DS-01 Data Security & Protection

Data Classification & Handling

Data is protected per sensitivity.

Domain: Data Security & Protection
Control type: Preventive
Automated / manual: Hybrid
Frequency: Continuous
Framework reference: PDPA; MAS TRM – Data

What good looks like

Data classified with handling/retention/disposal rules that are enforced.

Risk if it fails

Mishandling of sensitive data; PDPA breach.

How Tess tests it

3 tests — each concludes only on cited evidence.

Classification scheme & handling rules defined

Design

Procedure: Inspect the scheme.
Expected: Defined.
Sample: 1 (design inspection)
Evidence: Classification policy, DLP configuration.

Classification applied to data

Operating

Procedure: Inspect a sample.
Expected: Data labelled.
Sample: 25 (or full config inspection)
Evidence: Classification policy, DLP configuration.

Handling enforced (e.g. DLP)

Operating

Procedure: Inspect enforcement.
Expected: Handling rules enforced.
Sample: 25 (or full config inspection)
Evidence: Classification policy, DLP configuration.

Evidence Tess looks for

Classification policy, DLP configuration.

More in Data Security & Protection

DS-02 Network Security / Firewall DS-03 Encryption at Rest DS-04 Encryption in Transit DS-05 Cryptographic Key Management

Want Tess to test DS-01 against your evidence?