Data Life Cycle Management
Provide the security expertise and guidance to ensure that data throughout its life cycle is appropriately available, adequately preserved, and/or destroyed to meet business, regulatory, and/or other security requirements.
Improvement Planning
Practices-Outcomes-Metrics (POM)
Representative POMs are described for Data Life Cycle Management at each level of maturity.
- 1Initial
- Practice
- Rely on the best endeavours of staff.
- Outcome
- The organization may behave on an ad hoc basis because staff may respond differently due to no documented processes or procedures and their differing levels of experience and traininig backgrounds.
- Metric
- # Customer in/consistency complaints/accalaids.
- 2Basic
- Practice
- Establish a basic create, read, update, and delete (CRUD) cycle.
- Outcome
- There is increased likelihood of managing data in a consistent way.
- Metric
- % Data not accessed in the last 12-months that is still on-line # Business processes with associated data and information life cycles. # Business units with no defined data or information life cycles.
- 3Intermediate
- Practice
- Create and utilize appropriate meta data to secure data at the various life cycles' stages through to removal. Provide VPN access so staff can access services from distributed locations. Implement access and transaction logging as appropriate.
- Outcome
- Meta data enables the security management of data across its life-cycles. VPNs enable staff to operate from remote locations securely. Access and transactions logs facilitate auditing and help validate the security policies and practices in place.
- Metric
- # Life cycles security reviewed # Life cycles not reviewed # Life cycles overdue a review # Audit processes not enabled by meta-data or logs
- 4Advanced
- Practice
- Rigorously implement and manage the appropriate CRUD life cycles of data with appropriate security privacy that is context based on life cycle stage, time, size and other relevant contexts. Tag all data stores to reflect sensitivity and secrecy. Maintain data and information counts and allow replication only in permitted locations.
- Outcome
- Data and information are appropriately secured based on its life cycles' positions and the context in which it is at those states.
- Metric
- % Data and information life cycles reviewed for security purposes around context sensitivity. # Outstanding meta-data requests. # Unused or under-utilized data requests.
- 5Optimized
- Practice
- Manage across the business ecosystem the appropriate CRUD life cycles of data being cognisant of context, based on life cycle state, time in current state, size and other relevant context criteria.
- Outcome
- Staff access to data is on a need to know basis and life cycle sensitive that is regularly reviewed for currency. Access and breaches are reviewed regularly to improve data and information security. Data and information protection is effective across the business ecosystem in a context sensitive manner.
- Metric
- % Data and information life cycles reviewed for security purposes around context sensitivity. # Outstanding meta-data requests. # Unused or under-utilized data requests. # External data sources and uses not reviewed