PR.DS-03

Does your organization have a formal process for managing data security throughout the lifecycle of assets, including their removal, transfer, and disposition?

Explanation

This question assesses whether your organization has established procedures to maintain data security when assets change hands or reach end-of-life. Proper asset management during these transition phases prevents unauthorized access to sensitive information and ensures compliance with data protection regulations. Evidence could include a documented asset management policy that specifically addresses secure data handling during removal, transfer, and disposition of assets. This might take the form of a formal procedure document outlining required steps for data wiping, certificate of destruction processes, chain of custody documentation for transfers, and verification protocols to ensure data security is maintained throughout these processes.

Context

Function: PR: PROTECT
Category: PR.DS: Data Security
Sub-Category: Assets are formally managed throughout removal, transfers, and disposition

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub