Governance (NIST)

"...downtime is bad, but data loss will get you fired" - Bill Turner (Privacy, Data protection, & Cybersecurity FIP, CIPM, CDSPE, CIPT, CHPC, C|CISO, CIPP /US /G /C)

What are some Data Governance Standards?
"Data Governance (DG) is the process of managing the availability, usability, integrity and security of the data in enterprise systems, based on internal data standards and policies that also control data usage. "

"According to the Data Governance Institute (DGI), it is a practical and actionable framework to help a variety of data stakeholders across any organization identify and meet their information needs." 

What does good Data Governance look like?
"The key focus areas of data governance include availability, usability, consistency, data integrity and data security." (Source)

What is the difference between Data Management and Data Governance?
"Data Governance involves managing how data is accessed and handled within a larger data management strategy, down to access granted to specific users and compliance protocols. Data Management entails the implementation of tools, processes and architectures that are designed to achieve your company's objectives."

Who is responsible for Data Governance?
"Having established the fact that data is a strategic asset owned by the corporation, three roles (or their equivalent) are typically defined: Data Owners, Data Stewards and Data Custodians. These staff members play a critical role in governing data, in collaboration with other members within their organization. Jan 19, 2012"

6 Steps to a Good Risk Assessment Process...


What is NIST compliance?
"Generally speaking, NIST guidance provides the set of standards for recommended security controls for information systems at federal agencies. In many cases, complying with NIST guidelines and recommendations will help federal agencies ensure compliance with other regulations, such as HIPAA, FISMA, GDPR, or SOX. Oct 5, 2020"

What are the five functions described in the NIST Framework?
"The five Functions included in the Framework Core are: Identify, Protect, Detect, Respond, Recover." (Note: Veeam should be a component of this framework: VBR, Veeam One, VAO)

Is NIST compliance mandatory?
"Compliance with National Institute of Standards and Technology (NIST) standards is mandatory depending on the industry in which an organization conducts business. NIST is only mandatory for all United States federal agencies as of 2017. The private sector consumption and use of the NIST framework is voluntary. Nov 5, 2019"

What is NIST 800 series?
"The NIST 800 Series is a set of documents that describe United States federal government computer security policies, procedures and guidelines. The publications can be useful as guidelines for enforcement of security rules and as legal references in case of litigation involving security issues."

The NIST Cybersecurity Framework

The Role Of Data Governance In An Effective Compliance Program

Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure - (OMB)

Note: SEC 17a-4(f), CFTC 1.31(d), FINRA, and other regulations

SEC 17a-4

HIPAA CFR 164.306, CFR 164.308


State regulations
Specify timelines for patient health information retention