What is the role of the Data CCC?
The Data CCC is focused around all aspects of how data is managed and exchanged within (and beyond) your solution. How data is managed is driven in part by the data risk assessment and the resulting class of data, so you need to run through the risk model to calculate the data class.
As well as the data classification it’s important that a Data Protection Impact Assessment is undertaken and that other IG controls such as a legal direction are in place.
The Data CCC is also interested in ensuring that the correct data standards and terminology standards are utilised appropriately.
How, where and for what purpose data is being processed is important. For example, that the relevant strategic data platform and tools (DPS) are utilised appropriately and we limit the proliferation of other data platforms and tools. You will be expected to be able to explain for data related to your solution flows, what processes and transformations are applied and where and how data is secured at rest as well as in transit.
You will need to be clear on what controls are in place to ensure the relevant data is shared with authorised users
You need to align with the data principles and be aware of other data related policies.
What evidence will they be looking for in your submission?
- Are you using the correct data and terminology standards?
- Are you using appropriate data platforms and tools, aligned to how data will be processed and transformed in your solution?
- How will data be secured in transit as well as at rest?
- What controls have been included to ensure the relevant data is shared with authorised users?