Implementation and Development of National Data Management Controls, Governance, and Personal Data Protection (NDMO)
Establishment and Operation of Data Management Office (DMO)
Implementation and Development of National Data Management Controls, Governance, and Personal Data Protection (NDMO)
National Data Management Office (NDMO)
In line with Vision 2030, the Kingdom has established the National Data Management Office (NDMO) under the Saudi Data and Artificial Intelligence Authority (SDAIA). The NDMO aims to implement global best practices in data management and governance, enhancing the value derived from data for strategic decision-making, future foresight, and achieving the highest levels of responsibility and transparency.
It serves as the national regulatory and reference entity for data management and governance. The data produced, received, or handled by governmental and private entities is considered one of the most important national assets, contributing to improving performance, productivity, and facilitating the provision of public services.
Data Management
The National Data Management Office defines data management as the process of developing and implementing plans, policies, programs, practices, and overseeing them to enable entities to govern data and enhance its value as a valuable asset. The goal of data management is to assist the organization and decision-makers in improving the use of data for more accurate decision-making. Among the key objectives of data management are:
- Aligning data management with the organization’s goals
- Defining roles, responsibilities, and policies
- Ensuring access to data
- Producing data management documents
- Realizing value from data
- Adapting to a data-driven culture
It is crucial not to confuse between data management and data governance. Data governance is defined as a set of practices and concepts that prioritize and regulate data, in addition to implementing policies regarding data, while adhering to various regulations and mitigating data malpractices. Data governance is essentially a part of data management.
While the National Data Management Office can be defined as an organizational entity within the organization responsible for facilitating and coordinating data management efforts, overseeing them, designing, developing, and updating the strategic plan for data management, and ensuring compliance with relevant national and international policies and standards.
Data Management Areas (NDMO)
The National Data Management Office, as the national organizational and reference entity for data management and governance, has developed a national framework for data governance. This framework outlines controls for data management, governance, and the protection of personal data to enhance data organization by leveraging effective international best practices in handling data across various government entities.
Through these controls, the office aims to coordinate efforts related to data management, governance, and the protection of personal data in different entities, encompassing initiatives and projects. (See the following diagram)
Controls for National Data Management, Governance, and Personal Data Protection
1- Data Governance
Data Institutionalization
2-Descriptive Data and Data Catalog
3- Data Quality
4- Data Storage
5- Content and Document Management
6- Data Modeling and Structuring
7- Reference and Master Data Management
Data Utilization
8- Business Intelligence and Analytics
9- Data Integration and Sharing
10- Value Realization from Data
11- Open Data
12- Freedom of Information
Data Classification and Accessibility
13- Data Classification
14- Protection of Personal Data
Data Protection
15-Data Security and Protection (National Cybersecurity Authority)
The National Data Management Office issued the document “Controls and Specifications for National Data Management, Governance, and Personal Data Protection,” outlining the framework for data management and governance. This framework covers the data lifecycle from creation and usage to disposal and elimination. It consists of 15 domains within the field of data management. Three levels were defined for these domains:
- Domain Level (Domain): The domain represents a specific knowledge area within the framework of data management and governance, totaling 15 domains covered by these controls.
- Control Level (Control): This level comprises a set of controls that cover a specific aspect within the domain.
- Control Specifications Level (Specifications Control): This level defines the specifications of the control, outlining the expected outputs to comply with the data management and governance controls.
The implementation and prioritization of specifications are based on the priorities defined by the National Data Management Office, as follows:
- Priority 1: The relevant specifications must be implemented first as they constitute the fundamental building blocks in enhancing the capabilities and capacities of data management. All entities are required to apply these specifications within the first year of issuing these controls.
- Priority 2: The relevant specifications for improving the capabilities and capacities of data management must be implemented. All entities are required to apply these specifications before the end of the second year from the issuance of these controls.
- Priority 3: The relevant specifications contributing to the development of data management capabilities and capacities within the entity must be implemented. All entities are required to apply these specifications before the end of the third year from the issuance of these controls.
| Number | Specifications | field | number of controls | number of specifications | Priority of Specifications | Priority of Specifications 2 | Priority of Specifications3 |
|---|---|---|---|---|---|---|---|
| 1 | Data Governance | 8 | 28 | 18 | 9 | 1 | |
| 2 | Descriptive Data and Data Catalog | 6 | 20 | 5 | 13 | 2 | |
| 3 | Data Quality | 4 | 13 | 3 | 8 | 2 | |
| 4 | Data Storage | 5 | 14 | 3 | 10 | 1 | |
| 5 | Content and Document Management | 5 | 12 | 5 | 4 | 3 | |
| 6 | Data Modeling and Structuring | 7 | 13 | 3 | 10 | 0 | |
| 7 | Reference and Master Data Management | 6 | 18 | 8 | 10 | 0 | |
| 8 | Business Intelligence and Analytics | 5 | 10 | 4 | 5 | 1 | |
| 9 | Data Integration and Sharing | 8 | 16 | 8 | 7 | 1 | |
| 10 | Value Realization from Data | 4 | 8 | 2 | 5 | 1 | |
| 11 | Open Data | 5 | 10 | 4 | 5 | 1 | |
| 12 | Freedom of Information | 4 | 9 | 4 | 3 | 2 | |
| 13 | Data Classification | 5 | 10 | 5 | 4 | 0 | |
| 14 | Personal Data Protection | 5 | 10 | 4 | 5 | 1 | |
| 15 | Data Security and Protection | Managed by the National Cybersecurity Authority which issues related policies and systems and monitors compliance as per its jurisdiction. | |||||
| — | Total | 77 | 191 | 76 | 98 | 16 | |
Table Summary of Specifications for the 15 Domains
Mechanism for Implementing and Developing Specifications for Data Management Domains (NDMO)
The consultancy team at Renad Al-Majd for Information Technology (RMG) provides various services to assist organizations and enterprises interested in implementing data management specifications according to a roadmap that includes the following tasks:
- Analysis of organizational documents.
- Assessment of the current data status.
Study and analysis of gaps. - Development of the strategic plan for the data management office.
- Development of the operational model for the data management office.
- Development of policies and standards for data management.
- Development of Specifications for Data Management Domains (NDMO)
– Developing and implementing specifications with a strategic dimension, especially the plans for data management domains, which fall within priority 1.
– Developing and implementing executive control specifications that fall within priority 1.
– Developing and implementing the remaining specifications with a strategic dimension.
– Developing and implementing executive control specifications within priorities 2 and 3.
Description of Data Management Domains (NDMO):
Below is a detailed explanation and description of each area of data management:
Data Governance
Data governance is a set of practices and procedures that help ensure the management of data assets in organizations, starting from the development of data plans, controls, policies, and extending to execution and compliance. This is achieved through a governance framework that clarifies roles and responsibilities among relevant stakeholders.
Controls Specifications
8 28
Descriptive Data
Descriptive data and data directory consist of detailed information describing data and its usage characteristics, including three types: 1-business descriptive data, 2-technical descriptive data, and 3-operational descriptive data. The data directory is one of the outputs associated with descriptive data (Metadata). It is a reference framework describing data, its components, interconnections for management, and reference for detailed data mapping. It also identifies the source of truth for data in the public entity.
Controls Specifications
6 20
Data Quality
Data quality represents a set of periodic processes to process data, ensuring its accuracy and maturity to meet business requirements.
Controls Specifications
4 13
Data Storage
Data Storage Mechanism involves storing data on devices and media subject to necessary measures to facilitate data availability.
Controls Specifications
5 14
Content and Document Management
Content and Document Management involves preserving data and information through digitization, managing their exchange, accessibility, and preservation, whether organized or disorganized.
Controls Specifications
5 12
Data Modeling and Structuring
Data modeling is the creation of a representation of data within a specific organizational domain. The purpose of data modeling is to simplify data by describing it, defining its components, and specifying the relationship between those components.
Data structuring involves the procedures, systems, and organizational structures required using global standard models as a reference referred to in procedures for data storage, access, transfer, organization, etc.
Controls Specifications
7 13
Reference and Master Data Management
Reference and Master Data Management is a set of controls to ensure the identification of data sources and their correct primary and shared origin for everyone in the Kingdom. This ensures providing accurate, rich, correct, and consistent data.
Controls Specifications
6 20
Business Intelligence and Analytics
Business Intelligence and Analytics refer to collecting and analyzing internal and external data to extract knowledge and value for entities. It allows entities to transform data into valuable and useful informational results and metrics.
Controls Specifications
5 10
Data Integration and Sharing
Data Integration and Sharing refer to how data moves through distributed systems in different entities for the purpose of data integration. It defines the mechanism for sharing data between entities, the method of transfer, and delivery.
Controls Specifications
8 16
Value Realization from Data
Entities can benefit from data to gain financial, economic, social, and measurable leadership benefits. This is achieved by creating products or governmental data services with a return that supports decision-making and aspirations.
Controls Specifications
4 8
Open Data
Open Data is a specific set of publicly available, machine-readable information that is accessible to the public free of charge and without restrictions through a national open data platform. Any individual or public or private entity can use or share it.
Controls Specifications
5 10
Freedom of Information
Freedom of Information consists of provisions and procedures that regulate the exercise of the right to access public information related to the activities of entities or obtain it, enhancing the principles of transparency and freedom to exchange this information
Controls Specifications
4 9
Data Classification
Data Classification is a unified framework aimed at dividing data into specific levels. The mechanism for dealing with it is determined based on measuring the severity of the impact resulting from unauthorized disclosure of data or its content.
Controls Specifications
5 10
Personal Data Protection
Personal Data Protection consists of provisions and procedures that regulate the processing of personal data to ensure the preservation of the privacy of data owners and the protection of their rights.
Controls Specifications
5 10
Data Security and Protection
The group of systems, procedures, technologies, and technical solutions necessary to protect data from unauthorized access, alteration, or deletion is collaborated with the specialized entity, the National Cybersecurity Authority.
Controls Specifications
4 9
Request advice or training
Do not hesitate to contact us for any inquiries