# Data Lifecycle (Create-Store-Use-Share-Archive-Destroy) One-sentence definition: End-to-end stages for information that determine required controls and responsibilities. ## Key Facts - Stages: **Create → Store → Use → Share/Transmit → Archive → Destroy**. - Owners define controls per stage; custodians implement. - Lifecycle ties to classification, retention, and privacy principles. - Handoffs (e.g., to vendors) require contracts and technical controls. - Logs/records ensure traceability for audits and incidents. - Changes in stage often change applicable controls (e.g., encryption). - **Verify:** check official (ISC)² CBK and current exam outline. ## Exam Relevance - Choose controls appropriate to lifecycle stage in scenarios. **Mnemonic:** “CSUSAD” → Create, Store, Use, Share, Archive, Destroy. ## Mini Scenario Q: Before decommissioning a system, what lifecycle activity applies? A: Destroy/sanitize data with records of destruction. ## Revision Checklist - List the six stages. - Map one control to each stage. - Identify owner vs custodian duties. ## Related [[Information and Asset Ownership]] · [[Data Classification Levels and Handling Rules]] · [[Record Management and Data Retention]] · [[Media Management and Sanitization]] · [[Secure Data Disposal and Destruction Records]] · [[Domain 2 - Index]]