Operational Management

Model | Operations | Operational Management

The Operational Management (OM) practice focuses on activities to ensure security is maintained throughout operational support functions. Although these functions are not performed directly by an application, the overall security of the application and its data depends on their proper performance. Deploying an application on an unsupported operating system with unpatched vulnerabilities, or failing to store backup media securely, can make the protections built into that application irrelevant.

The functions covered by this practice include, but are not limited to: system provisioning, administration, and decommissioning; database provisioning and administration; and data backup, restore, and archival.

Maturity levelStream A
Data Protection
Stream B
System Decommissioning / Legacy Management
1Foundational PracticesImplement basic data protection practices.Decommission unused applications and services as identified. Manage customer upgrades/migrations individually.
2Managed, Responsive ProcessesDevelop data catalog and establish data protection policy.Develop repeatable decommissioning processes for unused systems/services, and for migration from legacy dependencies. Manage legacy migration roadmaps for customers.
3Active Monitoring and ResponseAutomate detection of policy non-compliance, and audit compliance periodically. Regularly review and update to data catalog and data protection policy.Proactively manage migration roadmaps, for both unsupported end-of-life dependencies, and legacy versions of delivered software.