Is iShredder BSI TL-03423 (Data Erasure Standard) compliant? Do you have a Conformity?

Declaration of Conformity with the BSI Standards BSI-VSITR and BSI-2011-VS for Protectstar™ iShredder™

Status as of March 5, 2025
Issued by: Protectstar Inc.

Introduction

Protectstar™ Inc. hereby issues a self-declaration regarding the compliance of the iShredder™ data erasure solutions for Android, iOS, Mac, Windows, and Windows Server with the requirements of the German Federal Office for Information Security (BSI). The iShredder™ product line is designed to perform secure, irrevocable data erasure on various platforms, following internationally recognized erasure standards. In the German legal framework, the primary references are the Technical Guideline BSI TL-03423 and the associated BSI procedures: BSI-VSITR and BSI-2011-VS.
 

Implemented Erasure Methods According to BSI-VSITR and BSI-2011-VS

BSI-VSITR (8 Passes)

Under BSI TL-03423, the procedure referred to as BSI-VSITR is based on the former VS-ITR regulations and comprises eight consecutive steps (overwrites):

1. Overwrite with pattern FF (hex)
2. Overwrite with pattern 00 (hex): Uniquely label each sector for subsequent verification (e.g., sector number at the beginning of the sector)
3. Verify against the pattern from step 2
4. Overwrite with the inverse pattern of step 2 (one’s complement)
5. Overwrite with pattern 00 (hex)
6. Overwrite with pattern FF (hex)
7. Overwrite with pattern 00 (hex)
8. Overwrite with pattern AA (hex)

In iShredder™, a corresponding option executes these eight steps in exactly this order. In particular, the required verification and documentation tasks are carried out. Accordingly, iShredder™ meets the specifications of TL-03423 for the BSI-VSITR procedure for magnetic storage media.

BSI-2011-VS (5 Steps)

In addition, BSI TL-03423 outlines a more modern procedure, BSI-2011-VS, which is essentially intended for all storage media (including magnetic hard drives, SSDs, USB flash drives). Five sequential steps are performed:

1. Overwrite with high-quality random data
2. Full verification against the random data
3. (Enhanced) Secure Erase process, if supported by the storage device; otherwise overwrite with a different data pattern (different from step 1)
4. Random-sample verification (at least 5% of sectors, including MBR) and deletion of the key (K) from RAM
5. Overwrite the MBR with 00 (hex)

iShredder™ implements this procedure under the name BSI-2011-VS, adheres to the sequence and data types of the overwrite patterns, and performs all required verification steps.

 

Technical Implementation in iShredder™

The aforementioned iShredder™ apps for Android, iOS, Mac, Windows, and Windows Server ensure bit-precise overwriting of all selected storage areas (files, partitions, free space, or entire drives) by implementing the respective BSI algorithms in native code. This guarantees:

• Hidden areas (HPA/DCO) can be detected and included (if technically feasible and selected).
• Write and read buffers are flushed to ensure data is actually written to the storage medium before proceeding to the next pass.
• A summary log of all erasure steps can be generated upon request (see next section).

The specific operating system (Android, iOS, macOS, Windows) is taken into account so that wear-leveling (for flash/SSD) or partition specifics (for Windows Server) are addressed appropriately and in compliance with legal requirements.
 

Detection, Verification, and Logging

iShredder™ detects relevant storage medium parameters (e.g., type, interface, capacity, manufacturer information) and, depending on the edition, can retrieve additional details (e.g., reallocated sector count for magnetic disks). During and after the erasure process, iShredder™ performs automatic verification and logs all steps:

Verification runs: For both the BSI-VSITR and BSI-2011-VS procedures, iShredder™ re-reads the storage medium and checks randomly or comprehensively if the written patterns have been correctly applied.
Logging: A detailed erasure report is generated, containing the following information:

• Identification of the storage medium (manufacturer, serial number, interface)
• Selected erasure procedure with details on the passes and overwrite patterns
• Number/position of any defective sectors, if present
• Date and time (start/end) of the erasure process
• Summary of the verifications performed (including errors)
• Notes on activated or failed Secure Erase function (for BSI-2011-VS)
   

Declaration of Conformity According to BSI Requirements

By means of this declaration, Protectstar™ Inc. confirms that all versions of iShredder™ (Android, iOS, Mac, Windows, Windows Server) implement the required BSI standards BSI-VSITR and BSI-2011-VS and thus fulfill the requirements of Technical Guideline BSI TL-03423. This includes:

• Complete overwriting of the storage medium with the defined bit patterns for eight passes (BSI-VSITR) or five passes (BSI-2011-VS).
• Verification processes to ensure that data is actually overwritten and no remnants are left behind.
• Logging of all essential information required by TL-03423 (storage medium details, error statistics, methods used, etc.).
• Support for various storage media types, including conventional magnetic HDDs, SSDs, flash storage, and hybrid drives, taking into account hardware differences (e.g., ATA Secure Erase, HPA/DCO).

Since this is a self-declaration, Protectstar™ Inc. assumes responsibility for the accuracy of these statements.

Summary and Validity

This declaration applies to all current versions of the above-mentioned iShredder™ products and refers exclusively to the erasure procedures defined in BSI TL-03423: BSI-VSITR (8-pass) and BSI-2011-VS (5-pass). Should the BSI requirements or the iShredder™ implementation change significantly, this self-declaration will be updated accordingly.