Implement Data Protection



Safeguard information and assets hosted in cloud, from unauthorized access, use, disclosure, modification, disposal, transmission, or destruction throughout their life cycle.

Key Considerations

Additional Considerations



  1. Directive on Security Management - Appendix B: Mandatory Procedures for Information Technology Security Control, subsections B.2.3.4
  2. SPIN 2017-01, subsection 6.2.4
  3. Refer to the cryptography guidance in 40.111 and 40.062.
  4. Refer to the guidance in Considerations for Cryptography in Commercial Cloud Services.
  5. Refer to Section of the Directive on Service and Digital
  6. Related security controls: SC‑8, SC‑8(1), SC‑12, SC‑13, SC‑17, SC‑28, SC‑28(1)