What is iso38505 certification

What is iso38505 certification

ISO38505 data governance security certification is the world's first management system certification for enterprise data security governance, representing the international prevailing requirements for data governance security. Data governance security is a global emerging security concept, including security management of enterprise data assets, security control of data use, security audit of data governance, etc. The data governance security system is a dynamic security system, which is oriented to data supporting business systems. Data can be transferred, used and shared. Data services and technology life cycles are viewed from two perspectives of governance and technology, and security levels are divided.

ISO/IEC 38505-1 defines the application of ISO/IEC 38500 Information Technology Governance of Organizations (hereinafter referred to as ISO/IEC 38500) in data governance, puts forward the meaning, principles, models and characteristics of data governance, and defines the tasks, implementation guidelines and applications of data governance, including:

1. Clarified the significance of data governance, the responsibilities of governance subjects, and the supervision mechanism of data governance;

2. On the basis of ISO/IEC 38500, further clarify the "E (assessment) - D (guidance) - M (supervision)" methodology of data governance;

3. Proposed governance tasks related to data collection, storage, reporting, decision-making, publishing, and disposal;

4. Clarify how to apply the six principles of "responsibility, strategy, acquisition, performance, compliance and personnel behavior" defined in ISO/IEC 38500 to data governance;

5. Proposed the application method of the ISO/IEC 38500 governance model;

6. Propose governance guidelines based on the data characteristics of "value, risk, and constraints";

7. Proposed a data responsibility matrix table and its application methods.

The official release of ISO/IEC38505-1 represents that the concept and methodology of data governance proposed by China have reached international consensus and is an important contribution of China to international standards.

Objectives of data governance

The goal of data governance is to establish standardized, integrated, protected and stored methods, responsibility sets and processes for corporate data. The main objectives of the organization should be:

1. Reduce risks;

2. Establish internal rules for data usage;

3. Implement compliance requirements;

4. Improve internal and external communication;

5. Increase data value;

6. Convenient data management;

7. Reduce costs;

8. Help ensure the sustainable survival of the company through risk management and optimization.

Basic conditions for applying for ISO38505 certification

1. Having independent legal personality and having been established for at least 3 months;

2. Provide big data related project materials: requirements, design, testing;

3. Final product acceptance, functional screenshots, etc;

4. Establish a system based on the ISO38505 standard and operate for at least 3 months;

5. Conduct at least one internal audit and management review.

Application for ISO38505 certification process

1. The certification center prepares the first draft of system documents;

2. Enterprises prepare project implementation and operation documents based on the list of materials provided by the center;

3. Identify the data assets involved in the enterprise certification scope, and jointly complete the data governance information;

4. The center checks the completeness of the data, both parties supplement the data records, and jointly complete the system operation records;

5. On site audit, rectification of non conformities, and issuance of certificates.

The significance of applying for ISO38505 certification

1. Efficient operation;

2. Fundamentally solve data quality issues;

3. The need for standardization and sharing;

4. The need for risk management;

5. Management innovation needs;

6. Optimizing business processes and resource allocation can improve business management capabilities;

7. To avoid filling in any gaps that arise, the data management department and the production department will shirk responsibility from each other.

【Related reading】：

• For details>What is GMI certification consultation
• For details>What is GMI certification consultation
• For details>GMP certification standards for pharmaceutical, food and health care products
• For details>Implement certification
• For details>Preparation work
• For details>Preparation work
• For details>Fee details for the evaluation center recognized by the Iso17025 laboratory system
• For details>Quality Assurance in the Iso17025 Laboratory System
• For details>What is cgmp authentication
• For details>ISO17025 implementation plan

Editor in charge：Shanghai Yue Fei Enterprise Management Consulting Co., Ltd.
Copyright：http://www.yf-iso.com/ Please indicate the source of the reprint