DSP · Data Security and Privacy Lifecycle Management

DSP-17Cloud & AI Related

Sensitive Data Protection

Specification

Define and implement, processes, procedures and technical measures to protect sensitive data throughout its lifecycle.

Threat coverage

Model manipulation

Data poisoning

Sensitive data disclosure

Model theft

Model/Service Failure

Insecure supply chain

Insecure apps/plugins

Denial of Service

Loss of governance

Architectural relevance

Physical infrastructure

Network

Compute

Storage

Application

Data

Lifecycle

Preparation

Data collection, Data storage

Development

Design, Guardrails

Evaluation

Evaluation, Validation/Red Teaming

Deployment

Orchestration, AI Services supply chain

Delivery

Operations, Maintenance, Continuous monitoring

Retirement

Data deletion, Archiving

Ownership / SSRM

Owned by the Customer (AIC)

The Customer (AIC) is responsible and accountable for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies services or products they consume.

Model

Owned by the Customer (AIC)

Orchestrated

Owned by the Customer (AIC)

Application

Owned by the Customer (AIC)

Implementation guidelines

[Applicable to all service providers]
1. Establish and implement an agreement to specify the service provider's role and obligations in processing sensitive data.

2. Establish procedures and implement measures to ensure that sensitive data is used only for the purposes specified in the agreement.

3. Establish and implement procedures to ensure that sensitive data is not used for marketing, advertisement, or AI model training without obtaining consent from the data owner.

4. Establish and implement procedures to inform the data owner if data processing and handling do not comply with applicable legislation and regulations.

5. Establish and implement procedures to provide the required information to support customers in fulfilling their compliance obligations.

6. Identify and maintain necessary records to demonstrate compliance with obligations.

7. Implement mechanisms to ensure temporary files that are created as a result of processing sensitive data are disposed according to established procedures.

8.Establish and implement processes to return, transfer, and dispose sensitive data securely.

9. Establish and implement processes to transmit sensitive data over secure data transmission networks and verify that the data reached its intended destination.

10. Establish and implement processes to inform customers in a timely manner about sensitive data transfer between jurisdictions, and provide customers an opportunity to object such transfers or terminate the agreement.

11. Establish and implement processes to inform customers of the locations to which sensitive data can possibly be transferred.

12. Establish and implement processes to disclose subprocessors used for processing sensitive data, including when and to whom the data was shared.

13. Establish and implement processes to notify customers of any legally binding requests for disclosure of sensitive information.

14. Establish and implement processes to disclose subcontractors, third party AI models, and open-source services used in processing sensitive information.

15. Establish and implement measures to limit or minimize the collection and processing of sensitive data.

16. Establish and implement measures to de-identify or delete sensitive data as soon as the intended purposes of use are completed.

17. Establish and implement measures to identify and address obligations for automated decision-making and automated content generation using sensitive information.

18. Establish and implement processes to perform privacy impact assessments and risk assessments.

19. Implement integrity checks to ensure sensitive data is not altered during transfer.

20. Establish and implement processes to classify data based on sensitivity and to apply appropriate protection measures.

21. Encrypt and or tokenize sensitive data both at rest and in use to prevent unauthorized access.

22. Implement data masking techniques to protect sensitive information during storage.

23. Anonymize or pseudonymize data to protect privacy and reduce the risk of exposing sensitive information.

24. Continuously monitor and log data access and usage to detect and respond to unauthorized activities.

25. Implement DLP tools to control what data can be entered or exported into generative AI systems.

26. Establish and implement data retention policies to ensure sensitive data is kept only as long as necessary.

27. Implement secure deletion methods (e.g., data wiping, degaussing) to permanently remove sensitive data.

28. Provide regular training on data protection practices and policies.

29. Establish and implement an incident response plan to address data breaches and security incidents.

Auditing guidelines

1. Verify whether infrastructure policies and procedures include data privacy guidelines for managing sensitive data processed by AI workloads hosted or supported by the infrastructure.

2. Verify whether roles and responsibilities are defined for maintaining privacy and security controls across infrastructure components supporting AI systems (e.g., data storage, pipeline management).

3. Verify that sensitive data classification is integrated into service offerings; confirm isolation, access control, and encryption standards; validate compliance with customer and regulatory privacy requirements; interview technical and compliance staff; and confirm documentation is up to date.

4. Verify that the infrastructure includes mechanisms to safeguard sensitive data across its lifecycle—from data ingestion to runtime processing in AI pipelines.

5. Verify whether any infrastructure-related data privacy incidents involving hosted AI workloads were investigated, with evidence of corrective actions and customer communication.

6. Verify that risk management strategies include technical safeguards (e.g., secure compute environments, encryption at rest/in transit) to protect customer data and prevent misuse.

7. Verify that incident response plans for AI infrastructure cover customer data privacy breaches, including clear escalation, notification, and remediation workflows.

Standards mappings

ISO 42001No Gap

42001: A.4.3 Data Resources
42001: A.5.4 Assessing AI system impact on individuals or groups of individuals
42001: A.5.5 Assessing Societal Impacts of AI Systems
42001: A.7.2 Data for development and enhancement of AI system
42001: B.7.3 Acquisition of data
42001: A.7.4 Quality of Data for AI Systems
42001: A.7.5 Data Provenance
42001: A.2.3 Alignment with other organizational policies
27001: A.5.12 Classification of information
27001: A.5.13 Labelling of information
27001: A.5.14 Information transfer
27001: A.5.15 Access control
27001: A.5.16 Identity management
27001: A.5.17 Authentication information
27001: A.5.18 Access rights
27001: A.7.7 Clear desk and clear screen
27001: A.7.10 Storage Media
27001: A.8.11 Data masking
27001: A.8.12 Data leakage prevention
27002: 5.12 Classification of information
27002: 5.13 Labelling of information
27002: 5.14 Information transfer
27002: 5.15 Access control
27002: 5.16 Identity management
27002: 5.17 Authentication information
27002: 5.18 Access rights
27002: 7.7 Clear desk and clear screen
27002: 7.10 Storage Media
27002: 8.3 Information Access Restrictions
27002: 8.11 Data masking
27002: 8.12 Data leakage prevention

Addendum

N/A

EU AI ActPartial Gap

Article 10 (2)
Article 15

Addendum

N/A

NIST AI 600-1Partial Gap

MP-4.1-001
MP-4.1-009

Addendum

NIST AI 600-1 does not cover the DSP-17 topic of NIST AI 600-1 does not cover the DSP-17 topic of "protect sensitive data throughout its lifecycle."

BSI AIC4No Gap

AM-02
AM-05
AM-06
CRY-02
CRY-03
OPS-12
OPS-14
PI-03
PSS-09
PSS-12

Addendum

N/A

AI-CAIQ questions (1)

DSP-17.1

Are processes, procedures, and technical measures defined and implemented to protect sensitive data throughout its lifecycle?