Question

IN 300 words or more answer and elaborate on the following:

End of life policies are important for the disposal of software and its related data. List the key components of an end of life policy, and then discuss each component and why it is needed.

Answer 1

Products reach the end of their product life cycle for a number of reasons. These reasons include market demands, technology innovation and development driving changes, or the products simply mature over time and are replaced by functionally richer technology.

Software End of Life (EOL) is a term used to indicate that software is at the end of its useful life. EOL is very important in production, supportability and purchase of software

• Understand Your Data Requirements

Knowing about the data that you and your company acquire allows you to determine the necessary security procedures. This may include the lengths of time that different types of data need to be stored; the duration of time that it needs to be protected; and how sensitive it may be or how to securely destroy data assets. These details will vary between sectors (and even between companies within the same sector), so it is important that you assess this on a personal level, business unit level and corporate level.

• Understand the Threat of Mistreated Data

Many employees still don’t fully appreciate the consequences for the mistreatment of end of life data and not disposing of it correctly. If sensitive business data falls into the wrong hands (either your data or your customer’s data) then you can be set to receive financial penalties from the ICO. But by educating employees of how to securely and accurately dispose of sensitive data, you should be able to significantly reduce the risks of a data breach happening.

• Implement Policies for Data Security and for Data Disposal

Data security and data disposal policies should have a designated employee who is responsible to tailor these to a company’s specific requirements. If you work in the Public Sector, then you are required under GDPR to employ a Data Protection Officer.

• Determine your end of life priorities

If your main priority is to ensure that all end of life data assets are thoroughly destroyed regardless of cost – you will be willing to spend more on the data destruction process.

• Determine How Drastic the Destruction Process Should Be

If data held on the asset is extra sensitive, you may need to physically destroy the hardware in addition to wiping them. Less sensitive data may not require such thorough action. Regardless of the severity, the best way to protect yourself against negligence is to have a representative from the business witness the destruction of the data asset and ensure a Certificate of Destruction is issued in accordance with the latest industry regulations.

• Educate your Employees

A policy is pointless if no one in your business is aware that it exists, so make sure that you invest time and resource in educating your employees. Ensure that everyone who has a role in processing, managing or storing company or customer data, no matter how infrequently, knows what steps they should do with end of life data assets. Even if employees are aware of the end of life data asset process, they should be educated to understand the risks of a data breach and to ensure that they understand the importance of following the processes with considerable effort.

• Develop a cradle to grave data management policy

Your policy should highlight every aspect of the end of life data asset, from beginning to end. This means that employees (and anyone else that deals with the data) will know precisely what they should do in all situations.

• Regularly Test Your Policy

You should test your policy before its implementation. However, in order to ensure consistent security, you must test and monitor it regularly to ensure employees are still following the processes and re-educate any employees that fall short. It might seem draconian but we prefer to see it as being vigilant.