That's only for public launches (and I'd add QA review to the list), and I'd argue that each of them are critical.

For serving analytics data internally, you only need privacy review, for obvious reasons.

Security and auditing is built into the tools used for querying and serving any such data internally.