| Pitfall | How ISO/IEC 38505-1 Guards Against It | | :--- | :--- | | | The standard explicitly separates data governance (asset-specific) from IT governance (infrastructure). | | Data hoarding ("just in case") | The Value-Risk-Constraints triad forces evaluation. Hoarding fails the "V > R + C" test due to risk and storage cost. | | No accountability | The "Responsibility" principle demands that the board assign a named individual (not a team) for each critical data asset. | | Focus only on security | Security is one dimension. 38505-1 adds quality, ethics, lifecycle, and value creation. |
No. The standard explicitly states that data governance is a business governance responsibility , delegated but not abdicated to IT. iso iec 38505-1
No. GDPR is legal compliance. 38505-1 is broader: value, performance, ethics, acquisition – not just privacy. | Pitfall | How ISO/IEC 38505-1 Guards Against
The most practical contribution of ISO/IEC 38505-1 is its . Before any data decision (e.g., "Should we store customer clickstream data for 10 years?"), the board must balance three elements: | | No accountability | The "Responsibility" principle
A common question: "How does this relate to DAMA-DMBOK or COBIT?"
: Ensure data is sourced and collected ethically and legally to meet business needs. Performance