IVI Framework Viewer

Data Life Cycle Management

D3

Provide the security expertise and guidance to ensure that data throughout its life cycle is appropriately available, adequately preserved, and/or destroyed to meet business, regulatory, and/or other security requirements.

Improvement Planning

Practices-Outcomes-Metrics (POM)

Representative POMs are described for Data Life Cycle Management at each level of maturity.

1Initial
  • Practice
    Rely on the best endeavours of staff.
    Outcome
    The organization may behave on an ad hoc basis because staff may respond differently due to no documented processes or procedures and their differing levels of experience and traininig backgrounds.
    Metric
    # Customer in/consistency complaints/accalaids.
2Basic
  • Practice
    Establish a basic create, read, update, and delete (CRUD) cycle.
    Outcome
    There is increased likelihood of managing data in a consistent way.
    Metric
    % Data not accessed in the last 12-months that is still on-line # Business processes with associated data and information life cycles. # Business units with no defined data or information life cycles.
3Intermediate
  • Practice
    Create and utilize appropriate meta data to secure data at the various life cycles' stages through to removal. Provide VPN access so staff can access services from distributed locations. Implement access and transaction logging as appropriate.
    Outcome
    Meta data enables the security management of data across its life-cycles. VPNs enable staff to operate from remote locations securely. Access and transactions logs facilitate auditing and help validate the security policies and practices in place.
    Metric
    # Life cycles security reviewed # Life cycles not reviewed # Life cycles overdue a review # Audit processes not enabled by meta-data or logs
4Advanced
  • Practice
    Rigorously implement and manage the appropriate CRUD life cycles of data with appropriate security privacy that is context based on life cycle stage, time, size and other relevant contexts. Tag all data stores to reflect sensitivity and secrecy. Maintain data and information counts and allow replication only in permitted locations.
    Outcome
    Data and information are appropriately secured based on its life cycles' positions and the context in which it is at those states.
    Metric
    % Data and information life cycles reviewed for security purposes around context sensitivity. # Outstanding meta-data requests. # Unused or under-utilized data requests.
5Optimized
  • Practice
    Manage across the business ecosystem the appropriate CRUD life cycles of data being cognisant of context, based on life cycle state, time in current state, size and other relevant context criteria.
    Outcome
    Staff access to data is on a need to know basis and life cycle sensitive that is regularly reviewed for currency. Access and breaches are reviewed regularly to improve data and information security. Data and information protection is effective across the business ecosystem in a context sensitive manner.
    Metric
    % Data and information life cycles reviewed for security purposes around context sensitivity. # Outstanding meta-data requests. # Unused or under-utilized data requests. # External data sources and uses not reviewed