Securely dispose of data as outlined in the enterprise’s data management process. Ensure the disposal process and method are commensurate with the data sensitivity.
| Asset Type | Security Function | Implementation Groups |
|---|---|---|
| Data | Protect | 1, 2, 3 |
- Safeguard 3.1: Establish and Maintain a Data Management Process
- Safeguard 3.2: Establish and Maintain a Data Inventory
GV16: Data disposal requirement portion of data management processGV11: Portion of data management process addressing data sensitivityGV17: Count of Sensitive data typesGV12: Sensitive Data Inventory
- For each sensitive data type covered in
GV17 - Identify and enumerate each type has a disposal method and process as defined by
GV16(M2) - Identify and enumerate each type that does not have a disposal method and process as defined by
GV16(M3)
- Identify and enumerate each type has a disposal method and process as defined by
- For each sensitive data type covered in
- For each item in
GV12`determine wether they data complies with the disposal requirements outlined in :code:`GV17 - Enumerate data that does not comply with disposal requirements (M4)
- Enumerate data that complies with disposal requirements (M5)
- For each item in
- M1 =
GV17 - M2 = Count of sensitive data types with an outlined disposal method
- M3 = Count of sensitive data types witouth an outlined disposal method
- M4 = Count of data in inventory that does not comply with disposal requirement
- M5 = Count of data in inventory that complies with disposal requirement
- M6 = Count of items in
GV12
- If
GV16is 0, this safeguard receives a failing score. The other metrics don't apply.
| Metric | The percentage of data sensitivity types that contain a disposal method and process |
| Calculation | M2 / M1 |
| Metric | The percentage of compliance to the data disposal process |
| Calculation | M5 / M6 |