Privacy / Compliance / Security
This type of program typically comes into
existence because of concerns about Data
Information Security controls, or compliance.
Compliance, in this context, may refer to regulatory compliance, contractual compliance, or compliance with internal requirements. This focus is often seen combined with a focus on policy enforcement. It's also seen combined with a focus on Data Quality.
The program almost always results from a senior management mandate. It may be formally sponsored by Business or IT, or it may be an outgrowth of a Governance, Risk, and Compliance (GRC) program.
These programs generally begin with an enterprise scope, but often efforts are limited to specific types of data. They almost always include technologies to locate sensitive data, to protect data, and/or to manage policies or controls.
A charter for this type of program may hold Data Governance and Stewardship participants accountable to:
- Help locate sensitive data across systems
- Align governance, compliance, security, and technology frameworks and initiatives
- Help assess risk and define data-related controls to manage risk
- Help enforce regulatory, contractual, architectural compliance requirements
- Support Access Management and Security requirements
- Identify stakeholders, establish decision rights, clarify accountabilities
Next: Data Governance With a Focus on Architecture / Integration
Copyright 2004-2008 The Data Governance Institute, LLC. All Rights Reserved
The site is brought to you in partnership with the Business Intelligence Network
