Content library
Management of data sets
Archiving and destruction processes for data sets
Management of data sets
Management of data sets

Archiving and destruction processes for data sets

Start free trial

Task description

Archiving and destruction processes for data sets

Organization must document the retention periods for data sets and their possible archiving process (including archiving method, location or destruction). At the end of the retention period, the data must be archived or destroyed without delay in a secure manner.

When destroying data contained in data systems, the following points should be taken into account:

  • suitable method of destruction (e.g. overwriting, cryptographic erasure ) is chosen taking into account the functional and statutory requirements
  • the need to preserve evidence of data destruction is discussed
  • when using third parties for data destruction, the requirement of evidence and the inclusion of destruction requirements in supplier contracts are discussed

The process of archiving or destroying data is defined in connection with the documentation, and the owner of the data is responsible for its implementation.

Requirements connected to the task

15.7: Securely Decommission Service Providers
CIS 18 controls
3.2.1: Determine a strategy and guidelines for security monitoring
NSM ICT Security Principles (Norway)
3.2.7: Review the security relevant monitoring-data regularly and, if necessary, reconfigure the monitoring
NSM ICT Security Principles (Norway)
3.4: Tietoturvallinen arkistointi ja tuhoaminen
TiHL: Suositus tietoturvan vähimmäisvaatimuksista
3.4: Enforce Data Retention
CIS 18 controls
8.10: Information deletion
ISO 27001 (2022): Full
A.7.4.5: PII de-identification and deletion at the end of processing
ISO 27701
A.7.4.8: Disposal
ISO 27701
C1.2: Disposal of confidental information
SOC 2 (Systems and Organization Controls)
P4.3: Secure disposal of personal information
SOC 2 (Systems and Organization Controls)

Other tasks from the same security theme

Task name
Priority
Policy
Other requirements
Rules ensuring secure network data transfer
Critical
High
Normal
Low
Management of data sets
4
requirements

Examples of other requirements this task affects

5.1.2: Information transfer
TISAX
PR.AA-04: Identity assertions
NIST 2.0
PR.DS-02: Data-in-transit is protected
NIST 2.0
Article 35: Data, system and network security
DORA simplified RMF
See all related requirements and other information from tasks own page.
Go to >
Rules ensuring secure network data transfer
Personnel guidelines for file usage and local data
Critical
High
Normal
Low
Management of data sets
12
requirements

Examples of other requirements this task affects

7.2.2: Information security awareness, education and training
ISO 27001
11.2.9: Clear desk and clear screen policy
ISO 27001
6.6.4: Fyysisten tilojen, laitteiden ja tulosteiden turvallisuus
Omavalvontasuunnitelma
FYY-04: Tiedon säilytys
Julkri
5.10: Acceptable use of information and other associated assets
ISO 27001
See all related requirements and other information from tasks own page.
Go to >
Personnel guidelines for file usage and local data
Documentation of data sets for data stores
Critical
High
Normal
Low
Management of data sets
48
requirements

Examples of other requirements this task affects

Članak 30.1.i (Imovina): Upravljanja programskom i sklopovskom imovinom
NIS2 Croatia
2.4: Luokittelu ja turvallisuusluokittelu
TiHL tietoturvavaatimukset
3.1: Tietoaineistojen tietoturvallisuus
TiHL tietoturvavaatimukset
2.5: Riskienhallinta
TiHL tietoturvavaatimukset
9.5 §: Suojattavan omaisuuden hallinta
Kyberturvallisuuslaki
See all related requirements and other information from tasks own page.
Go to >
Documentation of data sets for data stores
Safe destruction of data
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

Article 35: Data, system and network security
DORA simplified RMF
See all related requirements and other information from tasks own page.
Go to >
Safe destruction of data
Process for secure information return or removal upon service termination
Critical
High
Normal
Low
Management of data sets
2
requirements

Examples of other requirements this task affects

5.3.3: Secure removal of IT assets from services
TISAX
GV.SC-10: Post-partnership activities in cybersecurity supply chain risk management plans
NIST 2.0
See all related requirements and other information from tasks own page.
Go to >
Process for secure information return or removal upon service termination
Tietoaineistojen tuhoaminen osana laitteiden elinkaaren hallintaa
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

3.4: Tietoturvallinen arkistointi ja tuhoaminen
TiHL tietoturvavaatimukset
See all related requirements and other information from tasks own page.
Go to >
Tietoaineistojen tuhoaminen osana laitteiden elinkaaren hallintaa
System to check trade report data
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

Article 10: Detection
DORA
See all related requirements and other information from tasks own page.
Go to >
System to check trade report data
Ei-sähköisten tietojen tuhoaminen (TL IV-TL II)
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

F-08.4: EI-SÄHKÖISTEN TIETOJEN TUHOAMINEN
Katakri 2020
See all related requirements and other information from tasks own page.
Go to >
Ei-sähköisten tietojen tuhoaminen (TL IV-TL II)
Designation of data set owners
Critical
High
Normal
Low
Management of data sets
11
requirements

Examples of other requirements this task affects

T07: Tietojen luokittelu
Katakri
13 §: Tietoaineistojen ja tietojärjestelmien tietoturvallisuus
TiHL
15 §: Tietoaineistojen turvallisuuden varmistaminen
TiHL
32. Security of processing
GDPR
8.1.2: Ownership of assets
ISO 27001
See all related requirements and other information from tasks own page.
Go to >
Designation of data set owners
Salassa pidettävää tietoa sisältävien tietoaineistojen hävittäminen (ST IV)
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

I19: Salassa pidettävää tietoa sisältävien tietoaineistojen hävittäminen
Katakri
See all related requirements and other information from tasks own page.
Go to >
Salassa pidettävää tietoa sisältävien tietoaineistojen hävittäminen (ST IV)
Salassa pidettävää tietoa sisältävien tietoaineistojen hävittäminen (ST III)
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

I19: Salassa pidettävää tietoa sisältävien tietoaineistojen hävittäminen
Katakri
See all related requirements and other information from tasks own page.
Go to >
Salassa pidettävää tietoa sisältävien tietoaineistojen hävittäminen (ST III)
Salassa pidettävää tietoa sisältävien tietoaineistojen hävittäminen (ST II)
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

I19: Salassa pidettävää tietoa sisältävien tietoaineistojen hävittäminen
Katakri
See all related requirements and other information from tasks own page.
Go to >
Salassa pidettävää tietoa sisältävien tietoaineistojen hävittäminen (ST II)
Salassa pidettävien tietojen käsittely fyysisesti suojattujen alueiden sisällä (ST IV)
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

I21: Fyysinen turvallisuus
Katakri
See all related requirements and other information from tasks own page.
Go to >
Salassa pidettävien tietojen käsittely fyysisesti suojattujen alueiden sisällä (ST IV)
Salassa pidettävien tietojen käsittely fyysisesti suojattujen alueiden sisällä (ST III-II)
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

I21: Fyysinen turvallisuus
Katakri
See all related requirements and other information from tasks own page.
Go to >
Salassa pidettävien tietojen käsittely fyysisesti suojattujen alueiden sisällä (ST III-II)
Documentation of assets inventories outside the ISMS
Critical
High
Normal
Low
Management of data sets
25
requirements

Examples of other requirements this task affects

Članak 30.1.i (Imovina): Upravljanja programskom i sklopovskom imovinom
NIS2 Croatia
9.5 §: Suojattavan omaisuuden hallinta
Kyberturvallisuuslaki
3.1.3: Management of supporting assets
TISAX
1.3.1: Identification of information assets
TISAX
30 § 3.9° (actifs): Gestion des actifs
NIS2 Belgium
See all related requirements and other information from tasks own page.
Go to >
Documentation of assets inventories outside the ISMS
Secure transfer of confidential data outside the organization
Critical
High
Normal
Low
Management of data sets
7
requirements

Examples of other requirements this task affects

A.11.6: Encryption of PII transmitted over public data-transmission networks
ISO 27018
TEK-16: Tiedon salaaminen
Julkri
PR.DS-2: Data-in-transit is protected.
CyberFundamentals
2.7.4: Use encryption when transferring confidential information or when trust in the information channel is low
NSM ICT-SP
14.4: Train Workforce on Data Handling Best Practices
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Secure transfer of confidential data outside the organization
Approval of data transfers outside the organization
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Approval of data transfers outside the organization
Limiting hard copy creation of material displaying personal data
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

A.11.2: Restriction of the creation of hardcopy material
ISO 27018
See all related requirements and other information from tasks own page.
Go to >
Limiting hard copy creation of material displaying personal data
Archiving and destruction processes for data sets
Critical
High
Normal
Low
Management of data sets
12
requirements

Examples of other requirements this task affects

PR.IP-6: Data destruction
NIST
A.7.4.5: PII de-identification and deletion at the end of processing
ISO 27701
A.7.4.8: Disposal
ISO 27701
8.10: Information deletion
ISO 27001
P4.3: Secure disposal of personal information
SOC 2
See all related requirements and other information from tasks own page.
Go to >
Archiving and destruction processes for data sets
Tietojen tuhoaminen pilvipalveluissa
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

TEK-21.2: Sähköisessä muodossa olevien tietojen tuhoaminen - pilvipalveluissa olevan tiedon tuhoaminen
Julkri
See all related requirements and other information from tasks own page.
Go to >
Tietojen tuhoaminen pilvipalveluissa
Tietojenkäsittely-ympäristön toimijoiden tunnistaminen (TL IV)
Critical
High
Normal
Low
Management of data sets
2
requirements

Examples of other requirements this task affects

TEK-08.4: Tietojenkäsittely-ympäristön toimijoiden tunnistaminen - TL IV
Julkri
I-07: MONITASOINEN SUOJAAMINEN – TIETOJENKÄSITTELY-YMPÄRISTÖN TOIMIJOIDEN TUNNISTAMINEN FYYSISESTI SUOJATUN TURVALLISUUSALUEEN SISÄLLÄ
Katakri 2020
See all related requirements and other information from tasks own page.
Go to >
Tietojenkäsittely-ympäristön toimijoiden tunnistaminen (TL IV)
Toisen viranomaisen laatimien sähköisten tietojen tuhoaminen (TL II)
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

TEK-21.4: Sähköisessä muodossa olevien tietojen tuhoaminen - toisen viranomaisen laatimat tiedot - TL II
Julkri
See all related requirements and other information from tasks own page.
Go to >
Toisen viranomaisen laatimien sähköisten tietojen tuhoaminen (TL II)
Measures for the storage of incoming information, information being processed and outgoing information
Critical
High
Normal
Low
Management of data sets
5
requirements

Examples of other requirements this task affects

PI1.5: Procedures for storing inputs, items in processing, and outputs in accordance with system spefications
SOC 2
3.4: Tietoturvallinen arkistointi ja tuhoaminen
TiHL tietoturvavaatimukset
5.2.4: Log management and analysis
TISAX
ID.AM-3: Organizational communication and data flows are mapped.
CyberFundamentals
3.14: Log Sensitive Data Access
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Measures for the storage of incoming information, information being processed and outgoing information
Access management for personal data in files and papers
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

9.2.5: Review of user access rights
ISO 27001
See all related requirements and other information from tasks own page.
Go to >
Access management for personal data in files and papers
Minimization of information outside data systems
Critical
High
Normal
Low
Management of data sets
7
requirements

Examples of other requirements this task affects

32. Security of processing
GDPR
8.1.3: Acceptable use of assets
ISO 27001
8.3.1: Management of removable media
ISO 27001
9.4.4: Use of privileged utility programs
ISO 27001
A.11.2: Restriction of the creation of hardcopy material
ISO 27018
See all related requirements and other information from tasks own page.
Go to >
Minimization of information outside data systems
Using data loss prevention policies
Critical
High
Normal
Low
Management of data sets
11
requirements

Examples of other requirements this task affects

18.1.2: Intellectual property rights
ISO 27001
18.1.3: Protection of records
ISO 27001
8.12: Data leakage prevention
ISO 27001
5.33: Protection of records
ISO 27001
C1.1: Identification and maintainment of confidental information
SOC 2
See all related requirements and other information from tasks own page.
Go to >
Using data loss prevention policies
IRM protection of files
Critical
High
Normal
Low
Management of data sets
0
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
IRM protection of files
Preventing downloads of confidential information on unsupported devices
Critical
High
Normal
Low
Management of data sets
2
requirements

Examples of other requirements this task affects

6.2.1: Mobile device policy
ISO 27001
13.2.1: Information transfer policies and procedures
ISO 27001
See all related requirements and other information from tasks own page.
Go to >
Preventing downloads of confidential information on unsupported devices
Blocking downloads of confidential information on external networks
Critical
High
Normal
Low
Management of data sets
2
requirements

Examples of other requirements this task affects

13.1.1: Network controls
ISO 27001
13.2.1: Information transfer policies and procedures
ISO 27001
See all related requirements and other information from tasks own page.
Go to >
Blocking downloads of confidential information on external networks
Documentation of personal data outside data systems
Critical
High
Normal
Low
Management of data sets
12
requirements

Examples of other requirements this task affects

Članak 30.1.i (Imovina): Upravljanja programskom i sklopovskom imovinom
NIS2 Croatia
9.5 §: Suojattavan omaisuuden hallinta
Kyberturvallisuuslaki
27.(d): Sistēmas un aktīvu pārvaldība
NIS2 Latvia
63: Rakenteettoman tiedon tunnistaminen ja hallinta
Digiturvan kokonaiskuvapalvelu
21.2.i (assets): Asset management
NIS2
See all related requirements and other information from tasks own page.
Go to >
Documentation of personal data outside data systems
Tietoaineistojen turvalliset säilytystilat
Critical
High
Normal
Low
Management of data sets
3
requirements

Examples of other requirements this task affects

15 §: Tietoaineistojen turvallisuuden varmistaminen
TiHL
3.1: Tietoaineistojen tietoturvallisuus
TiHL tietoturvavaatimukset
3.2: Toimitilaturvallisuus
TiHL tietoturvavaatimukset
See all related requirements and other information from tasks own page.
Go to >
Tietoaineistojen turvalliset säilytystilat

Never duplicate effort. Do it once - improve compliance across frameworks.

Reach multi-framework compliance in the simplest possible way
Security frameworks tend to share the same core requirements - like risk management, backup, malware, personnel awareness or access management.
Cyberday maps all frameworks’ requirements into shared tasks - one single plan that improves all frameworks’ compliance.
Do it once - we automatically apply it to all current and future frameworks.
Start free trial
Get to know Cyberday
Start your free trial
Cyberday is your all-in-one solution for building a secure and compliant organization. Whether you're setting up a cyber security plan, evaluating policies, implementing tasks, or generating automated reports, Cyberday simplifies the entire process.
With AI-driven insights and a user-friendly interface, it's easier than ever to stay ahead of compliance requirements and focus on continuous improvement.
Clear framework compliance plans
Activate relevant frameworks and turn them into actionable policies tailored to your needs.
Credible reports to proof your compliance
Use guided tasks to ensure secure implementations and create professional reports with just a few clicks.
AI-powered improvement suggestions
Focus on the most impactful improvements in your compliance with help from Cyberday AI.
Effortless compliance improvement
Widest framework library in EU
Extensive support

Start your compliance journey

Use in MS Teams or use your browser with Slack integration.
Risk free trial. No credit card required. Stop at any time.

Start free 14-day trial
Book a meeting
How it works?
SummarySecurity tasks and assuranceDocumentation workflowsEmployee guidelinesReporting templates
Use cases
By frameworkAll frameworksISO 27001NIS2 directiveNIST CSFCSA CCMISO 27701GDPRISO 27017ISO 27018
By methodCyber risk managementEmployee awarenessCompliance reportingControl managementAsset managementPrivacy managementVendor assessments
Resources
AcademyWebinarsBlogHelp articlesVideo coursesContent libraryGuidesNewsletterLeave a reviewPartner programTeamTerms of usePrivacy policy
Contact us
+358 10 231 6010
team@cyberday.ai
App works in:
Known in Finland as Digiturvamalli
© Cyberday Inc. Kalevantie 2 33100 Tampere, Finland
Cyberday.ai - Improve and certify your cyber security