Network Trace
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

02) Does your organisation keep an up-to-date inventory of all data repositories (such as databases) with assigned owners?

August 30, 2022
IT Operations
Data Repository Inventory

Answer yes if your organisation keeps an up-to-date inventory of all data repositories within your IT estate, including any hosted within cloud services. The inventory must list an owner against each asset.

The first step to implementing and maintaining an effective security programme is understanding what assets your company has to protect. Your company should therefore keep track of both its IT hardware and software assets (this is covered by the previous control in this domain) and all of its data assets (which is what this control covers).

An inventory of all of your data repositories is a spreadsheet or database that lists all of the data repositories within your organisation, the type and classification of data they hold, and an owner who is responsible for each. It is important that the list covers all of your data repositories that contain Client data or business critical data, including any third party services that may be acting as a data repository (Google Drive for example).

A data repository inventory helps to ensure that you keep track of all of your company’s data and helps the security team to keep track of what they need to protect. It helps the team make sure that all of the company’s repositories have up-to-date security configurations and can help in an incident response scenario in the cleaning and recovering all of your company’s data.

A data repository is usually part of the output from a “crown jewels” assessment. This is an assessment in which your company understands which assets it owns that have value to the company, what those assets are, and how valuable they are.

How to implement the control

For organisations that are small in size (up to 50 devices) a data register can be implemented and maintained using an excel spreadsheet or Microsoft Access database.

A template excel spreadsheet for a small organisation can be requested at support@riskledger.com.

It is important to keep your data register up to date. Make sure to add all new databases to the to the register and ensure that your staff input any new data stores when they are created – this is especially important within cloud environments as it prevents staff from creating and saving data without the correct oversight from the Company.

For larger organisations we would recommend using a dedicated piece of software. Most IT Service Management (ITSM) software suites include a feature to help manage and track IT assets.

If you would like to contribute to this article or provide feedback, please email knowledge@riskledger.com. Contributors will be recognised on our contributors page.

Pattern Trapezoid Mesh

Defend against supply chain attacks with Defend-As-One.

No organisation is an island.