IT Governance Roles and Data Governance - Hernan Huwyler - IT Governance for decisions, rights, and accoutnabilty
Funciones de gobierno de TI y gobierno de datos - Hernan Huwyler - Gobierno de TI para decisiones, derechos y responsabilidad
11. Resource > RACI Matrix
ISACA Toolkit RACI Chart for COBIT Process
Creation Maintain Quality
IT Asset
producer
R
IT Asset user I
IT Asset
custodian
R
IT Asset owner A
IT Asset
custodian
A A R
13. Resource > IT Gov Roles
COBIT
Board
IT Gov Board
CIO, CISO, CTO
IT Operation
Head
DPO
Project
Managers
Architects
Process Owners
InfoSec Managers
Continuity
IT Risk &
Compliance
18. Accountabilities for IT Gov
committees
• Monitor the strategy articulation
• Plan future uses and growth
• Optimize IT costs and risk
• Oversight asset management
IT governance policy
19. Accountabilities for IT Gov
committees
• Approve data retention rules
• Approve accesses for sensitive
assets
• Oversight 3Ps with access for
IT governance policy
20. Responsibilities for owners
• Plan the needs for asset usages
• Define primary and secondary
uses
• Approve need-to-know
accesses
IT governance policy
21. Responsibilities for owners
• Define security controls
• Perform quality checks
• Certify user access
• Provide training to users
IT governance policy
22. Responsibilities for custodians
• Technically administrate assets
• Assign and remove accesses
• Manage and update inventories
• Implement security controls
• Execute plans for assets
IT governance policy
24. Responsibilities for users
• Comply with use, classification
and label and other policies
• Report asset losses
• Tag metadata
• Complete training
IT governance policy
25. Complains from users
Unapproved purchases and
shadow IT
Project cost overruns, delays and
defects
Low response time and integration
Ensure problems are
identified
How can IT Governance help in decisions, rights, and accountability activities
What are the procedures, roles, standards, and metrics that ensure the effective and efficient use of data and information in enabling an organisation to achieve its goals?
The use of IT Governance in the assessment, design, databases, processes, storage and deletion of data and information.