In this blog, we discuss the use of data policies and standards as evidence of compliance with data controls.
Implement Data Controls that Require Approved Policies and Standards
The data risk team first implements a data control SO-12 – Data Architecture Standard in Tavro. The control states that the data architecture standard needs to be approved on an annual basis.
Data Compliance Assessment with Uploaded Evidence
As stated above, the testing frequency for the control is on an annual basis. On an annual basis, the control owner implements a Data Compliance Assessment in Tavro. The control is in the Pass state based on the uploaded evidence in the form of the actual Data Architecture Standard.
Inventory of Data Policies and Standards
The Data Architecture Standard forms the basis for the pass status on the data compliance assessment. The figure below shows an inventory of data policies and standards in Tavro. Each data policy or standard would provide the evidence for adherence to a given control (e.g., Artificial Intelligence Policy, Authoritative Data Source Standard, Data Architecture Standard, etc.).
