Data Life Cycle Management
Provide the security expertise and guidance to ensure that data throughout its life cycles is appropriately available, adequately preserved, and/or destroyed so that it meets business, regulatory, and/or other security requirements.
Improvement Planning
Practices-Outcomes-Metrics (POM)
Representative POMs are described for Data Life Cycle Management at each level of maturity.
- 2Basic
- Practice
- Begin to develop plans on integrating data security classifications, access rights, and roles with life cycle states.
- Outcome
- There is growing awareness of who is authorized to transition data and information from one life cycle state to another.
- 3Intermediate
- Practices
- Analyse all core business life cycles and map them to data security classifications, access rights, and roles.
- Develop guidelines for managing data and information security throughout most life cycles.
- Implement the guidelines for all new life cycles and establish a retrofit programme to address legacy systems.
- Outcome
- The security of data and information is appropriately managed throughout most life cycles.
- Metric
- % of data life cycles reviewed for security.
- 4Advanced
- Practice
- Develop and follow comprehensive guidelines for managing the security of life cycle states and life cycle state transitions for all datasets.
- Outcome
- The security of data and information is appropriately managed throughout all life cycle states and life cycle state transitions.
- Metric
- % of data life cycles reviewed for security.
- 5Optimized
- Practice
- Continually update the guidelines for managing the security of data and information throughout its life cycles based on the latest security industry guidelines, vendor advocacy, and emerging security concepts from research.
- Outcome
- Data life cycle management practices are industry leading.
- Metrics
- Frequency of review.
- # of updates to the guidelines per time period.