IVI Framework Viewer

Data Life Cycle Management

C3

Provide the security expertise and guidance to ensure that data throughout its life cycles is appropriately available, adequately preserved, and/or destroyed so that it meets business, regulatory, and/or other security requirements.

Improvement Planning

Practices-Outcomes-Metrics (POM)

Representative POMs are described for Data Life Cycle Management at each level of maturity.

2Basic
  • Practice
    Begin to develop plans on integrating data security classifications, access rights, and roles with life cycle states.
    Outcome
    There is growing awareness of who is authorized to transition data and information from one life cycle state to another.
3Intermediate
  • Practices
    • Analyse all core business life cycles and map them to data security classifications, access rights, and roles.
    • Develop guidelines for managing data and information security throughout most life cycles.
    • Implement the guidelines for all new life cycles and establish a retrofit programme to address legacy systems.
    Outcome
    The security of data and information is appropriately managed throughout most life cycles.
    Metric
    % of data life cycles reviewed for security.
4Advanced
  • Practice
    Develop and follow comprehensive guidelines for managing the security of life cycle states and life cycle state transitions for all datasets.
    Outcome
    The security of data and information is appropriately managed throughout all life cycle states and life cycle state transitions.
    Metric
    % of data life cycles reviewed for security.
5Optimized
  • Practice
    Continually update the guidelines for managing the security of data and information throughout its life cycles based on the latest security industry guidelines, vendor advocacy, and emerging security concepts from research.
    Outcome
    Data life cycle management practices are industry leading.
    Metrics
    • Frequency of review.
    • # of updates to the guidelines per time period.