Data Management Policy

From Glitchdata
Jump to navigation Jump to search

A Data Management Policy delves into the tactical and operational aspects of data management.

  • Define Policies/Standards/Procedures.
  • Enforce and monitor


Policy

  • 1) The organisation must adopt a methodology for managing data called the "Data Lifecycle". This methodology highlights the 4 key stages of data utility within the organisation which are:
    • Acquisition & Creation
    • Storage & Utilisation
    • Modification
    • Destruction
    • The Data Management Lifecycle is governed by the Data Lifecycle Policy.
  • 2) The organisation must establish a list of principles to guide the management of data. This will be known as the "Data Principles" and managed by the "Data Governance Committee".
  • 3) The organisation must populate a "Data Asset Register" with all major data assets managed by the organisation and capture a baseline of characteristics of the Data Assets. (e.g. System, Location, PII data, Sensitivity, and other Descriptive Metadata)

Data Management Roles and Responsibilities

The following roles and responsibilities are established for data management at the organisation:

  • Data Owners
    • A Data Owner is the person accountable for the classification, protection, use, and quality of one or more data sets within an organization.
  • Data Stewards
    • Data Stewards are responsible for managing data in their respective areas of responsibility. Data Stewards are responsible for ensuring that data is accurate, complete, and up-to-date and that it meets established standards and requirements.
  • Data Custodians
    • Data Custodians are responsible for managing the technical aspects of metadata management, including metadata storage, backup, and recovery. Data Custodians are responsible for ensuring that data is stored and processed securely.
  • Data Users
    • Data Users are responsible for using metadata in accordance with policies and procedures and ensuring that metadata is accurate and reliable.

Principles

  • Manage information as a core corporate asset (trusted and protected) EA08
  • Information / data is an asset and must have clear ownership DA01
  • Users will be empowered with open, controlled access to data to achieve a data driven organisation DA05
  • Standard methods and data models will be used for creating solutions that deliver information DA07
  • (a) Valued as a strategic asset of the organisation, essential to the WSA's purpose;
  • (b) Shared wherever possible within the limitations required (for example, privacy);
  • (c) Managed, organised and readily available to support discoverability by appropriate users;
  • (d) Usable and reusable when there is a shared understanding of what it signifies and when conditions of access and use are communicated clearly ;
  • (e) Trustworthy and of high quality supporting accurate reporting and evidence-based decision making, and
  • (f) Protected from loss, unauthorised use and disclosure through information security classification and security controls.

Data Classification and Handling

Data at [Organisation] will be classified based on its sensitivity and criticality. The following classifications will be used:

  • Public Data: Data that is intended for public disclosure and is not sensitive or critical.
  • Internal Data: Data that is intended for internal use and is not sensitive or critical.
  • Confidential Data: Data that is sensitive or critical and requires protection against unauthorized access or disclosure.
  • Highly Confidential Data: Data that is highly sensitive or critical and requires the highest level of protection against unauthorized access or disclosure.

Applicable Legislation

Policy should consider the following Legislation:

Value Stream


Related