Enterprises are becoming increasingly digital. Consider a bank that refers to itself as an information technology firm that happens to process financial transactions. Or, perhaps a manufacturer that likewise refers to itself as a technology company. The management of data is critical to all enterprises.
A breach can cause enormous harm outside of the core business of the enterprise. Target had a significant data breach that caused the company material damage. Technology firms are obviously at risk. Witness the recent breach at Equifax – the repercussions of that event are still being measured.
The short story is that no matter what business you’re in, data must be cared for!
The Getting Started with Data Governance using COBIT 5 paper looks at these issues from the perspective of using enablers to put goals and internal controls in place that will assist in the good shepherding of data. The paper extends the application of the COBIT 5 framework to the practice of data governance. The practice of data governance is described, and then elements of COBIT 5: Enabling Information are explored. Specific examples are provided against each of the COBIT 5 enablers.
Data maintenance and management are becoming ever more complicated. Data environments (e.g., the cloud) change rapidly, and so do internal enterprise data requirements. COBIT 5 provides definitions, good practices and modeling to assist practitioners in dealing with the critical role of data within the enterprise. Strong management provides the underpinning of good data governance.
Corporate governance and IT governance are credited with putting frameworks and standards in place to assist enterprises in using their resources effectively and efficiently to create and deliver value to their stakeholders. Data governance uses the same concepts, but applies them more narrowly to the protection and use of data. Enterprises must still define their needs for data and what resources will be available to accomplish those goals.
Once the right resources are in place, there needs to be performance measurement mechanisms put in place to ensure that the newly created, or altered, processes are functioning as needed. Reporting on the performance of data governance processes completes the data governance cycle. The governing body can then make additional, or new, directives to accomplish the enterprise’s data governance needs.