GRM-02: Data Focus Risk Assessments

PF v1.0 References:

Control Statement

Risk assessments associated with data governance requirements shall be conducted at planned intervals and shall consider the following:

  • Awareness of where sensitive data is stored and transmitted across applications, databases, servers, and network infrastructure
  • Compliance with defined retention periods and end-of-life disposal requirements
  • Data classification and protection from unauthorized use, access, loss, destruction, and falsification