Link to home
Start Free TrialLog in
Avatar of salkeiz
salkeiz

asked on

Company Data Storage Policy & Process

We are a K-12 school district and have a small data center where we store all user data. Currently we have 40,000 student and 5,000 staff saving data centrally and we are looking control this a bit more than we currently are.

Does anyone have an example of a data storage (or something similar) policy detailing how what should be stored here, who should access it, how long we will store it, what happens after a particular timeframe and so on?

We are just getting started on our data storage policy and any examples would be most appreciated.

Thank you,
ASKER CERTIFIED SOLUTION
Avatar of btan
btan

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of btan
btan

This is another on PDF- Guidelines on Security and Privacy in Public Cloud Computing which I see maybe useful considerations reviewing the policy needed.

I know it is "out" of the context but the content in the guidelines are applicable and generally acceptable since it is general protection of data for any hosting environment even for DC. You can catch below

"4.10 Summary of Recommendations" - summarizes those issues and related recommendations for organizations to follow when planning, reviewing, negotiating, or initiating a public cloud service outsourcing arrangement.

Include Governance, Compliance, Trust, Architecture, Identity and Access Management, Software Isolation, Data Protection, Availability, Incident Response. And specifically I summarise it as stated in their guidelines to look at

¿ Ownership rights over data
¿ Locus of organizational data within the cloud environment
¿ Security and privacy performance visibility
¿ Service availability and contingency options
¿ Data backup and recovery
¿ Incident response coordination and information sharing
¿ Disaster recovery.

it is good to engage other peer school to see if the Ministry or parent agencies can shed more assistance as coming up with policy is not an overnight and silo efforts. It need to align to the overall organisation and parent mission and goals.