Search
Updated on January 24, 2024

DATA 25 – Data Lifecycle Management (DLM)

Estimated reading: 2 minutes 1199 views

What is DATA 25 – Data Lifecycle Management (DLM) Control?

Data lifecycle management (DLM) control is about tracking all the stages of the data life cycle. From creation to storage, use, sharing, archiving, and destruction, data must be tracked and documented all the way through the phases.

This continuous exercise results in increased efficiency and security and helps meet relevant data privacy laws. DLM helps mitigate potential risks related to data collection, storage, or transmission. By implementing DLM, your organization is better protected against ransomware, phishing, and other malicious attacks.

Any organization that handles sensitive, private data that’s subject to regulatory compliance should use DLM. If your business collects or stores information such as bank account numbers, contact information, healthcare-related data, etc., implementing DLM is critical.

Available tools in the marketplace

The following listing is “crowdsourced” from our customer base or from external research. TrustCloud does not personally recommend any of the tools below, because we haven’t personally used them.

 Tools
Qlick

Available templates

TrustCloud has a curated list of templates, internally or externally sourced, to help you get started. Click on the link for a downloadable version:

Control implementation

To implement this control,

A policy regarding the practice of managing data throughout its life is required to be documented. At a minimum, the policy should include:

  • Data types
  • Data flow map
  • Data storage
  • Data backup

Implement a process, manual or automated, to track all the phases. One way to do this is to track how information or data comes into the organization, which systems it passes through, and where it is stored.

What evidence is the auditor looking for?

Most auditors, at a minimum, are looking for the below-suggested action:

  1. Documented DLM policy
  2. DLM management tool

Evidence example

  1. For the suggested action, an example is provided below:
    The following screenshot shows a documented DLM policy (you can refer to template as well).
    DATA 25 Data Lifecycle Management
  2. Here is a link to an example of a DLM management report.

Join the conversation

ON THIS PAGE
SHARE THIS PAGE

SUBSCRIBE
FlightSchool
Trusty

Want to see how to turn GRC into a profit center?

Ready to save time and money on audits, pass security reviews faster, and manage enterprise-wide risk? Let’s talk! 

Learn More
TrustCommunity

The #1 Community for Security, Privacy, and GRC Professionals.

© 2024 TrustCloud Corporation. All rights reserved.
TrustCloud® and TrustOps® are registered trademarks of TrustCloud Corporation.

Facebook Linkedin Youtube Rss

Resources

Platform

TOPICS

ABOUT US

AICPA
Monitored by TrustCloud

💛 Joyfully Crafted to Elevate GRC Leaders into Trust Champions.

OR