Securely dispose of data as outlined in the enterprise’s data management process. Ensure the disposal process and method are commensurate with the data sensitivity.
Asset Type | Security Function | Implementation Groups |
---|---|---|
Data | Protect | 1, 2, 3 |
- Safeguard 3.1: Establish and Maintain a Data Management Process
- Safeguard 3.2: Establish and Maintain a Data Inventory
GV16
: Data disposal requirement portion of data management processGV11
: Portion of data management process addressing data sensitivityGV17
: Count of Sensitive data typesGV12
: Sensitive Data Inventory
- For each sensitive data type covered in
GV17
- Identify and enumerate each type has a disposal method and process as defined by
GV16
(M2) - Identify and enumerate each type that does not have a disposal method and process as defined by
GV16
(M3)
- Identify and enumerate each type has a disposal method and process as defined by
- For each sensitive data type covered in
- For each item in
GV12`determine wether they data complies with the disposal requirements outlined in :code:`GV17
- Enumerate data that does not comply with disposal requirements (M4)
- Enumerate data that complies with disposal requirements (M5)
- For each item in
- M1 =
GV17
- M2 = Count of sensitive data types with an outlined disposal method
- M3 = Count of sensitive data types witouth an outlined disposal method
- M4 = Count of data in inventory that does not comply with disposal requirement
- M5 = Count of data in inventory that complies with disposal requirement
- M6 = Count of items in
GV12
- If
GV16
is 0, this safeguard receives a failing score. The other metrics don't apply.
Metric | The percentage of data sensitivity types that contain a disposal method and process |
Calculation | M2 / M1 |
Metric | The percentage of compliance to the data disposal process |
Calculation | M5 / M6 |