier and a longstanding member of the European Security Systems Association, Alan has a vast range of experience spanning almost 40 years and encompassing installation of safes, strongrooms, physical data protection, CCTV, alarms, access control, secure storage control systems and Sensitive Compartmented Information Facility (SCIF) specification, design, and installation.

Alan is an expert on standards and fraud issues related to secure storage in Europe and the UK, has had articles related to these subjects published by The Law Society Gazette and Irish Broker Magazine, has forced retractions of multiple false claims related to secure storage offerings to the public, including some published by the Irish Times, and has been pivotal in having misleading standards and practises recognised and withdrawn in Ireland, the UK and at a European level.

Our expertise has been relied on by:

N.A.T.O. Europe, The U.S. Air Force (Europe), The National Treasury Management Agency (Ireland), The Department Of Communications (NCSC Cyber Security) (Ireland), The Revenue Commissioners, Electricity Supply Board (Cyber Security) (Ireland), The Danish Defence Forces (Afghanistan), PayPal (Worldwide), Grant Thornton, The Insurance Institute of Ireland, The Royal College Of Surgeons, BFC Bank, Interxion Data Centres and many others ....

Our seminars on safes, strongrooms and HNW secure storage have been part of Continuing Professional Development for underwriters and insurers having been awarded CPD points by the Insurance Institute of Ireland and the Chartered Insurance Institute (UK).

Insurance Institute of Ireland Insurance Institute of London nato cage code