Docy Child

DATA-16 Data Retention

Estimated reading: 1 minute 659 views

What is this control about?

Data retention is the storing of data for a specified period.  A policy must be documented to define how the organization saves data for compliance and regulatory purposes.

Available tools in the marketplace

Tools:
 No tools recommendation for this section

Available templates

TrustCloud has a curated list of templates internally or externally sourced to help you get started. Click on the link for a downloadable version:

  • Data Retention policy template from SANS Institute (SysAdmin, Audit, Network and Security)

Control implementation

Document a process that describe the type of data and retention period

Implement configuration settings to enforce the documented retention period on your systems.

What evidence do auditors look for?

Most auditors, at a minimum are looking for the below suggested action:

  • Provide the most recent data retention process
  • Provide screenshot of the configuration settings demonstrating the retention period

Evidence example

From the suggested action above, an example is provided below.

1.    Provide the most recent data retention process.

TrustCloud example shows the data type, retention and disposal process

DATA 16 screenshot1

 

2. Provide screenshot of the configuration settings demonstrating the retention period. 

Example demonstrating the retention period:

Google search

DATA 16 screenshot2

Join the conversation

ON THIS PAGE
SUBSCRIBE
FlightSchool
SHARE THIS ARTICLE
Twitter Facebook LinkedIn

❤️  Joyfully crafted by a 100% distributed team.