SOP-8: Monitor Data Governance Conformance
|0.1||Matias Fontecilla||2020-08-20||First draft|
|1.0||Matias Fontecilla||2020-10-15||First Publication|
Description and Scope #
The following document provides the procedure for monitoring conformance to data governance measures stipulated in the overarching Architecture Design Document and relating SOPs.
This process can be performed on an ad-hoc basis; however it is recommended to be performed on a timely basis to detect discrepancies faster.
This process acts as a detective control to any risks relating to data governance, specifically around user permissions management, approval workflow and object aging.
Monitor User Permissions #
Administrators must monitor that user permissions are well managed. This means:
- Users don’t have permissions applied directly to them, but rather inherit the permissions assigned to the groups they are in.
- Users are in the correct user group(s)
This task can be completed by consulting:
- The User Tab in the System Admin Panel
- The User Group Report
- The User Permissions Report
- The Admin Logs Report (to determine which admin made which changes)
Take note of any deviations you find.
Monitor Object Aging #
Content must be reviewed and maintained over time to ensure that it has not become out of date. While an object’s last modified date is not directly correlated with whether it is out of date, it is a good indicator of its relevance.
Similarly, monitoring objects with recent modification dates may lead to the detection of any unauthorized changes, such as changes to framework structures or reference library content.
To monitor object aging,
- Navigate to a module
- From the List Tab, Set the Hierarchy Filter to “No Hierarchy Filter”. This will allow you to search across the entire module
- For aging, filter your search by object type and Sort Modified date to Ascending, so that the oldest dates appear at the top
- For recent changes, filter your search by object type and Sort Modified date to Descending, so that the newest dates appear at the top
- Repeat this process for each module
From here, specific objects can be analyzed further by consulting their audit trails, which show what was changed, when and by who.
Take note of any objects with abnormally old or recent Last Modified Dates since your last monitoring activity.
Lastly, it is important to monitor the Archives for any objects that were deleted without authorization. To do this, access the Archives tab from the Environment Admin panel and sort the list by Deletion date.
Monitor Unapproved Objects #
Depending on how your Governance Processes are designed, some objects are required to be approved prior to being published in EPC. To monitor for any unapproved objects, you may:
- Consult the Objects Published without an Approval Cycle report
Take note of any unapproved objects since your last monitoring activity.
Monitor Admin Logs #
Admin logs should be monitored to gauge whether any major unauthorized actions have been made by an administrator. These changes are far ranging, from changing theme settings to assigning permissions directly to users.
Logs can be monitored by consulting the Admin logs report.
Take corrective action(s) #
Corrective actions should be taken in accordance with any discrepancy that were identified. Actions vary but may include additional fact finding by communicating with the individual that performed the change. From there, appropriate actions must be performed, such as accepting the change, reversing the change, retraining the person that made the unauthorized change, etc.