Contact us

Data Governance – UNE 0077 / ISO 38505-1 Certification

Data is an essential resource for driving growth and competitiveness in any organisation. Therefore, having relevant, high-quality information is a priority that requires entities to manage and govern their data in accordance with their business strategy, using it as efficiently as possible.

Data governance is also a fundamental part of artificial intelligence (AI) governance, as data is the basis on which a significant number of intelligent systems are built, trained and evaluated. Therefore, without adequate control over the quality, origin and use of data, it is impossible to guarantee that AI is reliable, ethical and compliant with the law.

UNE 0077 and ISO 38505-1 define guidelines for data governance in an organisation, ISO 38505-1 from the point of view of principles and general aspects, and UNE 0077 from the more operational perspective of implementing a data governance system and the data governance processes necessary to ensure effective, efficient and acceptable use of data within the organisation, in line with its business strategy.

UNE 0077 and ISO 38505-1 are applicable to any organisation, including public and private companies, government entities, and non-profit organisations, regardless of their size or internal composition.

Why are UNE 0077 and ISO 38505-1 important?

The UNE 0077 standard helps organisations establish good data governance by offering practical guidelines on implementing the necessary processes and establishing a data governance system. It thus provides the basis for ensuring that information is reliable, secure and consistent, and that its use is aligned with business strategy and objectives.

Thanks to this standard, companies can better leverage the value of their data, make better decisions and ensure responsible use of information.

On the other hand, ISO 38505-1 provides a framework that guides organisations on how to govern data, integrating its management into corporate governance and information technology.

Its importance stems from the fact that it establishes the principles and key aspects to ensure that data is used in an ethical, secure and value-generating manner, focusing on the value of data, the risks associated with such data and the constraints on the use of data that may limit its potential value.

Together, both standards reinforce confidence in data management and lay the foundations for responsible governance of artificial intelligence.

AI models learn patterns and make decisions based on the data they receive. If that data is:

  • incomplete or biased, the model will reproduce those biases;
  • unreliable, the model will generate erroneous results;
  • undocumented, it will be impossible to audit its decisions.

Therefore, good data governance (defining policies, roles, quality, traceability, etc.) is the first step towards responsible use of AI.

Key principles of ISO 38505-1:

  1. Purpose: The use of data must be consistent with the organisation's mission and objectives.
  2. Value creation: Data must be leveraged to create, deliver, and maintain value over time.
  3. Strategy: It is necessary to have a data strategy that is aligned with the overall business strategy and takes into account risks, opportunities, and technological advances.
  4. Oversight: The organisation must exercise effective oversight over the use of data to ensure ethical, regulatory, and operational compliance.
  5. Accountability: Legal obligations and internal policies must be complied with, especially in relation to security and personal data protection.
  6. Stakeholder engagement: The expectations of employees, customers, and other stakeholders must be considered at all stages of data use.
  7. Leadership: Ethical and consistent leadership is key to promoting a responsible culture around the use of information.
  8. Data and decisions: Data must be of high quality and used to support informed decisions that are consistent with the organisational purpose.
  9. Risk governance: It is essential to identify, assess and manage the risks associated with data use.
  10. Social responsibility: Organisations must take responsibility for the social impacts arising from the use of data, promoting ethical and sustainable practices.
  11. Viability and performance over time: The results obtained from the use of data must be continuously measured and improved, ensuring their value and sustainability over time.

Benefits of certification

  1. Trust and credibility. Provides external assurance that the organisation manages its data ethically, securely and in accordance with internationally recognised standards. Strengthens the trust of customers, partners and the general public.
  2. Strategic alignment. It enables data management to be integrated with business strategy, ensuring that information is used to achieve specific objectives and generate sustainable value.
  3. Regulatory and ethical compliance. Facilitates compliance with data protection laws and regulations, as well as ethical principles in the use of information and artificial intelligence.
  4. Improved data quality and traceability. Promotes practices that ensure data is accurate, complete, up to date, and traceable, resulting in more reliable and efficient decisions.
  5. Operational efficiency. Standardises processes and roles, reduces duplication and improves internal coordination around data management. This leads to greater efficiency and control throughout the organisation.
  6. Value creation and sustainability. Promotes the intelligent use of data as a strategic asset, driving innovation, competitiveness and long-term sustainability.
  7. Risk reduction. Helps identify, assess and mitigate risks related to security, privacy or misuse of data, strengthening digital resilience.
  8. International recognition. Both standards are aligned with international frameworks for good corporate and digital governance, facilitating comparability and global recognition.

Key requirements and processes

To implement data governance, it is recommended to consider the processes proposed in UNE 0077:

  • Establishing the data strategy: defining the vision and direction of how data adds value to the business. This includes identifying critical data, assessing maturity in its management, and planning initiatives that promote the intelligent use of data within the organisation.
  • Establishment of data policies, best practices and procedures: standards, best practices and operational guidelines are established to ensure consistent and secure data management. This process guarantees that all areas work under common criteria of quality, security and regulatory compliance.
  • Establishment of organisational structures for data governance, management and use: the roles, responsibilities and coordination mechanisms necessary to implement and oversee data governance are defined. It fosters an organisational culture based on accountability and the strategic value of information.
  • Data risk optimisation: risks associated with data use, such as those relating to privacy, security, legal compliance or reputation, are identified and managed. The aim is to protect data assets and ensure their ethical and responsible use.
  • Data value optimisation: the aim is to maximise the value that data brings to the business by identifying opportunities, measuring results and encouraging reuse. This process turns data into a real driver of innovation and decision-making.

Get certified with I2SC

At I2SC, we offer expert advice on the implementation and certification of UNE 0070 and ISO 38505-1. Our team will accompany you through every stage of the process to ensure that your organisation establishes an appropriate framework for data governance.

Ready to start governing data in your organisation? Contact us today and we will advise you on UNE 0070 / ISO 38505-1 certification.

Are you interested in obtaining the UNE 0070 / ISO 38505-1 certification for your company?

Contact us
en_GBEN
en_GBEN es_ESES