Does iShredder comply with BSI TL-03423 (data erasure standard)? Is there a declaration of conformity?

Declaration of conformity for compliance with the BSI standards BSI-VSITR and BSI-2011-VS for Protectstar™ iShredder™

As of: March 5, 2025
Issued by: Protectstar Inc.

Introduction

Protectstar™ Inc. hereby issues a self-declaration of conformity for the data erasure solutions iShredder™ Android, iShredder™ iOS, iShredder™ Mac, iShredder™ Windows, and iShredder™ Windows Server with the requirements of the German Federal Office for Information Security (BSI). The iShredder™ product line is designed to perform secure, irreversible data erasure across various platforms and is aligned with internationally recognized erasure standards. In the German legal environment, the Technical Guideline BSI TL-03423 and the related BSI procedures are particularly relevant: BSI-VSITR and BSI-2011-VS.

Implemented erasure procedures according to BSI-VSITR and BSI-2011-VS

BSI-VSITR (8 rounds)

The procedure referred to in BSI TL-03423 as BSI-VSITR is based on the former VS-ITR rules and includes eight steps (overwrites) that must be carried out in sequence:

1. Overwrite with pattern FF (hex)
2. Overwrite with pattern 00 (hex): unambiguous marking of each sector for subsequent verification (for example sector number at the beginning of the sector)
3. Verification against the pattern from step 2
4. Overwrite with the inverse pattern of step 2 (one’s complement)
5. Overwrite with pattern 00 (hex)
6. Overwrite with pattern FF (hex)
7. Overwrite with pattern 00 (hex)
8. Overwrite with pattern AA (hex)

iShredder™ includes a corresponding option that performs these eight steps in exactly this order. In particular, the required verification and documentation tasks are fulfilled. This means iShredder™ meets the requirements of TL-03423 for the BSI-VSITR procedure for magnetic storage media.

BSI-2011-VS (5 steps)

BSI TL-03423 also defines a more modern procedure, BSI-2011-VS, which is essentially intended for all storage media (including magnetic hard drives, SSDs, and USB sticks). This involves five sequential steps:

1. Overwrite with a high-quality random pattern
2. Complete verification against the random pattern
3. (Enhanced) secure erase process, if supported by the storage medium; otherwise overwrite with a different data pattern than in step 1
4. Sample-based verification (at least 5% of sectors, including the MBR) and deletion of the key (K) used in RAM
5. Overwrite the MBR with 00 (hex)

iShredder™ implements this procedure under the name BSI-2011-VS, adheres to the sequence and data types of the overwrite patterns, and performs all required verification steps.
 

Technical implementation in iShredder™

The above-mentioned iShredder™ apps for Android, iOS, Mac, Windows, and Windows Server ensure bit-accurate overwriting of all selectable storage areas (files, partitions, free space, or entire drives) by implementing the relevant BSI algorithms in native code. This ensures that:

• Hidden areas (HPA/DCO) can be detected and included (where technically possible and selected).
• Write and read buffers are emptied to ensure that the data was actually written to the storage medium before proceeding to the next pass.
• A summary log of all erasure steps can be created on request (see next section).

The respective operating system (Android, iOS, macOS, Windows) is taken into account so that wear leveling (for flash/SSDs) or partition-specific characteristics (for Windows Server) are addressed precisely and in a legally compliant manner.
 

Detection, verification, and logging

iShredder™ detects relevant storage parameters (for example type, interface, capacity, manufacturer information) and can — depending on the edition — read additional information (for example reallocated sector count on magnetic disks). During and after the erase process, iShredder™ performs automatic verification and logs all steps:

Verification runs: Both in the BSI-VSITR procedure and in the BSI-2011-VS procedure, iShredder™ reads the storage medium again and checks either sampled areas or the full medium to verify that the written patterns were applied correctly.
Logging: A detailed erasure log is created containing the following information:

• Identification of the storage medium (manufacturer, serial number, interface)
• Selected erasure procedure including the passes and overwrite patterns used
• Number/position of faulty sectors, if present
• Date and time (start/end) of the erasure process
• Summary of the verification steps performed (including any errors)

Information about whether the secure erase function was activated or failed (for BSI-2011-VS)
 

Declaration of conformity according to BSI requirements

With this declaration, Protectstar™ Inc. confirms that all iShredder™ versions (Android, iOS, Mac, Windows, Windows Server) implement the required BSI standards BSI-VSITR and BSI-2011-VS and therefore meet the requirements of the Technical Guideline BSI TL-03423. This includes:

Complete overwriting of the storage medium with the defined bit patterns for eight passes (BSI-VSITR) or five passes (BSI-2011-VS).

Verification procedures that ensure the data was actually overwritten and that no residues remain.

Logging of all key information required by TL-03423 (storage-medium details, error statistics, methods used, etc.).

Support for different types of storage media, including conventional magnetic HDDs, SSDs, flash storage, and hybrid drives, while taking hardware differences into account (for example ATA Secure Erase and HPA/DCO).

Because this is a self-declaration, Protectstar™ Inc. assumes responsibility for the accuracy of these statements.
 

Summary and validity

This declaration applies to all current versions of the iShredder™ products listed above and relates exclusively to the erasure procedures defined in BSI TL-03423: BSI-VSITR (8-stage) and BSI-2011-VS (5-stage). If the BSI requirements or the implementation in iShredder™ change significantly, this self-declaration will be updated accordingly.


The current BSI declaration of conformity as a document can be requested in writing from our support team!