Documentation of data sets for data stores


The organization shall maintain a list of data sets contained in the data stores it manages.

The documentation shall include at least the following information:

  • Data systems and other means used to process the data sets
  • Key categories of data in the data set (and whether it contains personal data)
  • Data retention period (discussed in more detail in a separate task)
  • Information on archiving / disposal of data (discussed in more detail in a separate task)
Connected other frameworks and requirements:
5. Principles relating to processing of personal data
6. Lawfulness of processing
8.1.1: Inventory of assets
ISO 27001
18.1.3: Protection of records
ISO 27001
4 luku, 13 §: Tietoaineistojen ja tietojärjestelmien tietoturvallisuus
No items found.