When to use this
Use this register to record where masking, pseudonymisation, tokenisation, or anonymisation is used and why.
Related controls
Register
| Data set | Environment/use case | Sensitivity | Method | Full-data roles | Lookup/key location | Re-identification risk | Approved by |
|---|---|---|---|---|---|---|---|
| TBD | Production/test/analytics/support | TBD | Masking/tokenisation/anonymisation | TBD | TBD | Low/Medium/High | TBD |
Minimum checks
- Business need is documented.
- Legal/privacy considerations are checked.
- Method matches use case.
- Full-data access is restricted.
- Re-identification path is controlled.
- Template
- Iso27001
- Technological controls
- Data masking
Note Metadata
Aliases: Masking Decision Register
Source: 90 Templates/Data Masking Decision Register.md
Related Notes
- A.8.11 Audit Evidence Pack
- ISO 27001 A.8.11 - Data Masking
- A.8 Technological Controls MOC
- A.8 Technological Controls Implementation Guide
- A.8 Technological Controls Audit Guide
- A.8 Technological Controls Implementation Audit Risk Mapping
- A.8.11 Audit Checklist
- Data Masking Standard
- PII Inventory and Privacy Requirements Matrix
- Templates MOC