GRM-02: Data Focus Risk Assessments

PF v1.0 References:

Warning icon.

Control is withdrawn in the next version of this control set and incorporated into: DSP-10: Sensitive Data Transfer, DSP-16: Data Retention and Deletion.

Control Statement

Risk assessments associated with data governance requirements shall be conducted at planned intervals and shall consider the following:

  • Awareness of where sensitive data is stored and transmitted across applications, databases, servers, and network infrastructure
  • Compliance with defined retention periods and end-of-life disposal requirements
  • Data classification and protection from unauthorized use, access, loss, destruction, and falsification

[ Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.