{"id":777,"date":"2025-10-31T18:09:55","date_gmt":"2025-10-31T18:09:55","guid":{"rendered":"https:\/\/i2sc.es\/?page_id=777"},"modified":"2025-11-05T15:23:37","modified_gmt":"2025-11-05T15:23:37","slug":"gobierno-de-ia-certificacion-une-0077-iso-38505-1","status":"publish","type":"page","link":"https:\/\/i2sc.es\/en\/gobierno-de-ia-certificacion-une-0077-iso-38505-1\/","title":{"rendered":"Data Governance \u2013 UNE 0077 \/ ISO 38505-1 Certification"},"content":{"rendered":"

Data is an essential resource<\/strong> for driving growth <\/strong>and competitiveness <\/strong>in any organisation. Therefore, having relevant, high-quality information is a priority that requires entities to manage and govern their data<\/strong> in accordance with their business strategy, using it as efficiently as possible.<\/p>\n\n\n\n

Data governance<\/strong> is also a fundamental part of artificial intelligence (AI) governance<\/strong>, as data is the basis on which a significant number of intelligent systems are built, trained and evaluated<\/strong>. Therefore, without adequate control over the quality, origin and use of data, it is impossible to guarantee that AI is reliable, ethical and compliant with the law.<\/p>\n\n\n\n

UNE 0077 and ISO 38505-1<\/strong> define guidelines for data governance<\/strong> in an organisation, ISO 38505-1<\/strong> from the point of view of principles and general aspects, and UNE 0077<\/strong> from the more operational perspective of implementing a data governance system<\/strong> and the data governance processes<\/strong> necessary to ensure effective, efficient and acceptable<\/strong> use of data within the organisation, in line with its business strategy<\/strong>.<\/p>\n\n\n\n

UNE 0077 and ISO 38505-1<\/strong> are applicable to any organisation<\/strong>, including public and private companies, government entities, and non-profit organisations, regardless of their size or internal composition.<\/p>\n\n\n\n

Why are UNE 0077 and ISO 38505-1 important?<\/h2>\n\n\n\n
\n
\n

The UNE 0077 standard<\/strong> helps organisations establish good data governance<\/strong> by offering practical guidelines on implementing the necessary processes<\/strong> and establishing a data governance system<\/strong>. It thus provides the basis for ensuring that information is reliable, secure and consistent<\/strong>, and that its use is aligned with business strategy and objectives.<\/p>

Thanks to this standard, companies can better leverage the value of their data, make better decisions and ensure responsible use of information.<\/p><\/p>\n\n\n\n

On the other hand, ISO 38505-1<\/strong> provides a framework that guides organisations on how to govern data<\/strong>, integrating its management into corporate governance and information technology.<\/p>

Its importance stems from the fact that it establishes the principles and key aspects to ensure that data is used in an ethical, secure and value-generating manner<\/strong>, focusing on the value<\/strong> of data, the risks<\/strong> associated with such data and the constraints<\/strong> on the use of data that may limit its potential value.<\/p><\/p>\n\n\n\n

Together, both standards reinforce confidence<\/strong> in data management<\/strong> and lay the foundations for responsible governance of artificial intelligence<\/strong>.<\/p>\n\n\n\n

AI models learn patterns and make decisions based on the data<\/strong> they receive. If that data is:<\/p>\n\n\n\n

    \n
  • incomplete or biased<\/strong>, the model will reproduce those biases;<\/li>\n\n\n\n
  • unreliable<\/strong>, the model will generate erroneous results;<\/li>\n\n\n\n
  • undocumented<\/strong>, it will be impossible to audit its decisions.<\/li>\n<\/ul>\n\n\n\n

    <\/p>\n\n\n\n

    Therefore, good data governance<\/strong> (defining policies, roles, quality, traceability, etc.) is the first step towards responsible use of AI<\/strong>.<\/p>\n<\/div>\n\n\n\n

    \n
    <\/span>
    \n

    Key principles of ISO 38505-1:<\/strong><\/h3>\n\n\n\n
      \n
    1. Purpose:<\/strong> The use of data must be consistent with the organisation's mission and objectives.<\/li>\n\n\n\n
    2. Value creation:<\/strong> Data must be leveraged to create, deliver, and maintain value over time.<\/li>\n\n\n\n
    3. Strategy:<\/strong> It is necessary to have a data strategy that is aligned with the overall business strategy and takes into account risks, opportunities, and technological advances.<\/li>\n\n\n\n
    4. Oversight:<\/strong> The organisation must exercise effective oversight over the use of data to ensure ethical, regulatory, and operational compliance.<\/li>\n\n\n\n
    5. Accountability:<\/strong> Legal obligations and internal policies must be complied with, especially in relation to security and personal data protection.<\/li>\n\n\n\n
    6. Stakeholder engagement:<\/strong> The expectations of employees, customers, and other stakeholders must be considered at all stages of data use.<\/li>\n\n\n\n
    7. Leadership:<\/strong> Ethical and consistent leadership is key to promoting a responsible culture around the use of information.<\/li>\n\n\n\n
    8. Data and decisions:<\/strong> Data must be of high quality and used to support informed decisions that are consistent with the organisational purpose.<\/li>\n\n\n\n
    9. Risk governance:<\/strong> It is essential to identify, assess and manage the risks associated with data use.<\/li>\n\n\n\n
    10. Social responsibility:<\/strong> Organisations must take responsibility for the social impacts arising from the use of data, promoting ethical and sustainable practices.<\/li>\n\n\n\n
    11. Viability and performance over time:<\/strong> The results obtained from the use of data must be continuously measured and improved, ensuring their value and sustainability over time.<\/li>\n<\/ol>\n<\/div><\/div>\n<\/div>\n<\/div>\n\n\n\n
      \n
      \n

      Benefits of certification<\/h2>\n\n\n\n
        \n
      1. Trust and credibility.<\/strong> Provides external assurance that the organisation manages its data ethically, securely and in accordance with internationally recognised standards. Strengthens the trust of customers, partners and the general public.<\/li>\n\n\n\n
      2. Strategic alignment.<\/strong> It enables data management to be integrated with business strategy, ensuring that information is used to achieve specific objectives and generate sustainable value.<\/li>\n\n\n\n
      3. Regulatory and ethical compliance.<\/strong> Facilitates compliance with data protection laws and regulations, as well as ethical principles in the use of information and artificial intelligence.<\/li>\n\n\n\n
      4. Improved data quality and traceability.<\/strong> Promotes practices that ensure data is accurate, complete, up to date, and traceable, resulting in more reliable and efficient decisions.<\/li>\n\n\n\n
      5. Operational efficiency.<\/strong> Standardises processes and roles, reduces duplication and improves internal coordination around data management. This leads to greater efficiency and control throughout the organisation.<\/li>\n\n\n\n
      6. Value creation and sustainability.<\/strong> Promotes the intelligent use of data as a strategic asset, driving innovation, competitiveness and long-term sustainability.<\/li>\n\n\n\n
      7. Risk reduction.<\/strong> Helps identify, assess and mitigate risks related to security, privacy or misuse of data, strengthening digital resilience.<\/li>\n\n\n\n
      8. International recognition.<\/strong> Both standards are aligned with international frameworks for good corporate and digital governance, facilitating comparability and global recognition.<\/li>\n<\/ol>\n<\/div>\n\n\n\n
        \n

        Key requirements and processes<\/h2>\n\n\n\n

        To implement data governance, it is recommended to consider the processes proposed in UNE 0077<\/strong>:<\/p>\n\n\n\n