0420 Governance Controls¶
Governance is enabled through People, Process and Technology. These are controlled through a combination of technical controls (implemented IT function) and organizational controls (training, responsibility, buddy-checking etc).
GovernanceControl entity¶
A GovernanceControl entity is a GovernanceDefinition that describes how a particular GovernancePolicy should be implemented. For example, there may be a governance principle that personal data is only available to people with a legitimate need to know. One of the governance controls that support this principle could be the use of encryption on any storage device that holds personal data.
A governance control definition is intended to act as a requirement to implementors. So it may include details of the recommended encryption strength or approach to use. However, it does not detail exactly how to enable encryption on different technologies, or which storage unit that it applies to. The mapping of the governance control to the implementation is typically mapped through Governance Execution Points.
GovernanceImplementation relationship¶
A GovernanceImplementation relationship links a GovernancePolicy entity to a GovernanceControl entity that is implement all or part of the policy. The rationale
attribute describes why this implementation approach was chosen.
GovernanceControlLink relationship¶
A GovernanceControlLink relationship links two related GovernanceControl entities together. The description
attribute describes the reason for the relationship.
TechnicalControl entity¶
A TechnicalControl entity is a type of GovernanceControl that is automated using technology. More information on technical controls can be found in model 0430.
OrganizationalControl entity¶
An OrganizationalControl entity is a type of GovernanceControl that is implemented as a manual process or a set of responsibilities linked to an individual, role or team. More information on organizational controls can be found in model 0440.
GovernanceResponsibility entity¶
GovernanceResponsibility describes a responsibility that is assigned to a person or team. It could be a requirement to take certain action in specific circumstances, or to make particular types of decisions or to give approvals for particular actions.
GovernanceProcedure entity¶
GovernanceProcedure describes a manual procedure that is performed under certain situations. An example would be a visual check of a person's government identity document such as a passport or driving license.
Further Information
-
The Governance Officer OMVS provides support for defining governance policies through its REST API.
-
There is further detail on the content of the governance controls in the following models:
-
0430 Technical Controls - describe automated behaviour that implements a governance control.
- 0423 Security Definitions - defines access control rules.
- 0438 Naming Standards - defines naming standard rules.
- 0461 Governance Engines - support the execution of technical controls.
- 0462 Governance Action Processes - provide the choreography of the execution of technical controls.
-
0440 Organizational Controls - identity governance roles and manual procedures (such as approvals) that implement a governance control.
- 0445 Governance Roles - define governance roles and the people associated with them.
-
Governance Execution Points - describe classifications for software components that link them to a governance control.
Raise an issue or comment below