Standardisation is key to improving the efficiency and interoperability in the governance and management of data. The adoption of standards provides a common framework to organize, share and interpret data, facilitating collaboration and ensuring the consistency and quality. With ISO standards, developed at the international level and UNE, developed specifically for the spanish market, are widely recognized in this area. Both catalogues of good practices, but share similar objectives, differ in geographic scope and approach to development, allowing the organizations select the most suitable for their needs and specific context.
Before the publication, a few months ago, specifications UNE 0077, 0078, 0079, 0080 and 0081 on governance, management, quality, maturity, and evaluation of data quality , users can have doubts about how these and the ISO standards that are already implemented in their organization.
Most common Normas ISO relating to information
ISO standards has the great advantage to be open, dynamic and none to the underlying technologies. Similarly, are responsible for bringing together the best practices based on consensus, and decided by different groups of professionals and researchers in each of the fields of action. If we focus on the standards related to ict, there is already a framework of standards on governance, management and quality of information systems where, among others:
- At the level of government:
- ISO 38500 for the government.
- At the level of management:
- ISO 8000 for data management systems and data teachers.
- ISO 20000 for the management of services.
- ISO 25000 for the quality of the proceeds generated (both software such as data).
- ISO 27000 e ISO 27701 for the management of the security and privacy of the information.
- ISO 33000 for the assessment of procesos.jkkl0ñ-.
With these standards, there are others who are commonly used in companies such as:
- Quality management system based on ISO 9000
- Environmental management system proposed in ISO 14000
These standards have been used for years to the government and management of ict and they have the great advantage of that, based on the same principles, may be used perfectly together . Thus, for example, it is very Useful to strengthen each other information systems security based on the family of ISO/IEC 27000 with managing services based on the family of ISO/IEC 20000 .
The relationship between the ISO standards and specifications on the LINKS
The specifications UNE 0077, 0078, 0079, 0080 and 0081 complement the ISO standards relating to governance, management and quality of data by providing specific and detailed guidelines that focus on particular aspects of the spanish environment and the local market.
When it raised the specifications UNE 0077, 0078, 0079, 0080 and 0081, were based on the main ISO standards, in order to be easily integrated into the management systems already available in the organizations (mentioned above), as set forth in the following diagram:
Example of implementation of the standard UNE 0078
Below, provides an example to see how the inclusion of a clearer way UNE and ISO that many organizations already have in place for years, taking as a reference UNE 0078. Although all specifications UNE data are intertwined with most of the ISO standards of governance, management and quality of You, the specification UNE 0078 data management more related to management systems of information security (ISO 27000) and management of services (ISO 20000). Table 1 you can see the link for each process with each ISO standard.
|
UNE 0078: process Gestión de Datos |
Linked with ISO 20000 |
Linked with ISO 27000 |
|
(ProcDat) data Processing |
|
|
|
(InfrTec) management of technological infrastructure |
X |
X |
|
(ReqDat) management of data requirements |
X |
X |
|
(ConfDat) configuration management data |
|
|
|
(DatHist) historical data management |
X |
|
|
(SegDat) management of data security |
X |
X |
|
(Metdat) metadata management |
X |
|
|
(ArqDat) management of architecture and design of the metadata |
X |
|
|
(CIIDat) Compartición, brokering and integration of |
X |
|
|
(MDM) master data Management |
|
|
|
(HR) human resources management |
|
|
|
(CVidDat) lifecycle management data |
X |
|
|
D (AnaDat) data Analysis esigualdad |
|
Relationship of the standard UNE 0078 with ISO 20000
With respect to the interrelationship between 20000-1 ISO with the specification UNE 0078 a use case in which an organization to be made available as relevant to your data across the organization through various services. The integrated implementation of A 0078 and ISO 20000-1 allows organizations to:
- Ensure that the critical data to the business are managed and properly protected.
- Improving the efficiency and effectiveness of services, ensuring that the technological infrastructure supporting the needs of the business and end-users
- Align data management and management services to the strategic objectives of the organization, improving decision-making and competitiveness in the labour market
The relationship between the two is manifested in how the technological infrastructure managed according to UNE 0078 supports the delivery and management services in accordance with ISO 20000-1.
For this reason, there is a need, at least, to:
- Firstly, to the case of provision of data as a service, requires a infrastructure well run and safe. This is essential, on the one hand, to facilitate the effective implementation of management processes services such as incidents and problems, and on the other, in order to ensure continuity of business and the availability of services.
- Secondly, once it has the infrastructure, and is aware that the data will be ready for its consumption at some point, it is necessary to manage the principles of sharing and brokering of such data. To this end, in the specification UNE 0078, the process of Sharing, brokering and integration of data. Its main objective is to empower their acquisition and/or delivery for sharing their consumption or, if necessary, noting the deployment of intermediation mechanisms, as well as integration. This process of UNE 0078 would tie in with several of those raised in ISO 20000-1, such as the process of managing relations with the business, management of service levels, demand management and management of the capacity of the data are available.
Relationship of the standard UNE 0078 with ISO 27000
The technological infrastructure created and managed to a specific objective must ensure a minimum security and privacy of data, we will therefore require the introduction of good practices including in ISO 27000 and ISO 27701 to manage the infrastructure from the perspective of the security and privacy of the information, thus demonstrating a clear example of interaction among the three systems of management: services, security and privacy of the information and data.
Not only is paramount that the data placed at the service of the organizations and citizens of the best possible way, but it must also pay particular attention on the safety of dato throughout their life cycle during the commissioning. This is where the standard ISO 27000 brings value. The standard ISO 27000, and in particular (ISO 22000 fulfils the following objectives:
- Specifies the requirements for security management system of information (SGSI).
- Focuses on the protection of information against unauthorized access, data integrity and confidentiality.
- Aid organizations to identify, assess and manage the risks of information security.
In this line, its relationship with the specification UNE 0078 data management is marked by the process of management of data security through the implementation of the different mechanisms of the security council, the information submitted to the systems has no unauthorized access, while maintaining its integrity and confidentiality along the entire life cycle of dato. Similarly, can be built on a slate of this relationship with the process of managing data security of the specification UNE 0078 and with the process of AN operation 20000-1 SGSTI- Management of Information security.
Below, figure 2 shows such as the specification UNE 0078 supplements to the current ISO 20000 and ISO 27000 applied to the example mentioned above.
Over the previous cases can be understood that the great advantage of the specification UNE 0078 is that perfectly with safety management systems and services available in the organizations. The same applies to the rest of the rules UNE 0077, 0079, 0080 and 0081. Therefore, if an organization that has already implemented ISO 20000 or ISO 27000 wants to carry out initiatives of government, management and quality of data, it is recommended to the alignment between the different management systems with the specifications Unites, as mutually reinforcing in terms of security, of services and data.
