Handling Media Waste Based on Particle Size
Store shredded media differently based on particle size: OFFICIAL up to 3 mm, PROTECTED up to 6 mm, SECRET up to 9 mm.
Plain language
When you shred sensitive documents and materials, the pieces left over need to be handled carefully based on how small they are. This is important because if someone with bad intentions gets hold of these pieces, they might be able to piece together confidential information, potentially leading to data breaches or leaks that can harm your business or privacy.
Framework
ASD Information Security Manual (ISM)
Control effect
Responsive
Classifications
S
ISM last updated
Nov 2021
Control Stack last updated
18 May 2026
E8 maturity levels
N/A
Official control statement
The resulting media waste particles from the destruction of SECRET media is stored and handled as OFFICIAL if less than or equal to 3 mm, PROTECTED if greater than 3 mm and less than or equal to 6 mm, or SECRET if greater than 6 mm and less than or equal to 9 mm.
Why it matters
If SECRET media waste particle sizes are not handled to the ≤3mm/3-6mm/6-9mm rules, fragments may be reconstructed, causing a classified data breach.
Operational notes
Measure shred particle sizes and label/store waste as OFFICIAL (≤3mm), PROTECTED (>3-6mm) or SECRET (>6-9mm); reject batches outside limits.
Implementation tips
- The office manager should train staff on identifying and separating shredded waste based on particle size. Use a simple ruler to check sizes: up to 3 mm are handled as standard waste, up to 6 mm as protected, and 9 mm as secret waste.
- The procurement officer should ensure shredders are equipped to produce particles in the required size range. Check the shredder specifications when purchasing and ensure they match your organisation's requirements for different levels of document security.
- The facilities team should set up designated bins for different types of shredded waste. Label them clearly according to the particle size and corresponding security classification (OFFICIAL, PROTECTED, SECRET).
- Managers should develop a policy for the secure storage and disposal of shredded waste. This includes instructions for staff to follow and partnership with a secure waste disposal service that is aware of your handling requirements based on particle size.
- The security officer should periodically audit the storage and disposal system for shredded materials. Ensure it aligns with the guidelines by checking that bins are correctly used and emptied by trusted service providers familiar with your organisation's security needs.
Audit / evidence tips
- AskThe organisation's shredded waste management policy GoodPolicy will have specific sections covering up to 3 mm as OFFICIAL, up to 6 mm as PROTECTED, and up to 9 mm as SECRET
- AskTraining records that show staff have been briefed on handling shredded waste GoodWill include a training schedule, attendance lists, and feedback results
- GoodDocument will show specifications of shredders versus required particle sizes
- AskTo view the designated storage areas for shredded waste GoodSetup will include bins marked according to the particle size classification and instructions for use
- AskContracts or service agreements with secure waste disposal companies GoodWill demonstrate that the disposal company complies with your classifications and regularly handles waste on schedule
Cross-framework mappings
How ISM-1728 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 7.10 | ISM-1728 requires organisations to store and handle destroyed SECRET media waste at downgraded classifications based on the resulting par... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.