Draft Enterprise Lifecycle IoT Checklist
Considerations | Nature of risks (Financial, operational, reputational, physical) or (security, arch, and life&health&safety) | RACI (responsible, accountable, consulted, informed) |
Glimmer and gleam |
|
|
Discovery and outreach to potential acquirers of IoT |
|
|
Planning |
|
|
Network issues |
|
|
Power |
|
|
Risk assessment and liability |
|
|
Mobile device interactions |
|
|
Physical Security |
|
|
Data analysis issues |
|
|
Standards? |
|
|
Environmental Conditions
|
|
|
Authentication/Authorization |
|
|
Encryption |
|
|
Impact on compliance/attestations |
|
|
Acquisition and Installation |
|
|
Vendor customer relationship and support |
|
|
Supply chain |
|
|
Financials – licensing, devices, warranties |
|
|
Vendor Background,Financials, References
|
|
|
|
|
|
Deliver and Support |
|
|
Device registration/knowledge base |
|
|
Analytics access |
|
|
Data stewardship issues |
|
|
Data location issues |
|
|
OTA upgrades and patches |
|
|
Device access and control |
|
|
Mobile device app maintenance |
|
|
Monitor and evaluate |
|
|
|
|
|
Decommission |
|
|
Retire/Replace/Remediate/Retain decisions. Main point is to ensure timely decomissioning of ineffective or sunset technology (including IoT) and planned assessment of impact, not reactive.
|
|
|