Requirement

Management of data sets

Oh no! No description found. But not to worry. Read from Tasks below how to advance this topic.

Fulfill this requirement by completing the tasks below ->
Management of data sets
This requirement is part of the framework:  

Other requirements of the framework

No items found.
0
Management of data sets
No items found.
Management of data sets
Best practices
How to implement:
Management of data sets
This policy on
Management of data sets
provides a set concrete tasks you can complete to secure this topic. Follow these best practices to ensure compliance and strengthen your overall security posture.
Read below what concrete actions you can take to improve this ->
Management of data sets
Management of data sets
Frameworks that include requirements for this topic:
Lov om digital sikkerhet (Norge)
Sikkerhetsloven (Norge)
Säkerhetsskyddslagen (Sverige)
Cybersikkerhedsloven (Danmark)
Avviż Legali 71 tal-2025 (Malta)
Закон за прилагане на NIS2 (България)

How to improve security around this topic

In Cyberday, requirements and controls are mapped to universal tasks. A set of tasks in the same topic create a Policy, such as this one.

Here's a list of tasks that help you improve your information and cyber security related to
Management of data sets
Task name
Priority
Task completes
Complete these tasks to increase your compliance in this policy.
Critical
31 requirements
Rules ensuring secure network data transfer
Critical
High
Normal
Low
5
requirements
Management of data sets
Management of data sets

Rules ensuring secure network data transfer

This task helps you comply with the following requirements

5.1.2: Information transferTISAX
PR.AA-04: Identity assertionsNIST 2.0
PR.DS-02: Data-in-transit is protectedNIST 2.0
Article 35: Data, system and network securityDORA simplified RMF
Personnel guidelines for file usage and local data
Critical
High
Normal
Low
12
requirements
Management of data sets
Management of data sets

Personnel guidelines for file usage and local data

This task helps you comply with the following requirements

7.2.2: Information security awareness, education and trainingISO 27001
11.2.9: Clear desk and clear screen policyISO 27001
6.6.4: Fyysisten tilojen, laitteiden ja tulosteiden turvallisuusOmavalvontasuunnitelma
FYY-04: Tiedon säilytysJulkri
5.10: Acceptable use of information and other associated assetsISO 27001
8.12: Data leakage preventionISO 27001
CC6.5: Discontinuation of logical physical protections when no longer requiredSOC 2
T-04: TURVALLISUUSOHJEISTUSKatakri 2020
1.3.2: Classification of information assetsTISAX
9.7.2: Employee data protection trainingTISAX
Documentation of data sets for data stores
Critical
High
Normal
Low
66
requirements
Management of data sets
Management of data sets

Documentation of data sets for data stores

This task helps you comply with the following requirements

Članak 30.1.i (Imovina): Upravljanja programskom i sklopovskom imovinomNIS2 Croatia
2.4: Luokittelu ja turvallisuusluokitteluTiHL tietoturvavaatimukset
3.1: Tietoaineistojen tietoturvallisuusTiHL tietoturvavaatimukset
2.5: RiskienhallintaTiHL tietoturvavaatimukset
9.5 §: Suojattavan omaisuuden hallintaKyberturvallisuuslaki
9.3.1: Data processing activities managementTISAX
1.3.1: Identification of information assetsTISAX
13 §: Tietoaineistojen ja tietojärjestelmien tietoturvallisuusTiHL
15 §: Tietoaineistojen turvallisuuden varmistaminenTiHL
30 § 3.9° (actifs): Gestion des actifsNIS2 Belgium
Information to market surveillance authorities
Critical
High
Normal
Low
1
requirements
Management of data sets
Management of data sets

Information to market surveillance authorities

This task helps you comply with the following requirements

Article 23: Identification of economic operatorsCRA
Keeping documentation available after release
Critical
High
Normal
Low
1
requirements
Management of data sets
Management of data sets

Keeping documentation available after release

This task helps you comply with the following requirements

Article 13.18: Information and instructionsCRA
Voluntary vulnerability notifications
Critical
High
Normal
Low
1
requirements
Management of data sets
Management of data sets

Voluntary vulnerability notifications

This task helps you comply with the following requirements

Article 15.1: Vulnerability reportingCRA
Organizing long-term records retrieval
Critical
High
Normal
Low
1
requirements
Management of data sets
Management of data sets

Organizing long-term records retrieval

This task helps you comply with the following requirements

No items found.
Auditing the information and documentation management process
Critical
High
Normal
Low
1
requirements
Management of data sets
Management of data sets

Auditing the information and documentation management process

This task helps you comply with the following requirements

No items found.
Clear desk and monitors policy
Critical
High
Normal
Low
1
requirements
Management of data sets
Management of data sets

Clear desk and monitors policy

This task helps you comply with the following requirements

No items found.
Information Protection and Secure Data Exchange
Critical
High
Normal
Low
1
requirements
Management of data sets
Management of data sets

Information Protection and Secure Data Exchange

This task helps you comply with the following requirements

No items found.
Use of correct and valid medical code sets
Critical
High
Normal
Low
2
requirements
Management of data sets
Management of data sets

Use of correct and valid medical code sets

This task helps you comply with the following requirements

No items found.
Limited data set usage and agreements
Critical
High
Normal
Low
1
requirements
Management of data sets
Management of data sets

Limited data set usage and agreements

This task helps you comply with the following requirements

No items found.
Documentation maintenance and six-year retention rule (HIPAA)
Critical
High
Normal
Low
4
requirements
Management of data sets
Management of data sets

Documentation maintenance and six-year retention rule (HIPAA)

This task helps you comply with the following requirements

No items found.
Use of standard transactions
Critical
High
Normal
Low
1
requirements
Management of data sets
Management of data sets

Use of standard transactions

This task helps you comply with the following requirements

No items found.
Rules for the use of nonmedical standard code sets
Critical
High
Normal
Low
1
requirements
Management of data sets
Management of data sets

Rules for the use of nonmedical standard code sets

This task helps you comply with the following requirements

No items found.
Safe destruction of data
Critical
High
Normal
Low
3
requirements
Management of data sets
Management of data sets

Safe destruction of data

This task helps you comply with the following requirements

Article 13.1(.2.m): Removing dataCRA
Article 35: Data, system and network securityDORA simplified RMF
Process for secure information return or removal upon service termination
Critical
High
Normal
Low
3
requirements
Management of data sets
Management of data sets

Process for secure information return or removal upon service termination

This task helps you comply with the following requirements

5.3.3: Secure removal of IT assets from servicesTISAX
GV.SC-10: Post-partnership activities in cybersecurity supply chain risk management plansNIST 2.0
Tietoaineistojen tuhoaminen osana laitteiden elinkaaren hallintaa
Critical
High
Normal
Low
1
requirements
Management of data sets
Management of data sets

Tietoaineistojen tuhoaminen osana laitteiden elinkaaren hallintaa

This task helps you comply with the following requirements

3.4: Tietoturvallinen arkistointi ja tuhoaminenTiHL tietoturvavaatimukset
System to check trade report data
Critical
High
Normal
Low
1
requirements
Management of data sets
Management of data sets

System to check trade report data

This task helps you comply with the following requirements

Article 10: DetectionDORA
Ei-sähköisten tietojen tuhoaminen (TL IV-TL II)
Critical
High
Normal
Low
1
requirements
Management of data sets
Management of data sets

Ei-sähköisten tietojen tuhoaminen (TL IV-TL II)

This task helps you comply with the following requirements

F-08.4: EI-SÄHKÖISTEN TIETOJEN TUHOAMINENKatakri 2020
Designation of data set owners
Critical
High
Normal
Low
12
requirements
Management of data sets
Management of data sets

Designation of data set owners

This task helps you comply with the following requirements

T07: Tietojen luokitteluKatakri
13 §: Tietoaineistojen ja tietojärjestelmien tietoturvallisuusTiHL
15 §: Tietoaineistojen turvallisuuden varmistaminenTiHL
32. Security of processingGDPR
8.1.2: Ownership of assetsISO 27001
18.1.3: Protection of recordsISO 27001
5.33: Protection of recordsISO 27001
T-08: TIETOJEN LUOKITTELUKatakri 2020
2.4: Luokittelu ja turvallisuusluokitteluTiHL tietoturvavaatimukset
3.1: Tietoaineistojen tietoturvallisuusTiHL tietoturvavaatimukset
Salassa pidettävää tietoa sisältävien tietoaineistojen hävittäminen (ST IV)
Critical
High
Normal
Low
1
requirements
Management of data sets
Management of data sets

Salassa pidettävää tietoa sisältävien tietoaineistojen hävittäminen (ST IV)

This task helps you comply with the following requirements

I19: Salassa pidettävää tietoa sisältävien tietoaineistojen hävittäminenKatakri
Salassa pidettävää tietoa sisältävien tietoaineistojen hävittäminen (ST III)
Critical
High
Normal
Low
1
requirements
Management of data sets
Management of data sets

Salassa pidettävää tietoa sisältävien tietoaineistojen hävittäminen (ST III)

This task helps you comply with the following requirements

I19: Salassa pidettävää tietoa sisältävien tietoaineistojen hävittäminenKatakri
Salassa pidettävää tietoa sisältävien tietoaineistojen hävittäminen (ST II)
Critical
High
Normal
Low
1
requirements
Management of data sets
Management of data sets

Salassa pidettävää tietoa sisältävien tietoaineistojen hävittäminen (ST II)

This task helps you comply with the following requirements

I19: Salassa pidettävää tietoa sisältävien tietoaineistojen hävittäminenKatakri
Salassa pidettävien tietojen käsittely fyysisesti suojattujen alueiden sisällä (ST IV)
Critical
High
Normal
Low
1
requirements
Management of data sets
Management of data sets

Salassa pidettävien tietojen käsittely fyysisesti suojattujen alueiden sisällä (ST IV)

This task helps you comply with the following requirements

I21: Fyysinen turvallisuusKatakri
Salassa pidettävien tietojen käsittely fyysisesti suojattujen alueiden sisällä (ST III-II)
Critical
High
Normal
Low
1
requirements
Management of data sets
Management of data sets

Salassa pidettävien tietojen käsittely fyysisesti suojattujen alueiden sisällä (ST III-II)

This task helps you comply with the following requirements

I21: Fyysinen turvallisuusKatakri
Documentation of assets inventories outside the ISMS
Critical
High
Normal
Low
38
requirements
Management of data sets
Management of data sets

Documentation of assets inventories outside the ISMS

This task helps you comply with the following requirements

Članak 30.1.i (Imovina): Upravljanja programskom i sklopovskom imovinomNIS2 Croatia
9.5 §: Suojattavan omaisuuden hallintaKyberturvallisuuslaki
3.1.3: Management of supporting assetsTISAX
1.3.1: Identification of information assetsTISAX
30 § 3.9° (actifs): Gestion des actifsNIS2 Belgium
ID.AM-1: Physical devices and systems used within the organization are inventoried.CyberFundamentals
14.5.10.c): Turto valdymasNIS2 Lithuania
Article 8: IdentificationDORA
ID.AM-2: Software and app inventoryNIST
ID.AM-1: Physical device inventoryNIST
Secure transfer of confidential data outside the organization
Critical
High
Normal
Low
7
requirements
Management of data sets
Management of data sets

Secure transfer of confidential data outside the organization

This task helps you comply with the following requirements

A.11.6: Encryption of PII transmitted over public data-transmission networksISO 27018
TEK-16: Tiedon salaaminenJulkri
PR.DS-2: Data-in-transit is protected.CyberFundamentals
2.7.4: Use encryption when transferring confidential information or when trust in the information channel is lowNSM ICT-SP
14.4: Train Workforce on Data Handling Best PracticesCIS 18
Approval of data transfers outside the organization
Critical
High
Normal
Low
1
requirements
Management of data sets
Management of data sets

Approval of data transfers outside the organization

This task helps you comply with the following requirements

No items found.
Limiting hard copy creation of material displaying personal data
Critical
High
Normal
Low
1
requirements
Management of data sets
Management of data sets

Limiting hard copy creation of material displaying personal data

This task helps you comply with the following requirements

A.11.2: Restriction of the creation of hardcopy materialISO 27018
Archiving and destruction processes for data sets
Critical
High
Normal
Low
13
requirements
Management of data sets
Management of data sets

Archiving and destruction processes for data sets

This task helps you comply with the following requirements

PR.IP-6: Data destructionNIST
A.7.4.5: PII de-identification and deletion at the end of processingISO 27701
A.7.4.8: DisposalISO 27701
8.10: Information deletionISO 27001
P4.3: Secure disposal of personal informationSOC 2
C1.2: Disposal of confidental informationSOC 2
3.4: Tietoturvallinen arkistointi ja tuhoaminenTiHL tietoturvavaatimukset
PR.IP-6: Data is destroyed according to policy.CyberFundamentals
3.2.7: Review the security relevant monitoring-data regularly and, if necessary, reconfigure the monitoringNSM ICT-SP
3.2.1: Determine a strategy and guidelines for security monitoringNSM ICT-SP
Tietojen tuhoaminen pilvipalveluissa
Critical
High
Normal
Low
1
requirements
Management of data sets
Management of data sets

Tietojen tuhoaminen pilvipalveluissa

This task helps you comply with the following requirements

TEK-21.2: Sähköisessä muodossa olevien tietojen tuhoaminen - pilvipalveluissa olevan tiedon tuhoaminenJulkri
Tietojenkäsittely-ympäristön toimijoiden tunnistaminen (TL IV)
Critical
High
Normal
Low
2
requirements
Management of data sets
Management of data sets

Tietojenkäsittely-ympäristön toimijoiden tunnistaminen (TL IV)

This task helps you comply with the following requirements

TEK-08.4: Tietojenkäsittely-ympäristön toimijoiden tunnistaminen - TL IVJulkri
I-07: MONITASOINEN SUOJAAMINEN – TIETOJENKÄSITTELY-YMPÄRISTÖN TOIMIJOIDEN TUNNISTAMINEN FYYSISESTI SUOJATUN TURVALLISUUSALUEEN SISÄLLÄKatakri 2020
Toisen viranomaisen laatimien sähköisten tietojen tuhoaminen (TL II)
Critical
High
Normal
Low
1
requirements
Management of data sets
Management of data sets

Toisen viranomaisen laatimien sähköisten tietojen tuhoaminen (TL II)

This task helps you comply with the following requirements

TEK-21.4: Sähköisessä muodossa olevien tietojen tuhoaminen - toisen viranomaisen laatimat tiedot - TL IIJulkri
Measures for the storage of incoming information, information being processed and outgoing information
Critical
High
Normal
Low
6
requirements
Management of data sets
Management of data sets

Measures for the storage of incoming information, information being processed and outgoing information

This task helps you comply with the following requirements

PI1.5: Procedures for storing inputs, items in processing, and outputs in accordance with system speficationsSOC 2
3.4: Tietoturvallinen arkistointi ja tuhoaminenTiHL tietoturvavaatimukset
5.2.4: Log management and analysisTISAX
ID.AM-3: Organizational communication and data flows are mapped.CyberFundamentals
3.14: Log Sensitive Data AccessCIS 18
Access management for personal data in files and papers
Critical
High
Normal
Low
1
requirements
Management of data sets
Management of data sets

Access management for personal data in files and papers

This task helps you comply with the following requirements

9.2.5: Review of user access rightsISO 27001
Minimization of information outside data systems
Critical
High
Normal
Low
7
requirements
Management of data sets
Management of data sets

Minimization of information outside data systems

This task helps you comply with the following requirements

32. Security of processingGDPR
8.1.3: Acceptable use of assetsISO 27001
8.3.1: Management of removable mediaISO 27001
9.4.4: Use of privileged utility programsISO 27001
A.11.2: Restriction of the creation of hardcopy materialISO 27018
8.12: Data leakage preventionISO 27001
63: Rakenteettoman tiedon tunnistaminen ja hallintaDigiturvan kokonaiskuvapalvelu
Using data loss prevention policies
Critical
High
Normal
Low
14
requirements
Management of data sets
Management of data sets

Using data loss prevention policies

This task helps you comply with the following requirements

18.1.2: Intellectual property rightsISO 27001
18.1.3: Protection of recordsISO 27001
8.12: Data leakage preventionISO 27001
5.33: Protection of recordsISO 27001
C1.1: Identification and maintainment of confidental informationSOC 2
PR.DS-5: Protections against data leaks are implemented.CyberFundamentals
ID.AM-5: Resources are prioritized based on their classification, criticality, and business value.CyberFundamentals
14.5: Train Workforce Members on Causes of Unintentional Data ExposureCIS 18
3.11: Encrypt Sensitive Data at RestCIS 18
3.13: Deploy a Data Loss Prevention SolutionCIS 18
IRM protection of files
Critical
High
Normal
Low
0
requirements
Management of data sets
Management of data sets

IRM protection of files

This task helps you comply with the following requirements

No items found.
Preventing downloads of confidential information on unsupported devices
Critical
High
Normal
Low
2
requirements
Management of data sets
Management of data sets

Preventing downloads of confidential information on unsupported devices

This task helps you comply with the following requirements

6.2.1: Mobile device policyISO 27001
13.2.1: Information transfer policies and proceduresISO 27001
Blocking downloads of confidential information on external networks
Critical
High
Normal
Low
2
requirements
Management of data sets
Management of data sets

Blocking downloads of confidential information on external networks

This task helps you comply with the following requirements

13.1.1: Network controlsISO 27001
13.2.1: Information transfer policies and proceduresISO 27001
Documentation of personal data outside data systems
Critical
High
Normal
Low
15
requirements
Management of data sets
Management of data sets

Documentation of personal data outside data systems

This task helps you comply with the following requirements

Članak 30.1.i (Imovina): Upravljanja programskom i sklopovskom imovinomNIS2 Croatia
9.5 §: Suojattavan omaisuuden hallintaKyberturvallisuuslaki
27.(d): Sistēmas un aktīvu pārvaldībaNIS2 Latvia
Art. 24.2.i.3 (Assetti): Sicurezza e affidabilita' del personale, politiche di controllo dell'accesso e gestione dei beni e degli assettiNIS2 Italy
63: Rakenteettoman tiedon tunnistaminen ja hallintaDigiturvan kokonaiskuvapalvelu
21.2.i (assets): Asset managementNIS2
CC6.1a: Identification and listing of assetsSOC 2
8.1.1: Inventory of assetsISO 27001
5. Principles relating to processing of personal dataGDPR
5.9: Inventory of information and other associated assetsISO 27001
Tietoaineistojen turvalliset säilytystilat
Critical
High
Normal
Low
3
requirements
Management of data sets
Management of data sets

Tietoaineistojen turvalliset säilytystilat

This task helps you comply with the following requirements

15 §: Tietoaineistojen turvallisuuden varmistaminenTiHL
3.1: Tietoaineistojen tietoturvallisuusTiHL tietoturvavaatimukset
3.2: ToimitilaturvallisuusTiHL tietoturvavaatimukset
Complete these tasks in Cyberday ISMS ->

How to comply with this requirement

In Cyberday, requirements and controls are mapped to universal tasks. Each requirement is fulfilled with one or multiple tasks.

Here's a list of tasks that help you comply with the requirement
Management of data sets
of the framework  
Task name
Priority
Task completes
Complete these tasks to increase your compliance in this policy.
Critical
31 requirements
No other tasks found.
Complete these tasks in Cyberday ISMS ->

The ISMS component hierachy

When building an ISMS, it's important to understand the different levels of information hierarchy. Here's how Cyberday is structured.

Framework

Sets the overall compliance standard or regulation your organization needs to follow.

Requirements

Break down the framework into specific obligations that must be met.

Tasks

Concrete actions and activities your team carries out to satisfy each requirement.

Policies

Documented rules and practices that are created and maintained as a result of completing tasks.

Never duplicate effort. Do it once - improve compliance across frameworks.

Reach multi-framework compliance in the simplest possible way
Security frameworks tend to share the same core requirements - like risk management, backup, malware, personnel awareness or access management.
Cyberday maps all frameworks’ requirements into shared tasks - one single plan that improves all frameworks’ compliance.
Do it once - we automatically apply it to all current and future frameworks.
Start free trial
Effortless compliance improvement
Widest framework library in EU
Extensive support

Start your compliance journey

Use in MS Teams or use your browser with Slack integration.
Risk free trial. No credit card required. Stop at any time.

Start free 14-day trial
Book a meeting
How it works?
SummarySecurity tasks and assuranceDocumentation workflowsEmployee guidelinesReporting templates
Use cases
By frameworkAll frameworksISO 27001NIS2 directiveNIST CSFCSA CCMISO 27701GDPRISO 27017ISO 27018
By methodCyber risk managementEmployee awarenessCompliance reportingControl managementAsset managementPrivacy managementVendor assessments
Resources
AcademyWebinarsBlogHelp articlesVideo coursesContent libraryGuidesNewsletterLeave a reviewPartner programTeamTerms of usePrivacy policy
Contact us
+358 10 231 6010
team@cyberday.ai
App works in:
Known in Finland as Digiturvamalli
© Cyberday Inc. Kalevantie 2 33100 Tampere, Finland
Cyberday.ai - Improve and certify your cyber security