![Adoptech-logo-GreyWithoutStrapline-1.png]](https://knowledge.adoptech.co.uk/hs-fs/hubfs/Adoptech-logo-GreyWithoutStrapline-1.png?height=39&name=Adoptech-logo-GreyWithoutStrapline-1.png){kind=logo}
CAF – B3.c Stored Data
This article provides additional information on how you can meet the requirement for the CAF control – B3.c Stored Data.
Protecting Important Stored Data
Confidential business and client data related to managed services should be protected in accordance with the organisation’s Data Protection Policy, which should be maintained and reviewed within Adoptech.
Data Minimisation
-
Only necessary copies of important data should be retained.
-
Where data must be stored on less secure systems, it should be minimised or masked.
-
Read-only formats should be used where appropriate to reduce risk.
Protecting Data at Rest
- Important data at rest should be protected using secure storage configurations such as:
-
encrypted cloud storage
-
full-disk encryption on endpoints
-
strict access controls to ensure only authorised personnel can access stored data
-
- Stored data locations should be reviewed routinely to confirm that protections remain appropriate and that unnecessary or outdated copies are removed.
Backup Protection
-
Secure, segregated and encrypted backups of essential data should be maintained to ensure continuity if primary data becomes unavailable.
-
Backups should be access-controlled and tested periodically.
Historic and Archived Data
- Historic and archived data should only be retained where required and stored securely for the duration of its retention period.