DOCSLIB.ORG

The Evolution of Data Governance Regulations and What IA Departments Need to Know

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
The Evolution of Data Governance Regulations and What IA Departments Need to Know The Evolution of Data Governance Regulations and What IA Departments Need to Know FEBRUARY 27, 2018 Jamey Loupe | Senior Manager, Risk Advisory Services Jessica Allen | Director, Technology & Business Transformation Services CPE and Support CPE Participation Requirements | To receive CPE credit for this webcast: You’ll need to actively participate throughout the program. Be responsive to at least 75% of the polling questions. Please refer the CPE & Support Handout in the Handouts section for more information about group participation and CPE certificates. Q&A | Submit all questions using the Q&A feature on the lower right corner of the screen. Presenter(s) will review and answer questions submitted as time allows. *Please note that questions and answers submitted/provided via the Q&A feature are visible to all participants as well as the presenters. Technical Support | If you should have technical issues, please contact LearnLive: Click on the Live Chat icon under the Support tab, OR call: 1-888-228-4088 Audio | Audio will be streamed through your computer speakers. If you experience audio issues during today’s presentation, please dial into the teleconference: 1-855-233-5756, and use teleconference code: 226 838 6759 # 2 Polling Question 1 (Test) 3 Jamey Loupe, CISA Senior Manager | Risk Advisory Services Jamey is a Senior Manager in BDO’s Risk Advisory Services practice. He has provided audit and advisory services to mid-size and multi-national companies in multiple industries, and has more than 15 years of progressive experience leading and organizing teams and projects. Throughout his career, Jamey has led and supported the activities needed to complete the audit process. He has experience presenting results to Senior Management and the Audit Committee. His experience includes: Leading, managing and conducting IT internal audits Managing complex IT SOX compliance projects PROFESSIONAL AFFILIATIONS Recommending and implementing IT process improvements Institute of Internal Auditors Conducting and leading GRP pre-implementation reviews Information Systems Audit and Control Association Marine Corps Association and Foundation Conducting IT security assessments Monitoring IT governance EDUCATION M.L.A., Information Management Systems, Jamey has extensive experience in Information Technology Standards and Harvard University (in progress) Governance, IT Risk Assessments, Cloud Security and Governance, Sarbanes B.A, Information Systems Decision Sciences, Oxley, IT Security assessments, Application pre and post implementation Louisiana State University reviews, as well as IT Audit and Compliance. 4 Jessica Allen Director| Technology & Business Transformation Services Jessica Allen is a Director with more than 15 years of experience developing and executing enterprise-wide programs, including Security and Compliance, IT strategy, and IT Optimization & Innovation. Ms. Allen combines her technical expertise with significant experience managing large and complex programs and operations to assist organizations in achieving a variety of business objectives, including risk mitigation, enhancing efficiencies and reducing costs. Having significant experience leading large transformation as well as completing complex assessments, Ms. Allen is well-versed in Security and Compliance EDUCATION Data privacy and Protection M.I.S., Northern Kentucky University B.S., Information Systems, Northern Kentucky Process reengineering University Program governance and oversight Technology Architecture IT service management Ms. Allen is a frequent speaker on topics including technology advisory, security awareness and key threats, technology trends, innovation, and IT optimization. She supports key clients in BDO with complex technology and regulatory requirements. 5 Today’s Learning Objectives At the conclusion of this course, participants will be able to: Identify data governance regulations by industry and location Describe upcoming regulations and the impact on companies in various geographical areas Discuss the impact of the new regulations and the data governance risks their organization faces 6 Defining Data Governance 7 What is Data Governance Data governance is defining ownership and management of the availability, usability, integrity and security of data used in an enterprise. A good Data Governance program seeks to address these objectives: Clear information ownership Timely, correct information Clear enterprise architecture and efficiency Regulatory Compliance and security 8 Data Governance is Not The below initiatives/processes all require a well developed Data Governance Program to be successful. However, in and of themselves, they are not Data Governance. Data change management Data cleansing Master Data Management (MDM) Data warehousing Database management and administration 9 Data Governance v. Data Management Data Governance is about determining who inputs and makes decisions regarding how data is treated and accessed. Data Management is the process of making and implementing the decisions made in Data Governance. 10 Polling Question 2 11 Data Governance Ownership 12 Who Owns Data Governance? One of the tenets of Data Governance is that enterprise data doesn’t “belong” to individuals. It is an asset that belongs to the enterprise. There are two approaches to effective ownership of Data Governance. Approach #1: Assigning Data Ownership/Stewardship Approach #2: Federated Responsibilities Source: The Data Governance Institute 13 Key Stakeholders in Data Governance? Stakeholders are those IT Teams individuals that could have an • CIO effect on or are affected by • CISO the data within your • IT Security organization. Usually this group • Database Administrators is a mix of individuals from • Applications across the organization. Administrators Business Teams This will be different in every Legal organization. Some of the usual • Data Governance suspects are: Officer 14 Internal Audit’s Role in Data Governance Evaluate the Data Governance Program Maturity. Evaluate against documented data governance Policies and Procedures. • Data Content Management • Data Records Management • Data Quality • Data Identification and Classification • Data Access Does Internal Audit have the necessary skillsets. Evaluate the appropriateness of data owners/stewards Does the IT group have an asset inventory 15 Internal Audit’s Role in Compliance with Privacy Regulations Understand what data privacy regulations apply to your organization. Evaluate if documented Policies and Procedures address the identified privacy regulation. Evaluate if the organization has identified the key data that is subject to regulatory requirements. Audit processes to determine how they impact privacy of data subjects Evaluate whether systems and processes have been developed with appropriate privacy considerations. Report on systems that contain significant amounts of personal data and provide a plan for remediation and management of these systems. 16 IT’s Role in Data Governance and Related Privacy Regulations Chair on Steering Committee/Data Governance Board Maintain the logical and physical security of the applications and keep them up-to-date. Responsible for developing the backup and data recovery plan with the input of the business. Meeting Service Level Agreements as agreed with the Data Owners/Stewards. Ensuring that applications and databases are appropriately installed and administered. 17 COBIT 5 to Audit Data Governance COBIT 5 establishes seven enablers to drive better information and data governance and management. Each of the enablers has goals and metrics that aim to drive better control and improvement of: Management of IT-related business risk Transparency of IT costs, benefits and risk Security of information, processing infrastructure and applications IT compliance with internal policies Risk thresholds definition and communication Managing critical IT-related enterprise risk effectively and efficiently Ensuring that IT-related risk does not exceed the enterprise risk appetite Source ISACA, COBIT 5 18 Other Considerations: Cybersecurity Assessments UNDERSTAND YOUR ENTIRE DATA PROTECTION LANDSCAPE Vulnerability assessments and penetration testing (VAPT) Incident response readiness testing HITRUST assessment IT security risk assessment ISO 2700x readiness assessment PCI DSS readiness assessment 19 Polling Question 3 20 Key Components of Data Governance 21 6 Key Pillars of Data Governance Information A well defined Data Governance framework addresses this information within an organization. 22 Benefits of a Well-Defined Data Governance Framework Regulatory compliance Improved data quality Consistent definitions of business terms Decision-making based on information (confidence in the data) Collaboration among business units Appropriate use of information Sharing information internally (data integration and reuse) Simplified (and known) data management business processes 23 Polling Question 4 24 Regulatory Requirements 25 US Data Privacy Regulations Our government has taken the approach to address specific data privacy concerns by type of data. As a result, there are more than 200 laws in the U.S. that involve data privacy and data security. These are just a few… Health Insurance Payment Card Industry Fair Credit Reporting Portability and Data Security Act(FCRA) Accountability Act Standard(PCI-DSS) (HIPAA) Fair and Accurate Credit Transactions Act of 2003 Health Information (FACTA) Technology
Load more

Recommended publications
  • A Guide to Data Governance Building a Roadmap for Trusted Data a Guide to Data Governance Contents
    A Guide to Data Governance Building a roadmap for trusted data A Guide to Data Governance Contents What is Data Governance? ...............................................................................................3 Why Do We Need It? ............................................................................................................................................................................. 4 The Need to Create Trusted Data ..................................................................................................................................................... 4 The Need to Protect Data .................................................................................................................................................................... 5 Requirements For Governing Data In A Modern Enterprise ........................................7 Common Business Vocabulary ........................................................................................................................................................... 7 Governing Data Across A Distributed Data Landscape............................................................................................................ 7 Data Governance Classification ......................................................................................................................................................... 8 Data Governance Roles and Responsibilities ..............................................................................................................................
    [Show full text]
  • Definitive Guide to Data Governance Contents
    Definitive Guide to Data Governance Contents Introduction: Why trusted data is the key to digital transformation 03 Chapter 1: What is data governance and why do you need it? 05 Chapter 2: Choosing the best governance model for you 11 Chapter 3: Three steps to deliver data you can trust 18 Chapter 4: Dos & don’ts: the 12 labors of the data governance hero 41 Chapter 5: New roles of data governance 46 Chapter 6: Successful trusted data delivery stories 50 Chapter 7: Managing the transition from data integration to data integrity 60 Chapter 8: Moving toward the data intelligence company 66 2 Definitive Guide to Data Governance Introduction Why trusted data is the key to digital transformation We’ve entered the era of the information economy, tools in order to get results fast While these tactics may where data has become the most critical asset of every solve for speed in the short term, they are not scalable as organization Data-driven strategies are now a competitive the company grows, and create quality and compliance imperative to succeed in every industry To support risk due to the lack of oversight On the other hand, business objectives such as revenue growth, profitability, organizations that try to solve the data trust problem often and customer satisfaction, organizations are increasingly create a culture of “no” with the establishment of strict relying on data to make decisions Data-driven controls and an authoritative approach to governance decision-making is at the heart of your digital However, it’s resource-intensive, cumbersome,
    [Show full text]
  • Data Governance Part II: Maturity Models – a Path to Progress
    NASCIO: Representing Chief Information Officers of the States Data Governance Part II: Maturity Models – A Path to Progress Introduction When government can respond effectively and expeditiously to its constituents, it In the previous report on Data Governance1 gains credibility with citizens. The an overview of data governance was opposite is also true. When government presented describing the foundational can’t respond, or responds incorrectly, or issues that drive the necessity for state too slowly, based on inaccurate informa- government to pursue a deliberate effort tion, or a lack of data consistency across for managing its key information assets. agencies, government’s credibility suffers. Data governance or governance of data, information and knowledge assets resides This research brief will present a number within the greater umbrella of enterprise of data governance maturity models2 architecture and must be an enterprise- which have been developed by widely wide program.There is a significant cost to recognized thought leaders. These models March 2009 state government when data and informa- provide a foundational reference for tion are not properly managed. In an understanding data governance and for NASCIO Staff Contact: emergency situation, conflicts in informa- understanding the journey that must be Eric Sweden anticipated and planned for achieving Enterprise Architect tion can jeopardize the lives of citizens, [email protected] first responders, law enforcement officers, effective governance of data, information fire fighters, and medical personnel. and knowledge assets. This report contin- ues to build on the concepts presented in Redundant sources for data can lead to Data Governance Part I. It presents a conflicting data which can lead to ineffec- portfolio of data governance maturity tive decision making and costly models.
    [Show full text]
  • The Evolving Role of the Chief Data Officer in Financial Services
    The evolving role of the chief data officer in financial services: From marshal and steward to business strategist The evolving role of the chief data officer in financial services | From marshal and steward to business strategist The evolving role of the chief data officer in financial services: From marshal and steward to business strategist Over the past few years, financial institutions core businesses, products, customers, and (FIs) have increasingly come to recognize supporting data infrastructure’s capabilities that their data assets represent highly and needs. strategic sources of insight and leverage for a wide array of business functions, More recently, the CDO’s job description–for including risk management, regulatory the most progressive organizations–has compliance, sales and marketing, product evolved from its initial focus on data asset development, and operational performance, gathering, governance, and stewardship among others. To realize this embedded to proactive business enablement, with value, however, organizations need to many institutions even marrying the CDO proactively and effectively manage their and chief analytics officer (CAO) roles into a information assets at the enterprise level. In single senior-level position. This is especially response, they have been appointing chief true for organizations that aggressively data officers (CDOs) to provide required seek to leverage data science and advanced strategic guidance and execution support, analytical modelling to generate new insights and also to assure access to and the into the markets and customers they serve, quality of critical data. In addition, CDOs the products they build and price, the risks will undoubtedly play a strategic role in they assume or pass on, and the means by helping FIs adapt and transform their data which they operate the business to benefit ecosystems in response to rapid technology stakeholders.
    [Show full text]
  • Data Governance Part III: Frameworks – Structure for Organizing Complexity
    NASCIO: Representing Chief Information Officers of the States Data Governance Part III: Frameworks – Structure for Organizing Complexity Introduction frameworks and maturity models assist in describing the scope—both breadth and NASCIO has presented previous research depth—of an initiative. This holds true as briefs that introduce the subject of data well for data, information and knowledge governance, and emphasize the impor- management. tance of managing data and information assets as enterprise assets. Maturity models were presented that help describe the The Challenge journey state government must anticipate and plan. The challenge in state government is a history of state agencies operating fairly This research brief presents the concept of autonomously regarding processes and frameworks that will describe what consti- investment related to managing informa- May 2009 tutes a data governance program. The tion. In the decades of this history, focus will be on frameworks from the Data strategic intent, processes, organization, NASCIO Staff Contact: Management Association (DAMA), the information management, infrastructure, Eric Sweden Enterprise Architect Data Governance Institute (DGI), and IBM. technology, training, incentives and opera- [email protected] tions have been developed in a highly In general, frameworks assist in describing decentralized manner to meet the needs of major concepts and their interrelationships. state agencies independent of one anoth- Frameworks assist in organizing the er. As state government pursues an complexity of a subject. Frameworks facili- enterprise perspective in managing its data tate communications and discussion. All of and information assets, it will recognize a these descriptors apply as well to frame- disparity in data maturity levels within the works related to data governance.
    [Show full text]
  • Data Governance Officer Job Description
    Data governance officer Role brief Directorate Strategy and corporate services Base location Bristol ectionGrade 15 Job level C Job family Professional services Date April 2017 Reports to Enterprise data manager Responsible for The continued establishment of a data governance programme within Jisc supporting the data warehouse, other core systems and datasets and implementing best practice across the company. 1. Background The data governance officer is a role within the information strategy team that forms part of group infrastructure in the strategy and corporate services directorate. This directorate, working closely with finance and commercial directorate, brings together into a single management framework all back office functions that support the operations and governance aspects of Jisc’s offering. The data management and governance team consists of the enterprise data manager supported by the data governance officer. The data governance officer role has been supporting the establishment of the data warehouse as it transitions from a project to business as usual. This includes working with data owners feeding key datasets in our CRM and finance systems. The data warehouse will be shortly moving into a business as usual state and will give a great opportunity for the data governance officer to develop and implement best practices policies and guidance across the company’s key systems and data sources. 2. Purpose and scope The purpose of this role is to work with the enterprise data manager as a liaison between Jisc business units to improve business processes, improve the quality of data within our core systems and introduce an enterprise taxonomy and ontology consistently across the business and systems.
    [Show full text]
  • The Chief Data Officer in Government a CDO Playbook
    The Chief Data Officer in Government A CDO Playbook A report from the Deloitte Center for Government Insights The Chief Data Officer in Government About the Deloitte Center for Government Insights The Deloitte Center for Government Insights shares inspiring stories of government innovation, looking at what’s behind the adoption of new technologies and management practices. We produce cutting-edge research that guides public officials without burying them in jargon and minutiae, crystalizing essential insights in an easy-to-absorb format. Through research, forums, and immersive workshops, our goal is to provide public officials, policy professionals, and members of the media with fresh insights that advance an understanding of what is possible in government transformation. About the Beeck Center for Social Impact + Innovation The Beeck Center for Social Impact + Innovation at Georgetown University engages global leaders to drive social change at scale. Through our research, education, and convenings, we provide innovative tools that leverage the power of capital, data, technology, and policy to improve lives. We embrace a cross-disciplinary approach to building solutions at scale. Deloitte Consulting LLP’s Technology Consulting practice is dedicated to helping our clients build tomorrow by solving today’s complex business problems involving strategy, procurement, design, delivery, and assurance of technology solutions. Our service areas include analytics and informa- tion management, delivery, cyber risk services, and technical strategy
    [Show full text]
  • The Relationship Between Information Governance, Data Governance
    The Relationship Between Information Governance, Data Governance, and Big Data Richard Kessler November 2015 Definitions and Interpretations Data Governance "The exercise of authority and control over the management of data assets to define, approve and communicate data strategies, policies, and standards; to track and enforce regulatory compliance and conformance to data…" etc. – Data Architecture Management Association (DAMA) "Data governance is a set of processes that ensures that important data assets are formally managed throughout the enterprise. Data governance ensures that data can be trusted and that people can be made accountable for any adverse event that happens because of low data quality." – Wikipedia Information Governance "The specification of decision rights and an accountability framework to ensure appropriate behavior in the valuation, creation, storage, use, archiving and deletion of information. It includes the processes, roles and policies, standards and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals." – Gartner "The activities and technologies that organization employ to maximize the value of their information while minimizing associated risks and costs." – Information Governance Initiative Definitions and Interpretations Big Data "Volume, Variety, Velocity." (Note that others have added other V's, including Veracity, Validity, and Visibility.) - Doug Laney of Gartner, 2001. "Transactions, Interactions, and Observations." - Shaun Connolly of Hortonworks.
    [Show full text]
  • Effective Data Governance
    PERSPECTIVE EFFECTIVE DATA GOVERNANCE Abstract Data governance is no more just another item that is good to talk about and nice to have, for global data management organizations. This PoV looks into why data governance is now on the core agenda of next-generation organizations, and how they can implement it in the most effective manner. Why is data governance Variety of data and increase in demanding around data privacy, personal important and sandboxing culture information protection, data security, data lineage, and historical data. challenging now? The next-generation analytics utilize data from all kinds of social networks and This makes data governance top priority for Data has grown significantly blogospheres, machine-generated data, Chief Information Officers (CIOs). In fact, a Omniture / clickstream data, as well as survey by Gartner suggested that by 2016, Over time the desire and capability of customer data from credit management 20% of CIOs in regulated industries would organizations, to collect and process data lose their jobs for failing to implement and loyalty management. Alongside this, has increased manifold. Some of the facts the discipline of Information Governance, organizations have now set up sandboxes, that came out in various analyst surveys successfully [3]. pilot environments, and adopted data and research suggest that: discovery tools and self-service tools. Such Data to insights to actions: Need for Structured data is growing by over 40% • data proliferation and the steep increase in accurate information every year data consumption applications demands Today’s managers use data for decisions Traditional content types, including stringent and effective data governance. • and actions.
    [Show full text]
  • INFORMATION GOVERNANCE PROGRAM CHARTER University of South Florida
    DocuSign Envelope ID: 2D722F03-1001-4E98-9F10-CA820813C1AD • INFORMATION GOVERNANCE PROGRAM CHARTER University of South Florida Abstract Institutional data is a strategic asset. For too long, information governance efforts have been siloed. A holistic approach via a consistent, repeatable and sustainable information governance program is vital in order to protect and improve the institution’s security posture, brand and reputation. This charter is a living document aimed at providing a framework for improved transparency and accountability in the use, quality, storage and security of institutional data. Ralph Wilcox, Provost & Executive Vice President _________________________________________ David Lechner, Sr. Vice President for Business and Financial Affairs ___________________________ DocuSign Envelope ID: 2D722F03-1001-4E98-9F10-CA820813C1AD Information Governance Program Charter University of South Florida Contents Document History/Revisions ........................................................................................................................ 1 Key Points ...................................................................................................................................................... 2 Context .......................................................................................................................................................... 3 Purpose of this Document ...........................................................................................................................
    [Show full text]
  • Strengthening Data Governance for Effective Use of Open Data and Big Data Analytics for Combating COVID-19
    POLICY BRIEF NO89 Strengthening Data Governance for Effective Use of Open Data and Big Data Analytics for Combating COVID-19 BACKGROUND & CONTEXT The fast spread and pervasive impact of COVID-19 Summary require governments to provide effective, timely, and Governments are highly dependent on all data including inclusive responses to manage the pandemic. In addition official statistics, administrative data, open data and to traditional data sources and data analytics tools, big data analytics for decision-making and actions governments rely on open data and big data analytics to address the COVID-19 pandemic. These data in responding to COVID-19. Open data and big data allow governments to set priorities and adjust their analytics are required for i) conducting real-time situation decisions quickly and effectively in response to rapidly analysis, contact tracing, and early and timely diagnosis evolving COVID-19 situations. Open data and big data for effective containment; ii) facilitating coordination and analytics, particularly through Artificial Intelligence (AI) collaboration between national and local governments platforms and data visualization tools, are empowering and fostering the ownership and accountability governments to predict virus mutations, track virus of local governments; iii) securing public trust in spread in real-time, and identify medications for treating government through better transparency and improved COVID-19. Governments are using big data analytics to communications; iv) countering misinformation; v) get prepared, react effectively, and develop both short- identifying and addressing special vulnerabilities and term and long-term strategies. Yet, increasing public needs of vulnerable groups by gathering disaggregated concerns about data privacy and security put in jeopardy data; and vi) supporting effective management of medical public trust in data collection, use and dissemination equipment supplies and demands.
    [Show full text]
  • Checklist to Implement Governed Self-Service
    WHITE PAPER Checklist to implement governed self-service Best practices to deploy secure, governed self-service analytics to business users with MicroStrategy Copyright Information All Contents Copyright © 2014 MicroStrategy Incorporated. All Rights Reserved. Trademark Information The following are either trademarks or registered trademarks of MicroStrategy Incorporated in the United States and certain other countries: MicroStrategy, MicroStrategy 6, MicroStrategy 7, MicroStrategy 7i, MicroStrategy 7i Evaluation Edition, MicroStrategy 7i Olap Services, MicroStrategy 8, MicroStrategy 9, MicroStrategy Distribution Services, MicroStrategy MultiSource Option, MicroStrategy Command Manager, MicroStrategy Enterprise Manager, MicroStrategy Object Manager, MicroStrategy Reporting Suite, MicroStrategy Power User, MicroStrategy Analyst, MicroStrategy Consumer, MicroStrategy Email Delivery, MicroStrategy BI Author, MicroStrategy BI Modeler, MicroStrategy Evaluation Edition, MicroStrategy Administrator, MicroStrategy Agent, MicroStrategy Architect, MicroStrategy BI Developer Kit, MicroStrategy Broadcast Server, MicroStrategy Broadcaster, MicroStrategy Broadcaster Server, MicroStrategy Business Intelligence Platform, MicroStrategy Consulting, MicroStrategy CRM Applications, MicroStrategy Customer Analyzer, MicroStrategy Desktop, MicroStrategy Desktop Analyst, MicroStrategy Desktop Designer, MicroStrategy eCRM 7, MicroStrategy Education, MicroStrategy eTrainer, MicroStrategy Executive, MicroStrategy Infocenter, MicroStrategy Intelligence Server, MicroStrategy
    [Show full text]