Checklist to Ensure Data Security Steps Meet Compliance Requirements
Mark Hickman
Information Management
Whether it’s process, practice and/or technology, IT security is not something that should ever be put on the back burner, particularly with all of the data breaches of late.
Adding to that, with the ongoing and new security compliance regulations coming into force, data breaches present much more than data loss to a business. They bring significant financial and reputation implications as well.
So, what best practices can your organization implement to help secure your businesses’ data? Following is a recommended checklist:
1. Refresh/Realign/Recommit to Data Governance as Part of Corporate Strategy
To protect the data your organization holds, it is critical to follow a data governance model. There are four pillars to this: define, implement, enforce and revisit.
When defining your model, it’s essential to make the strategy simple. It should clearly outline the rules and regulations within the company as well as the regulations and compliances that affect your business. To help ensure the model is followed, it’s critical to secure board and C-suite buy-in at the outset, and establish internal committees to help with the process. Don’t forget to determine what granular control policies, persistent encryption, conversion needs, etc. are required to make this a success as well.
To implement this, you need to identify your encryption and key management solution and establish and apply identify and access control policies. When enforcing the data governance model, it’s key to track all of your data – live, cloned, replicated, deleted virtual machines, etc. – and know where it is at all times. Auditing and reporting procedures should be established, and all users should be trained on policies. Communication must be clear and regular.
With regards to revisiting the model, set a lifecycle for this and stick to it. There’s no better time than now to ensure your data governance model is relevant and aligned appropriately with your business and that it is agreed to and followed from the top down.
43