Last Reviewed: 2026-06-25
Reviewer Role: Insider Risk / Legal / Privacy review
Assets ModuleInteractive Sheet
Sensitive Data Inventory Checklist
A sensitive data inventory helps teams understand where high-value and regulated data resides, who can access it, and how it may move.
Primary Audience & Scope
Data owners, Privacy, Security, DLP, Compliance
When to Use
- •Starting or updating a related process.
- •Preparing a downloadable template or checklist.
- •Documenting a repeatable review.
Interactive Work Area
Fill or track items interactively and copy out to your Clipboard
Template Table Structure
| Field | Reader input / completion prompt |
|---|---|
| Data type | — |
| System/location | — |
| Data owner | — |
| Legal/regulatory driver | — |
| Sensitivity level | — |
| User populations | — |
| Third-party access | — |
| Retention expectation | — |
| Approved transfer paths | — |
| DLP/classification coverage | — |
| Known exceptions | — |
| Review cadence | — |
Checklist Audit List
0% Done(0/5)
Check
Checklist item
Include structured and unstructured locations.
Evidence: Owner / date / evidence
Include collaboration and personal workspace risk.
Evidence: Owner / date / evidence
Flag regulated and employee data.
Evidence: Owner / date / evidence
Document data owners.
Evidence: Owner / date / evidence
Review transfer paths and AI tools.
Evidence: Owner / date / evidence
What Completion Looks Like
- 1Required fields completed.
- 2Owner and review date captured.
- 3Legal/privacy review performed where relevant.
- 4Output linked to related procedure or risk register.
Insider Risk Capability Framework™ (IRCF™) Alignment
Primary IRCF™ Component
Data ProtectionProgrammatic RelevanceProvides a reusable artifact for accountable insider risk work.
Non-legal-advice Compliance NoteThis resource is a planning aid and does not provide legal advice. Organizations should adapt it to their policies, jurisdictions, labor obligations, privacy requirements, contracts, and risk appetite. Sensitive monitoring, investigation, employment, evidence, legal hold, and employee-data activities should be reviewed by appropriate Legal, Privacy, HR, Compliance, and labor stakeholders before use.
Operationalize This Template in RiskTKO®
Use RiskTKO® or request ITMG® support to adapt this template, align it to the Insider Risk Capability Framework™, and connect the output to measurable exposure reduction. Data Owner Intake Form