ISO/IEC 27001 Control 8.10: Information deletion

Control

Information stored in information systems, devices or in any other storage media should be deleted when no longer required.

Necessity of MidPoint

MidPoint is optional for implementation of this control.

Implementation of this control without midPoint is feasible. However, midPoint provides considerable advantages for implementation of this control, making the implementation more efficient and reliable.

Implementation Overview

MidPoint provides automation of personal data deletion through identity lifecycle management.

Implementation Details

Identity lifecycle is a heart of identity governance and administration. MidPoint can use identity lifecycle to initiate information deletion at appropriate moments, such as termination of employment contract, or account deletion request. MidPoint keeps projection links to all accounts where personal data were provisioned. Identity connectors are used to automatically delete or minimize identity data in all systems where the data were provisioned, as recorded by the links. Moreover, provisioning scripts can be used to delete associated data, such as home directories or mailboxes. Audit trail keeps record of all data management activities conducted by midPoint, including deletion.

Implementation Notes

  • MidPoint records all data management activities in audit trail, including deletions. Therefore, audit trail can be used as a proof of information deletion. However, audit trails have limited lifetime, as all logging records, which has to be considered. Moreover, audit trail contains copy of deleted information (for the purposes of "re-playing" object history), which also needs to be considered.

Rationale

The scope of information deletion reaches beyond personal data, some parts of information deletion scope are obviously out of reach of IGA platform such as midPoint. However, personal data are subject to privacy regulations, which makes them on of the most important (and most difficult) information to manage. MidPoint provides necessary automation for deletion, avoiding violation of statutory requirements that could lead to substantial fines.

Was this page helpful?
YES NO
Thanks for your feedback