DS11.2 Storage and Retention Arrangements
Implement procedures to govern data storage and retention. Ensure that business and security objectives as well as regulatory requirements are reflected in the procedures.
Illustrative Controls and the TIBCO LogLogic Solution
Organizations must have sound and comprehensive policies and procedures to govern the storage, retention, and archive of enterprise data. All relevant regulatory influences must be accounted for, and the data classification scheme should provide direct input to the implementation of associated access control and data handling procedures.
To satisfy this objective, organizations should ensure that an enterprise-wide data storage, retention, and handling policy has been documented and implemented, and that financial reporting systems are covered appropriately. Backup and restore operations should be proactively monitored to help ensure compliance with organizational policies, and hardware and storage errors should be acted upon immediately to facilitate the organization’s availability, storage, and retention requirements.