Data

Decentralised and Ad Hoc Management: Data management is largely uncoordinated and informal, with limited organisational oversight of data storage locations and types.

Team-Based Documentation and Manual Policy Adherence: Each team documents the data they handle, including its schema and sensitivity. Compliance with organisational data policies is managed manually by individual teams.

Inventoried and Classified Data: An inventory of data, created manually or via scanning tools, exists. Data is classified by type (e.g., PII, card data), sensitivity, and regulatory requirements (e.g., retention, location).

Reviewed and Partially Documented Data Understanding: There’s a comprehensive understanding of data location, classification, and sensitivity, with regular compliance reviews. Data lineage is generally understood but not consistently documented.

Advanced Data Catalog and Lineage Tracking: A detailed data catalog exists, encompassing data types and metadata. It includes a user-friendly glossary, quality metrics, use cases, and thorough tracking of data lineage.

Organisation-Level Policy Awareness: Data retention policies are defined at the organisation level, and all projects/programs are aware of their specific responsibilities.

Compliance Attestation by Projects: Projects and programs are not only aware but also required to formally attest their compliance with the data retention policies.

Regular Audits and Reviews: Data retention practices are periodically audited and reviewed for compliance, with findings addressed through action plans.

Inclusion in Risk Management: Edge cases and exceptions in data retention are specifically identified and managed within the organisation’s risk register.

Automated Enforcement with Cloud Tools: Data retention is actively monitored and enforced using native cloud services and tools, ensuring adherence to policies through automation.