Back

Establish, implement, and maintain a data profiling program.


CONTROL ID
13992
CONTROL TYPE
Data and Information Management
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Records management, CC ID: 00902

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • effective data analytics are employed to correctly assess risk and risk interactions; (§ 6.9.3.4 ¶ 1 f), ISO 37000:2021, Governance of organizations — Guidance, First Edition)
  • Develop and implement plans to link laboratory data with key epidemiological data for timely data analysis (Pillar 5 Step 2 Action 3, COVID-19 Strategic Preparedness and Response Plan, OPERATIONAL PLANNING GUIDELINES TO SUPPORT COUNTRY PREPAREDNESS AND RESPONSE, Draft as of 12 February 2020)
  • Frequency, recurrence, and use of the data. (App A Objective 3:5a Bullet 2, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
  • Determine whether management identifies and classifies the entity's data effectively. Determine whether management does the following: (App A Objective 3:5, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
  • Identifies and understands the nature of the entity's data, including: (App A Objective 3:5a, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
  • Determine whether management appropriately considers the uses and risks of data analytics and performs the following: (App A Objective 3:9, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
  • Focuses on identifying, managing, and securing the data; identifying business uses; and providing appropriate access regardless of how the data are stored. (App A Objective 3:6g, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
  • Determine whether management has data governance and data management processes that include defining responsibility and processes for governing data, including the identification, management, and oversight of any metadata, and promoting a culture that takes a data-centric approach. (App A Objective 3:4, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
  • Data identification and classification processes. (III.A Action Summary ¶ 2 Bullet 1, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)