DNV DNV-RP-0497 PDF

Data and information should both be considered as assets in themselves, and as parts of, and prerequisites for, the operation of physical assets like ships, oilrigs, power grids etc. Based on this view, our framework is built on standards and best practices in asset management in general, and data management in particular.

In relation to standards dealing with asset management, such as ISO 55000, this RP views data in the scope of a business context of a portfolio of assets to be managed. The portfolio of datasets or data repositories is governed by an asset management system, and specifically, the data quality management is part of that system. The asset management system for data is part of the organization asset management (often called governance level). Purpose of the latter is coordinating activities and defining goals and risk tolerances, in order to realize value from information as an asset.

Corporate governance, as specified by policies, guidelines, and management systems, governs the overall criteria for performing business. Information governance guides information management at the enterprise level and supports all operational, legal, environmental, and regulatory requirements. Data management ensures that important data assets are formally managed throughout the enterprise and that information governance goals are achieved. This RP covers assessment of data quality, which is an important subset of data management.

Data quality governance policies should be defined as an integral part of corporate governance, guided by management systems. Risk assessments should be performed at several levels of governance in order to define critical issues for both data quality and information security. Some critical issues could have impacts on both quality and security; e.g., unauthorized access to data could result in compromised data values and, in contrast, ill-defined data quality processes could jeopardize security.

This document does not contain details on how to check data quality in each context, source code examples for developers, etc. This recommended practice:

— defines a framework for how to measure whether data quality in data sources is in accordance with criteria relevant for the given context

— defines a framework for how to measure the maturity of an organization that is responsible for ensuring adequate data quality for a given purpose, and

— a risk analysis approach is used to analyse risk, and prioritize mitigation activities according to the risk score and risk tolerance.