Data and Information Inventory and Attributes - Compliance and Regulatory attributes for the Data and Information Inventory

Data and Information Inventory and Attributes

Chapter 28. Compliance and Regulatory attributes for the Data and Information Inventory

Compliance and Regulatory attributes capture the specific regulatory obligations that govern this Data and Information type and the current compliance status.

Attribute NameMaturityDescription and Notes

Regulatory Obligations

[Multi-Value]

Walk

Description — The specific regulatory requirements, laws, or compliance frameworks that govern how this Data and Information type must be handled.

Benefit(s) — Enables per-type regulatory scoping. When a regulator asks for all data types in scope for GDPR Article 17 (right to erasure) or HIPAA’s minimum necessary standard, this attribute produces the answer directly.

Source — Manual.

Examples — GDPR Article 17 (right to erasure); HIPAA Minimum Necessary Standard; PCI DSS Requirement 3 (protect stored cardholder data); SOX Section 802 (records retention)

Notes — Derive from Sensitivity Classification first — PII types typically trigger GDPR and CCPA; PHI triggers HIPAA; PCI triggers PCI DSS. Add any additional obligations specific to this type. Separate multiple obligations with semicolons.

Compliance StatusWalk

Description — The current compliance status of this Data and Information type with respect to its applicable regulatory obligations and enterprise data governance standards.

Benefit(s) — Enables a compliance dashboard at the data type level — surfacing which types have open compliance gaps requiring remediation.

Source — Manual.

Examples — Compliant, Partially Compliant, Non-Compliant, Under Assessment

Notes — Valid values: Compliant, Partially Compliant, Non-Compliant, Under Assessment.

Copyright for the International Foundation for Information Technology (IF4IT): 2008 - Present

Legal Disclaimers
Share:
Contact Us → Subscribe →