The Operational Management (OM) practice focuses on activities to ensure security is maintained throughout operational support functions. Although these functions are not performed directly by an application, the overall security of the application and its data depends on their proper performance. Deploying an application on an unsupported operating system with unpatched vulnerabilities, or failing to store backup media securely, can make the protections built into that application irrelevant.
The functions covered by this practice include, but are not limited to: system provisioning, administration, and decommissioning; database provisioning and administration; and data backup, restore, and archival.
Overview
| Maturity 1 | Maturity 2 | Maturity 3 |
|---|
| Objective | Foundational Practices | Managed, Responsive Processes | Active Monitoring and Response |
Streams
| Maturity 1 | Maturity 2 | Maturity 3 |
|---|
| Implement basic data protection practices. | Develop data catalog and establish data protection policy. | Automate detection of policy non-compliance, and audit compliance periodically. Regularly review and update to data catalog and data protection policy. |
| Maturity 1 | Maturity 2 | Maturity 3 |
|---|
| Decommission unused applications and services as identified. Manage customer upgrades/migrations individually. | Develop repeatable decommissioning processes for unused systems/services, and for migration from legacy dependencies. Manage legacy migration roadmaps for customers. | Proactively manage migration roadmaps, for both unsupported end-of-life dependencies, and legacy versions of delivered software. |
