Passionately curious about Data, Databases and Systems Complexity. Data is ubiquitous, the database universe is dichotomous (structured and unstructured), expanding and complex. Find my Database Research at SQLToolkit.co.uk . Microsoft Data Platform MVP

"The important thing is not to stop questioning. Curiosity has its own reason for existing" Einstein

Wednesday 22 March 2023

Microsoft achieves first CDMC certification

Microsoft achieves first Cloud Data Management Capabilities (CDMC) certification for Microsoft Purview. This has the capabilities to accelerate business move to the cloud.

The 14 Key Controls and Automations are a part of the EDM Council’s Cloud Data Management Capabilities framework formulated as a best practice to help all industries accelerate the migration of sensitive and non-sensitive data to the cloud with confidence.

There are 14 controls that make up the framework for automations

Governance and accountability

1. Data Control Compliance must be monitored for all data assets containing sensitive data through metrics and automated notifications.

2. The Ownership field in a data catalog must be populated for all sensitive data or otherwise reported to a defined workflow.

3. A register of Authoritative Data Sources and Provisioning Points must be populated for all data assets containing sensitive data.

4. The Data Sovereignty and Cross-Border Movement of sensitive data must be recorded, auditable, and controlled according to defined policy.

Cataloging and classification

5. Cataloging must be automated for all data at the point of creation or ingestion, with consistency across all environments.

6. Classification must be automated for all data at the point of creation or ingestion and must always be on.

Accessibility and usage

7. Entitlements and Access for Sensitive Data must default to the creator and owner and access must be tracked for all sensitive data.

8. Data Consumption Purpose must be provided for all Data Sharing Agreements involving sensitive data.

Protection and privacy

9. Appropriate Security Controls must be enabled for sensitive data and evidence must be recorded.

10. Data Privacy Impact Assessments must be automatically triggered for all personal data according to its jurisdiction.

Data lifecycle

11. Data Quality Measurement must be enabled for sensitive data with metrics distributed when available.

12. Data Retention, Archiving, and Purging must be managed according to a defined retention schedule.

Data and technical architecture

13. Data Lineage information must be available for all sensitive data.

14. Cost Metrics directly associated with data use, storage, and movement must be available in the catalog.

No comments:

Post a Comment

Note: only a member of this blog may post a comment.