Data Ownership

Role Definitions

Data Owner (Information Owner)

  • Official with statutory or operational authority for specified information and responsibility for establishing the controls for its generation, classification, collection, processing, dissemination, and disposal. See also information steward.
  • The person who is ultimately responsible for the data and information being collected and maintained by his or her department or division, usually a member of senior management.
  • For example:  Department Head, Dean

Data Steward (Information Steward)

  • An agency official with statutory or operational authority for specified information and responsibility for establishing the controls for its generation, collection, processing, dissemination, and disposal.
  • The Steward is appointed by the Data Owner to assist them in undertaking these responsibilities on a day-to-day basis. The Steward is responsible for the items for which the Data Owner is held accountable.
  • For example:  Department Staff

Data Custodian

  • Individual designated by proper authority to be responsible for the receipt, transfer, accounting, safeguarding, and destruction of material assigned to their account.
  • Custodian has physical or logical control over the data, performs maintenance activities, or provides other services to the resource proprietor. Typically, Data Custodians will include system administrators, database administrators, and data managers.
  • Technicians assigned responsibly for maintaining and backing up the systems, databases and servers that store the organization’s data. Data Custodians are responsible for the technical deployment of all the rules set forth by Data Owners and for ensuring that the rules applied within systems are working.
  • For example:  IT Staff who grant access based on Data Owner guidance

Sources:  Standard-InfoSec-GP-005-Data Security, CNSSI-4009; FIPS 200; SP 800-37; SP 800-53; SP 800-60; SP 800-18

Role Responsibilities

Data Owner: Individual responsible for:

  • Setting the standard for quality and accuracy of data and documents
  • Who will be able to access documents
  • How data will be entered and by whom
  • Who and how data is modified
  • How data will be printed/distributed /viewed
  • How long should data be kept
  • What are the business continuity and disaster recovery plans 

Data Steward: Individual or group responsible for:

  • Entering, modifying, deleting and distributing data and documents, consistent with quality standards set by Data Owner
  • May be a proxy for Data Owner

Data Custodian: Independent organization with the purpose of: 

  • Executing decisions of the Data Owner in respect to granting, modifying, and revoking access.
  • Ensuring documentation is in place to justify and to track access changes.
  • Providing the segregation of duties from functional area for the purpose of protecting the data and documents within the application.
  • Creating an environment to protect the integrity of the data and documents.
  • Training of users in the application functionality.
  • Providing technical resources

 

Details

Article ID: 136177
Created
Fri 10/8/21 3:44 PM
Modified
Tue 10/19/21 3:08 PM