This type of program typically comes into existence because of concerns about Data Information Security controls, or compliance. Compliance, in this context, may refer to regulatory compliance, contractual compliance, or compliance with internal requirements.
This focus is often seen combined with a focus on policy enforcement. It’s also seen combined with a focus on Data Quality.
The program almost always results from a senior management mandate. It may be formally sponsored by Business or IT, or it may be an outgrowth of a Governance, Risk, and Compliance (GRC) program.
These programs generally begin with an enterprise scope, but often efforts are limited to specific types of data. They almost always include technologies to locate sensitive data, to protect data, and/or to manage policies or controls.
A charter for this type of program may hold Data Governance and Stewardship participants accountable to:
- Help locate sensitive data across systems
- Align governance, compliance, security, and technology frameworks and initiatives
- Help assess risk and define data-related controls to manage risk
- Help enforce regulatory, contractual, architectural compliance requirements
- Support Access Management and Security requirements
- Identify stakeholders, establish decision rights, clarify accountabilities
Image courtesy of Stuart Miles at FreeDigitalPhotos.net