Skip to content

0420 Governance Controls

Governance is enabled through People, Process and Technology. These are controlled through a combination of technical controls (implemented IT function) and organizational controls (training, responsibility, buddy-checking etc).

UML

GovernanceControl entity

A GovernanceControl entity is a GovernanceDefinition that describes how a particular GovernancePolicy should be implemented. For example, there may be a governance principle that personal data is only available to people with a legitimate need to know. One of the governance controls that support this principle could be the use of encryption on any storage device that holds personal data.

A governance control definition is intended to act as a requirement to implementors. So it may include details of the recommended encryption strength or approach to use. However, it does not detail exactly how to enable encryption on different technologies, or which storage unit that it applies to. The mapping of the governance control to the implementation is typically mapped through Governance Execution Points.

GovernanceImplementation relationship

A GovernanceImplementation relationship links a GovernancePolicy entity to a GovernanceControl entity that is implement all or part of the policy. The rationale attribute describes why this implementation approach was chosen.

A GovernanceControlLink relationship links two related GovernanceControl entities together. The description attribute describes the reason for the relationship.

TechnicalControl entity

A TechnicalControl entity is a type of GovernanceControl that is automated using technology. More information on technical controls can be found in model 0430.

OrganizationalControl entity

An OrganizationalControl entity is a type of GovernanceControl that is implemented as a manual process or a set of responsibilities linked to an individual, role or team. More information on organizational controls can be found in model 0440.

GovernanceResponsibility entity

GovernanceResponsibility describes a responsibility that is assigned to a person or team. It could be a requirement to take certain action in specific circumstances, or to make particular types of decisions or to give approvals for particular actions.

GovernanceProcedure entity

GovernanceProcedure describes a manual procedure that is performed under certain situations. An example would be a visual check of a person's government identity document such as a passport or driving license.

Further Information


Raise an issue or comment below