Search
Updated on January 25, 2024

IT-14 Data Loss Prevention (DLP)

Estimated reading: 2 minutes 1137 views

What is IT-14 Data Loss Prevention (DLP) Control?

Data Loss Prevention (DLP) control ensures that your organization has implemented a process to make sure that employees are not sending sensitive information outside of the organization. There is no mandatory requirement on the type of DLP used (network DLP, endpoint DLP, or cloud DLP); the auditor wants to see the configuration settings for the type of DLP you have.

Available tools in the marketplace

The following listing is “crowdsourced” from our customer base or from external research. TrustCloud does not personally recommend any of the tools below, as we haven’t used them.

Tools
Trelix
Google cloud DLP

Available templates

TrustCloud has a curated list of templates, internally or externally sourced, to help you get started. Click on the link for a downloadable version:

  • N/A: No templates are available for this control

Control implementation

To implement this control,

You need to install a tool and provide the configuration settings of the tool to pass this control.

Use these best practices when configuring the tool:

  • Identify and control sensitive data. It’s important to know what critical information you want to control and not leave your organization.
  • Know where the data resides.
  • Set conditions for accessing the data and who can access it.
  • Set the actions to take in case of a security issue.

What evidence do auditors look for?

Most auditors, at a minimum, are looking for the below-suggested action:

  1. DLP configuration settings show the policies are enabled.
  2. DLP actions to take when something occurs
  3. A recent example of a DLP alert

Evidence example

For the suggested action, an example is provided below:

  1. DLP configuration settings show the policies are enabled.
    Source
    The following screenshot shows the enablement of policies.
    IT 14 Data Loss Prevention DLP 01
  2. DLP actions to take when something occurs.
    Source.
    The following screenshot shows incident report settings.
    IT 14 Data Loss Prevention DLP 02
  3. A recent example of a DLP alert.
    Source.
    The following screenshot shows the DLP alert.
    IT 14 Data Loss Prevention DLP 03

Join the conversation

ON THIS PAGE
SHARE THIS PAGE

SUBSCRIBE
FlightSchool
Trusty

Want to see how to turn GRC into a profit center?

Ready to save time and money on audits, pass security reviews faster, and manage enterprise-wide risk? Let’s talk! 

Learn More
TrustCommunity

The #1 Community for Security, Privacy, and GRC Professionals.

© 2024 TrustCloud Corporation. All rights reserved.
TrustCloud® and TrustOps® are registered trademarks of TrustCloud Corporation.

Facebook Linkedin Youtube Rss

Resources

Platform

TOPICS

ABOUT US

AICPA
Monitored by TrustCloud

💛 Joyfully Crafted to Elevate GRC Leaders into Trust Champions.

OR