Content library
Digital security overview
63: Rakenteettoman tiedon tunnistaminen ja hallinta

How to fill the requirement

Digital security overview

63: Rakenteettoman tiedon tunnistaminen ja hallinta

Task name
Priority
Status
Theme
Policy
Other requirements
Documentation of personal data outside data systems
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Management of data sets
Management of data sets
requirements

Task is fulfilling also these other security requirements

5. Principles relating to processing of personal data
GDPR
8.1.1: Inventory of assets
ISO27 Full
5.9: Inventory of information and other associated assets
ISO27k1 Full
63: Rakenteettoman tiedon tunnistaminen ja hallinta
Sec overview
CC6.1a: Identification and listing of assets
SOC 2
1. Task description

Registrants have the same rights to their personal data, no matter in what form we store them. We need to be able to communicate processing and provide data subjects with access to personal data, whether on paper, in local files or in data systems.

We separately document personal data that is stored outside of data systems.

Minimization of information outside data systems
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Management of data sets
Management of data sets
requirements

Task is fulfilling also these other security requirements

32. Security of processing
GDPR
8.1.3: Acceptable use of assets
ISO27 Full
8.3.1: Management of removable media
ISO27 Full
9.4.4: Use of privileged utility programs
ISO27 Full
A.11.2: Restriction of the creation of hardcopy material
ISO 27018
1. Task description

A large amount of valuable information in an organization has often accumulated over time into hard-to-find and manageable unstructured data — excels, text documents, intranet pages, or emails.

Once this information has been identified, a determined effort can be made to minimize its amount.Important data outside data systems is subject to one of the following decisions:

  • move into a data system
  • get rid of (when the information is old, no longer necessary or otherwise irrelevant)
  • is kept in use and a responsible person is appointed to manage the risks
No items found.