Model | Operations | Operational Management
The Operational Management (OM) practice focuses on activities to ensure security is maintained throughout operational support functions. Although these functions are not performed directly by an application, the overall security of the application and its data depends on their proper performance. Deploying an application on an unsupported operating system with unpatched vulnerabilities, or failing to store backup media securely, can make the protections built into that application irrelevant.
The functions covered by this practice include, but are not limited to: system provisioning, administration, and decommissioning; database provisioning and administration; and data backup, restore, and archival.
| Maturity level | Stream AData Protection | Stream BSystem Decommissioning / Legacy Management | |
|---|---|---|---|
| 1 | Foundational Practices | Implement basic data protection practices. | Decomission unused applications and services as identified. Manage customer upgrades/migrations individually. |
| 2 | Managed, Responsive Processes | Develop data catalog and establish data protection policy. | Develop repeatable decommissioning processes for unused systems/services, and for migration from legacy dependencies. Manage legacy migration roadmaps for customers. |
| 3 | Active Monitoring and Response | Automate detection of policy non-compliance, and audit compliance periodically. Regularly review and update to data catalog and data protection policy. | Proactively manage migration roadmaps, for both unsupported end-of-life dependencies, and legacy versions of delivered software. |