The Role of Shredding in Your Business Continuity and Disaster Recovery Plan

When businesses in New York start researching document shredding, one of the first questions that comes up is the difference between shredding cut types. Terms like “micro-cut,” “strip-cut,” and “cross-cut” appear on equipment listings and vendor brochures — but what do they actually mean, and why does it matter which type your shredding vendor uses? Understanding micro cut vs strip cut shredding is not just an academic exercise. The type of shredding determines how recoverable your documents are after destruction, and for many businesses, that distinction has direct legal and compliance implications.

This article explains the major shredding cut types, the DIN 66399 security levels that define them, which industries require which levels, and why the cut type your vendor uses should be part of your vendor selection criteria.

The Four Main Shredding Cut Types Explained

The shredding industry uses internationally recognized standards — most notably DIN 66399, a German standard widely adopted in the US — to classify shredding security levels based on the size of the output particles. There are seven security levels for paper (P-1 through P-7), but four cut types produce most of those levels:

1. Strip-cut (P-1, P-2): The simplest type of shredding. Documents are cut into long, narrow strips — typically between 5.8mm and 12mm wide. The full length of each strip is intact, which means the original document can potentially be reconstructed by anyone with patience and the right tools. Security researchers have demonstrated reconstruction of strip-cut documents in controlled settings.
2. Cross-cut (P-3, P-4): Also called “confetti cut,” cross-cut shredders cut both horizontally and vertically, producing small rectangular or diamond-shaped particles. This is a significant security improvement over strip-cut shredding, as reconstruction becomes exponentially more difficult. Most commercial shredding programs use cross-cut or better.
3. Micro-cut (P-5, P-6): Micro-cut shredders produce extremely small particles — approximately 2mm × 15mm or smaller depending on the specific machine. At this level, reconstruction of documents is considered practically impossible outside of a nation-state-level intelligence operation. P-5 is required for confidential commercial data; P-6 for secret data.
4. Particle-cut (P-7): The highest civilian security level. Particles are less than 1mm × 5mm. P-7 is required for top-secret government documents. Some commercial shredding vendors offer P-7 capability for clients with extreme security requirements.

Our process page explains the security levels we achieve with industrial shredding equipment.

Why Strip-Cut Shredding Is Not Sufficient for Business Documents

Despite being the most common type of shredding equipment sold to consumers and small offices, strip-cut shredders provide a false sense of security that can create serious vulnerabilities. The problem is straightforward: strip-cut shredded documents retain enough contextual information — account numbers in sequence, recognizable text fragments, partial signatures — that a motivated individual can reconstruct meaningful portions of the original.

Several notable incidents have illustrated this risk:

• In 2007, US government contractors used strip-cut shredded documents from the US Embassy in Tehran (seized during the 1979 hostage crisis) — documents that Iranian students painstakingly reconstructed by hand over years. Modern software can accomplish the same task in hours.
• Consumer advocacy groups have demonstrated that strip-cut shredded credit card statements, bank letters, and medical forms can be partially reconstructed using commercially available tools.
• Identity thieves have been caught with strip-cut shredded documents, suggesting they do attempt reconstruction when the potential reward justifies the effort.

For businesses handling any type of regulated data — financial records, healthcare information, employee data — strip-cut shredding almost certainly does not meet the applicable regulatory standard of “unreadable and unrecoverable.”

What Security Level Does Your Industry Actually Require?

Different industries have different risk profiles, and regulatory guidance often specifies minimum destruction standards. Here’s how security level requirements map to common industries:

• Healthcare (HIPAA): HIPAA requires that PHI be rendered “unreadable, indecipherable, and otherwise cannot be reconstructed.” This language points to cross-cut (P-3 minimum) or micro-cut (P-5 recommended), depending on sensitivity level.
• Financial services (GLBA, FACTA): The FACTA Disposal Rule requires that consumer information be destroyed in a way that it cannot be “practically reconstructed.” Cross-cut is the industry minimum; micro-cut is recommended for highly sensitive financial records.
• Legal (attorney-client privilege): No specific standard, but bar association guidance recommends destruction methods that make reconstruction impractical — cross-cut or micro-cut.
• Government and defense contractors: NSA/CSS EPL-listed equipment may be required, often at P-7 level for classified materials.
• General commercial (trade secrets, HR records): Cross-cut (P-3 to P-4) is generally sufficient for most business documents; micro-cut recommended for high-sensitivity records.

Review our compliance resources for more detail on regulatory destruction standards by industry.

Industrial Shredding vs. Office Shredders: The Size Difference Matters

Beyond cut type, the difference between industrial shredding trucks and office shredders is dramatic. A professional shredding company’s truck-mounted industrial shredder is capable of destroying thousands of pounds of documents per hour, shredding through staples, binder clips, and paper clips without stopping, and producing consistently small particles across the entire volume. An office shredder — even a well-maintained cross-cut model — will jam on heavier loads, degrade over time, and require constant supervision.

Industrial shredders used by certified vendors like New York Shredding achieve DIN 66399 P-4 to P-5 levels consistently, meaning every document that enters the shredder exits as particles small enough to be considered practically unrecoverable. Office shredders cannot offer this guarantee — and cannot offer documentation. Contact us to learn about our shredding equipment specifications.

The Role of Cut Type in Vendor Selection

When evaluating shredding vendors, cut type should be one of your standard questions. Ask:

• What DIN 66399 security level does your shredding achieve for paper documents?
• Is the cut type consistent across all your equipment, or does it vary?
• For highly sensitive documents (HR files, financial records, healthcare data), can you guarantee micro-cut output?
• Do you have documentation or certification of the security level your equipment achieves?

A vendor who cannot answer these questions clearly — or who defaults to “we shred your documents” without specifics — may be using lower-security equipment than your compliance obligations require. Explore our shredding services to learn about what New York Shredding uses and why it meets the most common commercial and regulatory security requirements.

Why New York Businesses Choose New York Shredding

For over a decade, New York Shredding Document Destruction, Inc. has helped businesses across New York City, Long Island, Westchester, and the Hudson Valley protect their sensitive information through certified, HIPAA-compliant shredding services. Our industrial-grade shredding equipment, locked on-site consoles, and Certificate of Destruction give your business the proof it needs for any compliance audit.

Whether you need scheduled shredding, a one-time purge, or hard drive destruction, we serve all five boroughs and surrounding areas with fast, reliable service. Request a free quote today and get your office on a shredding schedule that keeps you protected year-round.

Ready to get started? Contact New York Shredding for a free quote, or explore our full range of shredding services to find the right security level for your documents.