Operations and Maintenance

Goal: Sustain security and privacy posture throughout operations.

1. Maintain a schedule for vulnerability scanning, patch management, and configuration reviews.
   
2. Conduct periodic privacy and security control reviews and update PIAs as needed. 
   
3. Ensure change management enforces security reviews and testing before changes are applied.
   
4. Continue training for administrators and users; run phishing and awareness programs.
   
5. Keep data retention schedules and securely sanitize or delete data when no longer required.
   
6. Keep an incident response plan current and conduct tabletop exercises regularly.