The institution establishes a data governance framework to formalize the exercise of authority and control (planning, monitoring and enforcement) over the management of data assets.
The data governance function guides how all other data management functions are performed.
Guideline code
ICT_02200
Mechanism
Mechanism
- The ICT unit, with the assistance of specialized units, should specify and implement a framework defining processes, procedures and duties on data governance, comprising the following activities:
- Defining data strategy and policies;
- Specifying a corporate data architecture;
- Defining data standards and procedures;
- Defining the mechanisms to ensure regulatory compliance (e.g. national data protection regulations, Health Information Protection and Portability Act or equivalent);
- Carrying out issue management.
- The board and management might set up specialized organizational structures to carry out data governance processes. Special consideration should be given to business-oriented roles and data management activities.
- The management should validate the framework and communicate its scope throughout the institution.
Parent
Structure
Structure
- The board, with the assistance of the management, should issue a policy statement on the adoption of a systematic, clear and effective approach for the governance of data as a critical resource.
- The board and management should commission the ICT unit, in collaboration with business units, to define a data governance framework. Effective data governance depends on a partnership between business data stewards and data management staff.
- The data governance framework should take into account all the different scenarios of ICT services applicable in the institution (e.g. internal services, outsourced services, internal and external access to information).
- Data security and privacy aspects are addressed in Part B.2 of these guidelines.
- The ICT data governance framework should follow the institution’s governance rules, ICT governance framework and strategic plan, and be based on international practices (e.g. ISO/IEC TR 10032 and DAMA-DMBOK).
Title HTML
Guideline 16. Developing a data governance framework
Type
Guideline_1
Weight
25