From mindmap to roadmap
In our view, the minimal requirements a corporation has to meet are:
• Establishing ownership for processes, systems and data.
• To draft data contracts including heredity of requirements and norms.
• Arranging logging and monitoring of the systems and processes and report on the progress of the establishment of governance.
This document, executed by the IDnext working group commissioned by the ID-next foundation, describes also the basic principles that a company can utilise to gain control; In order to put the Control problem into perspective and offer solution guidelines, the IDnext working group is providing a new vision on Access Governance within this document, assuming that an ideal situation can enable the creation of control measures up to an operational level.
The governing philosophy of Access Governance for data protection in which Identity Management and Access Control, but also ownership and responsibility (especially liability!) for the unambiguous application of access control, fall within one organisation. In order to achieve this, certain organizational and technical measurements are evidently necessary.
That laws and regulations are growing increasingly important has been announced for years now, but in how many companies does this actually lead to the conclusion that their Data Infrastructure is indeed “in control”?
If they were in control before, how do these organisations maintain that control now that ‘anytime, anyplace,