The Data Governance Policy defines the roles and responsibilities for different data creation and usage types, cases, and/or situations. It establishes clear lines of accountability and develops best practices for effective data management and protection. It protects the Organization’s data against internal and external threats, such as breaches of privacy and confidentiality or security breaches. It ensures that the organization complies with applicable laws, regulations, and standards. It also ensures effective documentation of a data trail within the processes associated with accessing, retrieving, exchanging, reporting, managing, and storing data. [FII-SCF-009-DCH-01]
Governance and Ownership
| Data Governance Role | Data Governance Responsibility |
|---|---|
| Data custodian | Rather than any individual or Organisational Unit, is the Custodian of the data and any information derived from the data |
| Chief Data Officer | The Chief Data Officer is responsible for the overall management of the Organization’s Data and Information Governance |
| Data Governance steering committee | The Data Governance Steering Committee is responsible for the overall management of the organization’s Data Governance. |
| Data executive | A Data Executive supported by a Data Owner has the responsibility for the management of data assigned within their portfolio |
| Data owner | Data Owners are delegated by a Data Executive, and are responsible for ensuring effective local protocols are in place to guide the appropriate use of their data asset, Access to, and use of, institutional data will generally be administered by the appropriate Data Owner(details mentioned in Data classification policy). Data Owners are responsible for ensuring that data conforms to legal, regulatory, exchange, and operational standards. Refer Data Management cycle |
| Users | Are any individuals who, in order to fulfil their job duties and responsibilities, require access to sensitive information, and are therefore granted access |
Quality And Integrity
- Data Creators and Data Users must follow appropriate procedures to uphold the quality and integrity of the data they access. The Data quality policy specifies detailed procedures.
Classification and Security
- All employees should consult the Data Classification Policy and the Data Security policy for additional information.
Policy Review
- The Responsible Officer will review and update this Policy every year from the approval date, or more frequently if necessary. In this regard, staff members who have any comments about the Policy can forward their suggestions.
| Accountablities | |
|---|---|
| Responsible officer | Chief information officer |
| Contact officer | Chief Data officer |
| Supporting Information | |
|---|---|
| Supporting Documents | Data classification Policy |
| Data security policy | |
| IT security policy | |
| ISMS Manual | |
| Related Documents | Data classification policy |
| Data retention policy | |
| Data security policy | |
| Data privacy policy |
Data Management Lifecycle
The Data Management Life Cycle involves planning, creating, managing, storing, implementing, protecting, improving, and disposing of all institutional data of the Organization.
