ISO/IEC 38505-1:2017 信息技术 IT的治理 数据治理 第1部分：应用ISO/IEC 38500的数据治理

标准编号：ISO/IEC 38505-1:2017

中文名称：信息技术 IT的治理 数据治理 第1部分：应用ISO/IEC 38500的数据治理

英文名称：Information technology — Governance of IT — Governance of data — Part 1: Application of ISO/IEC 38500 to the governance of data

发布日期：2017-04

标准范围

ISO/IEC 38505-1:20 17为组织管理机构的成员（可以包括所有者、董事、合作伙伴、执行经理或类似人员）提供了关于在其组织内有效、高效和可接受地使用数据的指导原则-将ISO/IEC 38500的治理原则和模型应用于数据的治理，-向利益攸关方保证，如果遵循本文件提出的原则和做法，他们可以对本组织的数据治理有信心，-向理事机构通报和指导其组织内数据的使用和保护，以及-建立数据治理词汇。ISO/IEC 38505-1:20 17还可以为更广泛的社区提供指导，包括:-行政经理，-外部业务或技术专家，如法律或会计专家、零售或行业协会或专业团体，-内部和外部服务提供商（包括顾问），以及-审计员。虽然本文档着眼于数据的治理及其在组织内的使用，但在ISO/IEC/TS 38501中可以找到关于有效治理IT的实施安排的指导。ISO/IEC/TS 38501中的结构有助于识别与IT治理相关的内部和外部因素，并有助于定义有益的结果和识别成功的证据。ISO/IEC 38505-1:20 17适用于IT系统创建、收集、存储或控制的数据的当前和未来使用的治理，并影响与数据相关的管理流程和决策。ISO/IEC 38505-1:20 17将数据治理定义为IT治理的子集或领域，IT治理本身是组织治理的子集或领域，或者在公司的情况下，是公司治理的子集或领域。ISO/IEC 38505-1:20 17适用于所有组织，包括公共和私营公司、政府实体和非营利组织。本文档适用于从最小到最大的各种规模的组织，无论其对数据的依赖程度如何。

ISO/IEC 38505-1:2017 provides guiding principles for members of governing bodies of organizations (which can comprise owners, directors, partners, executive managers, or similar) on the effective, efficient, and acceptable use of data within their organizations by
- applying the governance principles and model of ISO/IEC 38500 to the governance of data,
- assuring stakeholders that, if the principles and practices proposed by this document are followed, they can have confidence in the organization's governance of data,
- informing and guiding governing bodies in the use and protection of data in their organization, and
- establishing a vocabulary for the governance of data.
ISO/IEC 38505-1:2017 can also provide guidance to a wider community, including:
- executive managers,
- external businesses or technical specialists, such as legal or accounting specialists, retail or industrial associations, or professional bodies,
- internal and external service providers (including consultants), and
- auditors.
While this document looks at the governance of data and its use within an organization, guidance on the implementation arrangement for the effective governance of IT in general is found in ISO/IEC/TS 38501. The constructs in ISO/IEC/TS 38501 can help to identify internal and external factors relating to the governance of IT and help to define beneficial outcomes and identify evidence of success.
ISO/IEC 38505-1:2017 applies to the governance of the current and future use of data that is created, collected, stored or controlled by IT systems, and impacts the management processes and decisions relating to data.
ISO/IEC 38505-1:2017 defines the governance of data as a subset or domain of the governance of IT, which itself is a subset or domain of organizational, or in the case of a corporation, corporate governance.
ISO/IEC 38505-1:2017 is applicable to all organizations, including public and private companies, government entities, and not-for-profit organizations. This document is applicable to organizations of all sizes from the smallest to the largest, regardless of the extent of their dependence on data.

标准预览图