Draft Enterprise Lifecycle IoT Checklist

Considerations

Nature of risks

(Financial, operational, reputational, physical) or

(security, arch, and life&health&safety)

RACI

(responsible, accountable, consulted, informed)

Glimmer and gleam

  Discovery and outreach to potential acquirers of IoT

Planning

  Network issues

  Power

  Risk assessment and liability

  Mobile device interactions

  Physical Security

  Data analysis issues

  Standards?

 Environmental Conditions

 Authentication/Authorization

 Encryption

  Impact on compliance/attestations

Acquisition and Installation

  Vendor customer relationship and support

  Supply chain

  Financials – licensing, devices, warranties

Vendor Background,Financials, References

Deliver and Support

 Device registration/knowledge base

 Analytics access

 Data stewardship issues

 Data location issues

 OTA upgrades and patches

  Device access and control

 Mobile device app maintenance

Monitor and evaluate

Decommission

 Retire/Replace/Remediate/Retain decisions.  Main point is to ensure timely decomissioning of ineffective or sunset technology (including IoT) and planned assessment of impact, not reactive.