Theme » Security

Security has to do with having the right access control and auditing options matching the classification of the data and metadata. Furthermore, it concerns ensuring that only the right people, or machine processes, can see the right data at the right time.

Auditing is the ability to track who did what to some data and when. This can be access logs, registers with list of changes etc. If you are working with sensitive data, you might have some requirements for what you need to keep track of. Make sure that your processes and choice of system can support your need for auditing for your object.

Question to address when focusing on security:

  • What type of access control – if any – is necessary to secure your data?
  • Who is responsible for handling on- and off-boarding to the team, and making sure that only the right people have access?
  • Is there a policy for the team on how to handle data – e.g. making local copies?
  • Is all handling of data encrypted, e.g. moving data from one storage facility to another?
  • How is data erased? And can it be recovered?