Data Governance Across the Data Life Cycle

This chapter explains how data should be governed from creation through destruction. ISC uses this area to test whether you can connect data handling choices to integrity, privacy, retention, and assurance concerns.

In This Chapter

• Creation, Storage, Active Use, Archival, and Disposition of Data covers the full progression of data through its life cycle.
• Data Classification Levels and Metadata Management explains how data is categorized and described for control purposes.
• Policies for Data Retention and Destruction focuses on how organizations govern storage duration and disposal.

How to Use This Chapter

• Read this chapter when data-governance questions feel more policy-based than technical.
• Focus on how classification and life-cycle stage change control requirements.
• Revisit it whenever an ISC scenario turns on retention, disposition, or improper handling of information.

In this section

• Data Creation, Active Use, Archival, and Final Disposition Controls
  Data creation, active use, archival, and final disposition controls.
• Data Classification Levels, Sensitivity Tiers, and Metadata Management
  Data classification tiers and metadata management.
• Data Retention Schedules, Destruction Policies, and Compliance
  Data retention schedules, destruction policies, and compliance.