Resource Person:

Dr. JAYSON D. VELASCO

Teacher III/ Subject Group Head, SHS
Data Driven Department of Education, DDSNHS

Governance 2016- Senior High School Teacher

Dupax del Sur NHS
2013- Instructor, Isabela State University Echague
Competency Campus, IICT Department
2013- Data Documentator- World Vision North

Guide Luzon Cluster.

2011- Faculty, Saint Mary’s University
 Notification
Personal Data Privacy:
The name and email addresses collected, retained, and used in the seminar are to recognize
the participants and to send learning materials and training information. The participant
during the online live seminar may opt to close his or her camera and simply use the
microphone or chat for questions and comments. The online live seminar is not streamed in
in Facebook or Youtube.

Copyright Notice:
The cited and annotated content of cited standards are duly owned by their research
organization or publishers.

The provided information about the rules and standards are for educational purpose.
The PowerPoint of the competency guide is free to use and share.
Being Competent
“A competent person has definitive
understanding, skills and character needed to
perform at a given level of
performance
standard,
the decision and work associated to the
mandated function and outcome of a defined
strategy and operation of the organization.
 Being Competent

It is indicated by the person’s

ability to transfer and apply
knowledge, skills and attitude

to new situations, and to the

requirement of collaborative results.
 Competency Model

A competency model is about

shareable body of knowledge
believed to define and differentiate
the essential indicators of the
required understanding, action and
attitude behind the successful
delivery of the service objectives.
Competency Model

(Center for Creative

Leadership
Morgan McCall
Michael M. Lombardo
Robert A. Eichinger)
Performance Standards

“Standards are the distilled

wisdom of people with expertise
in their subject matter and who
know the needs of the
organizations they represent –
people such as manufacturers,
sellers, buyers, customers, trade
associations, users or
regulators.”
Performance Standards
“Standards are document,
established by consensus and
approved by a recognized body,
which provides for common and
repeated use, rules, guidelines or
characteristics for activities or their
results, aimed at the achievement
of the optimum degree of order in a
given context.” (PMI)
Performance Methodology
It is a combination of logically related
practices, processes, rules and procedures
that determine how best to communicate
and to contextually do the details of the
collaborative work related to planning,
designing, implementing and improving the
data driven approach behind the exercise of
“decision rights” called governance.
Performance Methodology
It secures the presence and agreement
about the common language, common
processes, common rules, and common
documentation in the delivery and
support of the data driven governance
program and project as defined and
agreed with the stakeholders.
Performance Methodology
A good performance methodology
provides the framework, processes,
guidelines and techniques to achieve
the performance objectives of data
driven governance that are agreed by
the stakeholders, development team,
and service users.
Performance Methodology
A good methodology makes the
“possible” of succeeding the data driven
governance outcome and therefore
provides value to the stakeholders and
customers of the organization.
Training Questions of Understanding

1. What are the key result areas and performance

indicators of governance in an organization
or government agency?

2. What is the motivation, design,

methodology, and technology of data
driven approach in governance?
 Training Questions of Understanding
3. What are the key result areas and performance
indicators of data management, data
governance, data quality, and data
privacy that support data driven governance
4. system
How dowith effectiveness,
digital efficiency and
transformative
security?
technologies enable the achievement,
improvement and continuity of data driven
governance objectives?
 Training Questions of Understanding

5. How data driven governance is a necessary

component in the quality management
system, ease of doing business and data
privacy of a government agency? (E.O.
605-2007., R.A.11032, and R.A.10173)
 Data Driven Approach
Data Driven to Governance
Governance Regulatory and Standards Context
Competency Guide of Data Driven Governance

Data Management Framework of

Data Driven Governance

Data Quality Framework of Data

Driven Governance

Digital Transformative Technologies

of Data Driven Governance
 Data Driven Governance Management

The competency enabling belief:

The statutory and regulatory requirements find
their valid, verifiable, acceptable and actionable
“problem statement and resolution concepts” from
established and shared standards of practice as to
principles, components, methods, metrics and
documentation of performance legal requirements.
 Data Driven Governance Management

The competency enabling belief:

The person, entity or organization with legal liability
related to the “whereas” and “therefore” of the law or rules
may determine, describe, document and demonstrate
understanding of compliance through the openly published,
clearly defined, and collaboratively improved knowledge
standards or body of knowledge related to achieving the
intention, action and documentation of statutory and
regulatory compliance.
Data Driven Governance Management

The competency enabling standards

The requirement for data driven approach is described
principle and activity of the following established
guidelines;
1. Governance in organization
- ISO 37000
2. Quality management in organization
- ISO 9000
3. Project management
-ISO 10006
 Data Driven Governance Management

The competency enabling standards

The effectiveness, efficiency and security of data driven
approach implementation has to be achieved with the following
established guidance:
1. Data governance
-ISO 8000-150
-ISO 8000 -61
2. Data quality model
-ISO 25012
3. Data privacy and security
-ISO 29100
-ISO 27701
 Data Driven Governance Management

The competency enabling standards

The understanding about the common concept, principle,
organization, process, and technology in the management
of a data driven approach program and project is made
clear, coherent and complete with the following
knowledge source.

1. Data management body of knowledge

2. Business analyst body of knowledge
3. Digital development principles
Data Quality Management
 Data Quality Management
Definition
1. Data quality management is the coordinated activities to direct
and control an organization with regards to data quality.
2. Data quality is about degree to which a set of inherent
characteristics of data fulfil need or expectation that is stated,
generally implied, or obligatory.
3. Data is reinterpretable representation of information in a formalized
manner suitable for communication, interpretation or processing.
4. Quality is degree to which a set of inherent characteristics of an
object fulfils requirements.
(ISO 8000-2)
 Data Quality Management

Principle 1: Process approach

Effective management is based upon a number of key processes

1.The processes that use, create and update data are

defined and operated.
2.The processes become repeatable and reliable by
also defining and operating processes for managing
data quality.
(ISO 8000-61)
 Data Quality Management

Principle 2: Continuous improvement

Strive to continuously improve the quality of data, the processes used to achieve
should be continually improved

1. Data are improved through effective measurement and

correction of data nonconformities that arise from data
processing.
2. The improvements do not prevent the same
nonconformities occurring repeatedly.
3. Sustained improvement arises from analyzing, tracing
(ISO 8000-61) and removing the root causes of poor data quality,
usually requiring the improvement of processes
 Data Quality Management
Principle 3: Involvement of people
Data quality management is a people based activity and not a technology implementation

1. End users have the greatest direct effect on data quality

through data processing activities.
2. Data quality specialists perform the necessary intervention and
control to implement and embed processes for improvement
of data quality across the organization.
3. Oversight by top management ensures the necessary resources
are made available and directs the organization towards
achieving the vision, goals and objectives for data quality.
(ISO 8000-61)
 Data Quality Management: Process Model

(ISO 8000-61)
 Data Quality Management: Process Model

(ISO 8000-61)
 Data Quality Management: Process Model
Data Quality Planning
Key Result Areas Activities
1. Requirements management Identification, definition and prioritization of the delivery of
different data related requirements for the organization
2. Data quality strategy Establish, evaluate and improve the organizations data
management quality strategy

3. Data quality policy, Development of policies, standards and procedures that

standards, and procedures support the data quality strategy
management
4. Data quality implementation Development of a plan that defines roles, responsibilities,
planning  sequencing, funding and technology enablers to perform all
other data quality management related activities
(ISO 8000-61)
 Data Quality Management: Process Model
Data Quality Control
Key Result Areas Activities
1. Provision of data specifications  Ensuring data requirements arising from processes are
and work instructions specified, as are the process steps

2. Data processing Checking that data arising from processes meets data
requirements;
3. Data quality monitoring and Identify and respond to instances where data
control processing does not conform to requirements

(ISO 8000-61)
 Data Quality Management: Process Model
Data Quality Improvement
Key Result Areas Activities
1. Root Cause Analysis and Identify root causes of data quality issues and propose
Solution Development solutions to prevent re-occurrence;

2. Data Cleansing Correction of data quality issues using automated tools

and/or human intervention;
3. Process Improvement for Implementation of solutions to prevent re-occurrence of data
Nonconformity Prevention and process non-conformities

(ISO 8000-61)
 Data Quality Management: Process Model
Data Quality Assurance
Key Result Areas Activities
1. Review of Data Quality Assess reported data quality issues to understand their
Issues nature and extent

2. Provision of Measurement Development of measurement metrics and methods to

Criteria support data quality measurement

3. Measurement of Data Engagement of resources to measure data quality levels and

Quality and Process assessing the measurement process
Performance
4. Evaluation of Measurement Analyse outputs of data quality measurement and assess the
(ISOResults
8000-61) impacts of poor data quality and the measurement process
 Data Quality Management: Master Data
Governance

(ISO 8000-150)
 Send now
your question messages
in the chat box.
Data Driven Governance Competency Guide
Jayson.velasco@deped.gov.ph
09976183328
 Data Quality Management – Quality Requirements

1. Inherent Data Quality

It is about the degree to which quality characteristics of
data have the intrinsic potential to satisfy stated and
implied needs when data is used under specified
conditions.
2. System-Dependent Quality
It is about the degree to which data quality is reached and
preserved within a computer system when data is used under
(ISO 25012) specified conditions
 Data Quality Management: Process Model
Inherent Data Quality
Characteristic Description
1. Accuracy The degree to which data has attributes that correctly represent
the true value of the intended attribute of a concept or event in a
specific context of use.
2. Completeness The degree to which subject data associated with an entity has
values for all expected attributes and related entity instances in a
specific context of use
3. Consistency The degree to which data has attributes that are free from
contradiction and are coherent with other data in a specific
context of use. It can be either or both among data regarding one
(ISO 25012) entity and across similar data for comparable entities.
 Data Quality Management: Process Model
Inherent Data Quality
Characteristic Description
4. Credibility The degree to which data has attributes that are regarded as
true and believable by users in a specific context of use.
Credibility includes the concept of authenticity (the
truthfulness of origins, attributions, commitments).
5. Currentness The degree to which data has attributes that are of the right age
in a specific context of use.

(ISO 25012)
 Data Quality Management: Process Model
System-Dependent Quality
Characteristic Description
1. Accessibility The degree to which data can be accessed in a specific context of
use, particularly by people who need supporting technology or
special configuration because of some disability.
2. Compliance The degree to which data has attributes that adhere to standards,
conventions or regulations in force and similar rules relating to data
quality in a specific context of use.
3. Confidentialit The degree to which data has attributes that ensure that it is only
accessible and interpretable by authorized users in a specific context
y of use. Confidentiality is an aspect of information security (together
with availability, integrity)

(ISO 25012)
 Data Quality Management: Process Model
System-Dependent Quality
Characteristic Description
3. Efficiency The degree to which data has attributes that can be processed
and provide the expected levels of performance by using the
appropriate amounts and types of resources in a specific
context of use.
4. Precision The degree to which data has attributes that are exact or that
provide discrimination in a specific context of use.
5. Traceability The degree to which data has attributes that provide an audit
trail of access to the data and of any changes made to the data
in a specific context of use.

(ISO 25012)
 Data Quality Management: Process Model
System-Dependent Quality
Characteristic Description
6. Understandabili The degree to which data has attributes that enable it to be read and
interpreted by users, and are expressed in appropriate languages, symbols
ty and units in a specific context of use.

7. Availability The degree to which data has attributes that enable it to be retrieved by
authorized users and/or applications in a specific context of use.

8. Portability The degree to which data has attributes that enable it to be installed,
replaced or moved from one system to another preserving the existing
quality in a specific context of use.

9. Recoverability The degree to which data has attributes that enable it to maintain and
preserve a specified level of operations and quality, even in the event of
(ISO 25012) failure, in a specific context of use.
 Send now
your question messages
in the chat box.
Data Driven Governance Competency Guide
jayson.velasco@deped.gov.ph
09976183328
Data Management: Data Privacy and Security
Data Management -Privacy and Security Safeguards
R.A. 10173 – Rule VI SECURITY MEASURES
Organizational Security
1.Compliance Officers.
2.Data Protection Policies
3.Records of Processing Activities
4.Processing of Personal Data
5.Personal Information Processor
Contracts
Physical Security
1.Policies and Procedures on Limited
Physical Access
2.Security Design of Office Space and 2.Safeguards to protect computer
Room
3.Person Duties, Responsibility and
Schedule Information
4.Policies on transfer, removal,
disposal, and re-use of electronic
media
5.Prevention policies against
mechanical destruction of files and
equipment
Technical Security
1.Security policy in processing personal
data
network again unlawful, illegitimate,
and destructive activities
3.Confidentiality, integrity, availability,
and resilience of the processing systems
and services
4.Vulnerability assessment and regular
monitoring for security breaches
5.Ability to restore the availability and
access to personal data 
6.Regularly testing, assessing, and
evaluating the effectiveness of security
measures
 Rule and Standard Based Management of Data Privacy
R.A. 10173 Implementing Data Privacy Information Security
Rules Policy Policy
ISO 29100 ISO 27001 Annex A
Rule 1 – Policy and Definitions 5.2 Consent and choice A5 Information security policies
Rule 2 – Scope of Application 5.3 Purpose legitimacy and A6 Organization of information security
Rule 3 – National Privacy Commission specification A7.Human resource security
Rule 4 – Data Privacy Principles 5.4 Collection limitation A8.Asset management
Rule 5 – Lawful Processing of Personal Data 5.5 Data minimization A9.Access control
Rule 6 – Security Measures Protection of Personal 5.6 Use, retention and disclosure A10.Crytography
Data limitation A11.Physical and environmental security
Rule 7 - Security of Sensitive Personal Information 5.7 Accuracy and quality A12.Operations security
in Government 5.8 Openness, transparency and A13.Communications security
Rule 8 - Rights of Data Subject notice A14.System acquisition, development and
Rule 9 - Data Breach Notification 5.9 Individual participation and maintenance
Rule 10 – Outsourcing and Subcontracting access A15.Supplier relationship
Rule 11 - Registration and Compliance 5.10 Accountability A16.Information security incident
Requirements 5.11 Information security management
Rule 12 – Rules on Accountability 5.12 Privacy compliance A17.Information security aspects of
Rule 13 – Penalties business continuity management
Rule 14 – Miscellaneous Provisions A18.Compliance
 Rule and Standard Based Management of Data Privacy
Policy Inventory Risks Controls Operation
R.A. 10173 -2016 ISO 10007 – ISO 31000 – Risks R.A. 10173 Security NPC Circular 16-03
Implementing Rules Configuration Management Measures Personal Data Breach
and Regulation Management ISO 27005 – Security ISO 29151 – Privacy Management
NPC Advisories and Risks Management Controls NYMITY
Circulars ISO 27036 – Security Accountability
Supplier Relationship Framework

ISO 29100 – Data NPC Circular 17-01 ISO 29134 – Privacy ISO 27002 – Security ISO 27701 – Privacy
Privacy Framework Registration of Data Impact Assessment Controls Information
ISO 27001 – Processing System and ISO 22307 - Finance CSI Security Management System
Information Security Automated System Sector Privacy Impact CONTROL ISO 27035 – Security
Framework Assessment ISO 27017 – Cloud Incident Management
ISO 29190 – NPC Advisory No. Security ISO 27032 – Cyber
Privacy Management 2017-03 PIA IS0 27018 – Cloud Security Guidelines
Capability Guidelines Privacy ISO 27550 -Privacy
ISO 29184 – ETSI Security Engineering For System
ISO 27045 – Big Data Life Cycle Processes
Notification and Indicators
Security and Privacy
Consent OWASP
National Cyber Vulnerabilities
Training Activity
Data Governance Roles and Responsibilities

Roles
Data Manager Data Manager Data Technician
Responsibility Responsibility Responsibility

https://www.dpadvantage.co.uk/wp-content/uploads/2018/03/DPA-White-Paper-ISO-8000-Part-150-1-1.pdf
Data Quality Checklist

Inherent Data Quality Failure-Check

https://iso25000.com/index.php/en/iso-25000-standards/iso-25012
Data Quality Checklist

System-Dependent Data Failure-Check

Quality

https://iso25000.com/index.php/en/iso-25000-standards/iso-25012
 Send now
your question messages
in the chat box.
Data Driven Governance Competency Guide
jayson.velasco@deped.gov.ph
09976183328