When to use this
Use this register to define sensitive information in DLP scope and map DLP rules to systems, channels, and devices.
Related controls
Register
| Sensitive data type | System/channel/device | DLP rule | Action | Severity | Owner | Review date |
|---|---|---|---|---|---|---|
| TBD | Email/web/endpoint/cloud/removable media | TBD | Alert/block/quarantine/encrypt | High/Medium/Low | TBD | TBD |
Minimum checks
- DLP scope maps to classified or sensitive information.
- Rules are linked to approved data flows.
- Action is defined for each rule.
- False-positive review is assigned.
- Rules have review dates.
- Template
- Iso27001
- Technological controls
- Dlp
Note Metadata
Aliases: Data Leakage Prevention Rule Register
Source: 90 Templates/DLP Scope and Rule Register.md
Related Notes
- ISO 27001 A.5.12 - Classification of Information
- ISO 27001 A.5.14 - Information Transfer
- A.8.12 Audit Evidence Pack
- ISO 27001 A.8.12 - Data Leakage Prevention
- A.8 Technological Controls MOC
- A.8 Technological Controls Implementation Guide
- A.8 Technological Controls Audit Guide
- A.8 Technological Controls Implementation Audit Risk Mapping
- ISO 27002 Annex A Control Interpretation Map
- A.8.12 Audit Checklist
- Templates MOC