IBM employs a cross-company control model to govern how information is used, promote the security and integrity of all data, and protect privacy on both the individual and the corporate level. Our data governance rules and policies are designed to comply with our contractual obligations and to protect our shareholders and our relationships with clients, vendors and third parties who process our information.
Our policies seek to balance effective information access with appropriate use — who has ownership of certain information, who can use it, and for what purposes — and our technologies enable enforcement of our control model. We are constantly refining our data governance principles and framework to comply with government regulations, and to use the information IBM gathers or produces appropriately.
Beyond initial principles, effective data governance ultimately results from people, processes and technology working together organically and autonomically. IBM continues to devise better ways to integrate these elements across the enterprise:
- All IBMers must certify periodically to our Business Conduct Guidelines, which in addition to many other instructions and prohibitions govern our use of multiple kinds of information: employee privacy; proprietary information; intellectual property rights; recording, reporting and retaining information; information owned by others; and inside information and insider trading.
- To enhance IBM's data governance capabilities we're consolidating our customer databases so we will have a more finite view of our customers and the permutations of their data.
- Using IBM identity and access control technologies, such as our Tivoli brand products, we can help limit access to sensitive information that should be available only to appropriate parties.
In addition to these measures, we have formed the IBM Data Governance Council, a group of leading companies, institutions and technology solution providers working with IBM to clarify and resolve common data governance challenges and to explore solutions as they relate to security, privacy, trust and corporate compliance issues.
The council's focus is on the management of data governance policy, the impact of policy on business processes and practices, and the enforcement of policy in IT infrastructure, content and organizational behavior.
Part of the council's mission is to develop a blueprint for the governance and protection of personal and organizational data within and between enterprises, and to understand how organizations can implement this data governance blueprint, using IBM and Business Partner solutions and research concepts.
As an ultimate goal for itself and for its clients, IBM seeks to transform data governance and compliance from yearly audits to real-time, change-driven, on demand business processes that continually assess risks, update policies and manage resources across the enterprise.
|
