Data Risk is a Jump Ball Between the Data & Risk Management Teams
As I discussed in an earlier blog, data risk tends to be a jump ball between the data and risk management teams. However, AI and AI agents will increasingly drive data risk on the agenda for CEOs and boards of directors.
In this blog, we discuss the integration between Tavro Data Risk Manager, ServiceNow IRM and Collibra. ServiceNow IRM and Collibra are market-leading GRC and data management platforms respectively.
Managing Data Risks Artifacts in Tavro
The data management team manages their data risk artifacts in Tavro. An important artifact is the Data Risk Dashboard showing the health of data controls and risks
Tavro is also the system of record for common data controls. Some controls like Data Ownership, Data Quality, and Metadata Management are owned by the Data Management Team. Other controls like Cybersecurity, Privacy and Risk Management are owned by other teams with support from Data Management.
Integration with Collibra
As discussed in another blog, Tavro ingests certain artifacts like Key Risk Indicators (KRIs) from external sources like Collibra.
Ingestion of Canonical Data from Tavro into ServiceNow IRM
Certain “canonical” data risk artifacts are ingested from Tavro into ServiceNow IRM. For example, Data Risks in Tavro are ingested as Risk statements in ServiceNow IRM.
In a similar manner, Common Data Controls from Tavro are ingested as Control Objectives into ServiceNow IRM.
Assessments within ServiceNow IRM can now reuse Risk Statements and Control Objectives that were previously ingested from Tavro. For example, the assessment for the Centralized Data Management entity reuses three risks and five controls. The Calculated Annualized Loss Expectancy (ALE) is computed for each risk.
Calculated ALE = Residual ALE + ((Inherent ALE – Residual ALE) * (Calculated Risk Factor / 100)).
The details behind this formula are beyond the scope of this blog. However, the Calculated Risk Factor is based partially on the underlying KRIs. The Risk Indicator Status in ServiceNow IRM shows that two out of three KRIs for RISK_14.7 have failed because the percentage of certified CDEs falls below the target of 50 percent. This information was ingested from Collibra into Tavro and then ServiceNow IRM.
