When to use this
Use this register to document approved sensitive data transfers, channels, protections, and authorization requirements.
Related controls
Register
| Data type | Source | Destination | Approved channel | Required protection | Authorization required | Evidence |
|---|---|---|---|---|---|---|
| TBD | TBD | TBD | Portal/SFTP/API/encrypted email/backup shipment | Encryption/logging/DLP | TBD | Approval/log |
Minimum checks
- Source and destination are defined.
- Approved channel is defined.
- Protection matches sensitivity.
- Authorization process is defined.
- Flow is reviewed when business or risk changes.
- Template
- Iso27001
- Technological controls
- Dlp
- Information transfer
Note Metadata
Aliases: Sensitive Data Flow Register
Source: 90 Templates/Approved Sensitive Data Flow Register.md
Related Notes
- ISO 27001 A.5.14 - Information Transfer
- A.8.12 Audit Evidence Pack
- ISO 27001 A.8.12 - Data Leakage Prevention
- A.8 Technological Controls MOC
- A.8 Technological Controls Implementation Guide
- A.8 Technological Controls Audit Guide
- A.8 Technological Controls Implementation Audit Risk Mapping
- A.8.12 Audit Checklist
- Information Transfer Rules Matrix
- Templates MOC