We are entrusting more and more of our lives to the digital companies managing our most sensitive data. With so much of our information available online, and with companies contracting their data management out to other companies, any guidance to those managing this information can surely be a good thing. For this ever-expanding void we have AS ISO/IEC 38505.1:2018, Information technology - Governance of IT - Governance of data, Part 1: Application of AS ISO/IEC 38500 to the governance of data.
While the title can be confusing, if not a little intimidating given its length, in essence we are talking about a series of guiding principles for the directors, CEO and senior managers of any organisation to follow and give their stakeholders the trust they are going to manage their most precious data in a responsible manner.
More than just buzz words
In the age of cloud computing we are also seeing the realisation of the internet of things and an increasing use of big data. For professionals in the ICT sector this will be a statement many will agree with, but for the average Australia that uses computers only when we need to these will be industry buzz words.
However, it is because of the increasing cloud computing and more data being collected that we have this standard in place.
As organisations use our data in new and exciting ways the standard provides guidelines so that we can have faith it is being managed responsibly.
Specifically, this standard is intended for owners, directors, partners, managers, or similar to be provided with guiding principles on acceptable use of data in their organisation by:
- Applying governance principles and model of AS ISO/IEC 38505 to the governance of data
- Assuring stakeholders that if the principles and guidelines of the standard are followed they can have confidence in the organisation’s management of data
- Informing and guiding organisations on use and protection of data
- Establishing a vocabulary for the governance of data
Data is easier than ever before to harvest and to use by not only the company that collects it, but by anyone prepared to pay for it.
As such, there is a clear urgent requirement for organisations to ensure sensitive data is protected and secured.
Not all bad news
To avoid the doom and gloom, this is not all bad news. What are the benefits of big data?
The benefits are a more tailored experience, and the ease of not needing to transfer vital information from organisation to organisation. These are quickly undone if the wrong person accesses someone’s data, or someone uses it for the wrong reasons. This is exactly where AS ISO/IEC 38505 plays a key role in enabling, and expecting, those with access do the right thing with our data.
This standard is one where the impact will be felt by the entire Australian community, but we may likely not see it in operation. The work of this standard starts at the board table and flows to the inner workings of each organisation it impacts, but the benefit is in each and every transaction we have with key data.
This case study is available in PDF format.