Contents
Summary
Data decommissioning is the process of retiring and removing data systems, applications, or services that are no longer needed. This involves ensuring that any data stored in these systems is either transferred to a new system, archived for future reference, or securely deleted if it’s no longer required.
Categories
The categories applicable to this standard are:
- Information and Data Management
-
- Data Lifecycle
- Data Governance
- Data Protection
- Security
-
- Information Security
Purpose
The goal of data decommissioning is to reduce costs and risks associated with maintaining outdated or unnecessary data systems, while also ensuring that important data is not lost and that all data is handled in compliance with data protection regulations.
How to meet this standard
To be compliant, you need to ensure data has been fully decommissioned at the end of its lifecycle.
What the Information Asset and System Owners must do
- Clearly define the scope and objectives of the decommissioning activity, including which systems, components or services that will be decommissioned or be impacted by it.
- Understand all users and clearly communicate the criteria and reasons for decommissioning, including any associated timescales.
- Document clearly the proposed decommissioning plan, including where any data or information will be backed up, if required.
- Finalise the decommissioning plan, dependent on the scale and scope create a project / resourcing plan.
- Obtain relevant board or SRO approval.
- Test and validate the data, system or service has been successfully decommissioned. Ensure to validate any linked data or system functionality has not been compromised.
- Ensure all relevant contracts, certificates and licenses are ceased.
- Remove the decommissioned service out of DfE's Service, IT, assurance and MS365 lists, including any associated / shared links.
- Maintain an audit trail of all decommissioning activity and carry out a post decommissioning review.
Declaring conformance with this standard
Conformance with the standard must be recorded every 12 months.
Owner and contacts
- Standard owner
-
Saheel
Sankriwala
Chief Technology and Data Officer - Other point of contact
-
DDT
Standards
Team