Torsion Information Security Blog

Exploring the business and technical implications of information security.

What is data access governance and how can you implement it?

Data access governance is a system for defining how your organisation manages and controls who has access to what data assets both internally and externally and then proving that ownership and control. It encompasses the people, processes, and technologies required to manage and protect data access.

The Data Governance Institute defines data governance as “a system of decision rights and accountabilities for information-related processes, executed according to agreed-upon models which describe who can take what actions with what information, and when, under what circumstances, using what methods.”

And the Data Management Association (DAMA) International defines data governance as the “planning, oversight, and control over management of data and the use of data and data-related sources.”

So Data Access Governance is just part of the wider discipline of Data Governance and Data Management and can be simplified by being in control of, and proving, that you know who has access to what information, why and when.

It’s highly likely that you are already employing elements of data access governance…possibly without even realising it (you might just be calling it something else). But if you are looking to implement a clear data access governance process, the following are useful steps to follow:

  • Define your goals and requirements – these might be to minimise the risk of data breaches or to meet growing compliance requirements
  • Establish a roadmap of how you might achieve your goals – this would include what technology is required, would it need to be automated, who would be key in achieving the goals and what budget is required
  • Convince stakeholders and get buy in
  • Develop and plan the data access governance program – once you have the green light you can start talking to team members, software providers to really iron out the details
  • Implement the data governance program – ensuring the plan is communicated across the entire organisation
  • Monitor and control – never stop evaluating whether your technology, processes or people are still meeting your initial goals and requirements.

Torsion is always on hand to talk with you on any element of data access governance, whether it’s knowing where to start or how to get the buy in from your business users. We work with organisations across all sectors to successfully advise, implement and automate data access governance…it’s just what we do.

I want to know more
close slider

Sounds interesting, send me a bit more info...