Document Destruction Services

Call: 07977 321522 Covering Bury St Edmunds, Suffolk and East Anglia

What the ICO and FCA Statement Means for Secure Data Disposal

What the ICO and FCA Statement Means for Secure Data Disposal

How to Choose a Secure Data Destruction Provider: What the BSIA Says You Should Know

Choosing a document shredding or secure data destruction provider is not simply an operational decision. For any organisation handling personal, confidential or sensitive information, it is a matter of compliance, risk management and trust.

The British Security Industry Association (BSIA) — the trade body representing professional security companies in the UK — has consistently highlighted that many organisations, particularly in the public sector, lack awareness of the standards and best practices that should guide this decision.

The Problem: Procurement Without Understanding

Research conducted by the BSIA’s Information Destruction section has identified recurring issues in how organisations procure secure destruction services. Common problems include:

  • Focusing on cost over security: Contracts often prioritise price or convenience rather than security and compliance, leading organisations to appoint providers that lack robust controls.

  • Lack of awareness of standards: Many procurement teams do not understand which standards a professional information destruction supplier should meet.

  • Overly stringent or irrelevant specifications: Conversely, some organisations specify unnecessarily complex requirements around shred size, transport or destruction processes without understanding why — or whether these add genuine security value.

  • Failing to verify credentials: Organisations may accept claims about security practices without seeking evidence of independent auditing or certification.

These gaps can expose organisations to unnecessary risk. Under data protection legislation, responsibility for personal data does not end when documents are no longer needed. Organisations remain accountable until that data has been securely destroyed. Improper disposal can lead to regulatory action from the Information Commissioner’s Office (ICO), reputational damage and loss of trust.

What Standards Should You Look For?

The BSIA recommends that organisations procuring information destruction services look for providers that meet recognised industry standards.

BS EN 15713:2023

BS EN 15713:2023 is the current European standard for secure destruction of confidential material. It replaced the 2009 version in September 2023 and represents a significant update reflecting modern data protection requirements.

The standard covers the entire destruction process, including:

  • Collection of confidential material from customer premises
  • Transportation in secure vehicles
  • Storage prior to destruction
  • The destruction process itself
  • Verification and certification

According to the BSIA’s complete guide to BS EN 15713:2023, this standard should be the first port of call for any organisation looking to improve its secure data destruction processes.

BS 7858 Staff Vetting

Staff who handle confidential material should be vetted to BS 7858, the code of practice for screening individuals working in secure environments. This ensures that personnel have been properly background checked before being given access to sensitive information.

Trade Body Membership

Membership of a recognised trade body such as the BSIA or the UK Secure Shredding Association (UKSSA) provides additional assurance. Members are typically required to:

  • Hold relevant ISO certifications (ISO 9001 or ISO 27001)
  • Operate to BS EN 15713:2023
  • Submit to independent auditing
  • Adhere to a code of ethics

You can verify membership and find accredited providers through the BSIA member directory or the UKSSA provider search.

Questions to Ask Before Appointing a Provider

When evaluating shredding companies, the BSIA recommends asking:

  1. Do you operate to BS EN 15713:2023? This is the current standard — be wary of providers still referencing the 2009 version.

  2. Are you a member of a recognised trade body? Ask for evidence of BSIA or UKSSA membership.

  3. Are your staff vetted to BS 7858? All personnel handling confidential material should be security screened.

  4. What certifications do you hold? Look for ISO 9001 (quality management) or ISO 27001 (information security management).

  5. Can you provide a Certificate of Destruction? This provides documented evidence that material has been securely destroyed — essential for your compliance records.

  6. How is material handled before destruction? Ask about secure containers, collection procedures and storage arrangements.

  7. What shredding security level do you use? The appropriate level depends on the sensitivity of your material. DIN 66399 defines security levels from P-1 (basic) to P-7 (highest security).

Why This Matters for Your Organisation

Secure document destruction is not just about disposing of paper waste. It involves ensuring that information is destroyed in a way that prevents reconstruction, unauthorised access or misuse.

The consequences of getting this wrong can be severe. The ICO has issued significant fines to organisations — including NHS Trusts and local authorities — for failures in data disposal. Beyond financial penalties, a data breach involving improperly disposed documents can cause lasting reputational damage and loss of customer confidence.

Working with a professional provider that understands both the operational and regulatory aspects of data destruction helps demonstrate that your organisation takes its responsibilities seriously.

How ShredSec Can Help

At ShredSec, we provide confidential shredding services across Suffolk and East Anglia. Our approach to secure shredding is built on:

  • Vetted staff: All operatives are vetted to BS7858 standard
  • Secure processes: Documents are destroyed within 24 hours of collection
  • Full accountability: Every job receives a Certificate of Destruction for your compliance records
  • Flexible options: We offer both on-site shredding at your premises and off-site shredding at our secure facility
  • DIN Level 3 destruction: All documents are cross-cut shredded to prevent reconstruction

Whether you need regular scheduled collections or a one-off clearance, we can provide a solution that meets your security and compliance requirements.

Review Your Current Arrangements

If you have not reviewed your shredding arrangements recently, now is a good time to assess whether your current provider meets modern standards. The introduction of BS EN 15713:2023 and ongoing regulatory focus on data protection mean that arrangements put in place several years ago may no longer be adequate.

Contact ShredSec to discuss your requirements and request a free quote.

Published: December 2025

This article draws on guidance from the BSIA Information Destruction section and references the current BS EN 15713:2023 standard for secure destruction of confidential material.

Contact Shredsec to discuss your shredding requirements.

Ready to Get Started?

Contact us today for a free quote.

Request a Quote