IVI Framework Viewer

Representative POMs are described for Enforcement of Roles, Responsibilities, and Accountabilities at each level of maturity.

1Initial

• Practice

  Identify, agree and assign roles including allocation and enforcement of data protection responsibilities.

  Outcome

  Any roles, responsibilities and accountabilities are defined ad hoc.

2Basic

• Practice

  Identify, agree and assign roles including allocation and enforcement of data protection responsibilities.

  Outcomes

  • Some roles, responsibilities and accountabilities are defined.
  • Training and competence levels are identified.

  Metrics

  • # Count of regulatory and legislative instruments considered relevant.
  • % of identified regulatory or legislative instruments addressed in policies and controls.

3Intermediate

• Practice

  Identify, agree and assign roles including allocation and enforcement of data protection responsibilities.

  Outcome

  Roles, responsibilities and accountabilities are defined and implemented in most business units.

  Metrics

  • % Roles assigned to staff.
  • % assigned staff that have received role specific or were exempted role specific training.

4Advanced

• Practice

  Identify, agree and assign roles including allocation and enforcement of data protection responsibilities.

  Outcome

  Roles, responsibilities and accountability defined consistently organization-wide.

  Metrics

  • % Roles assigned to staff.
  • % assigned staff that have received advanced data protection training or were exempted from advanced training.

5Optimized

• Practice

  Identify, agree and assign roles including allocation and enforcement of data protection responsibilities.

  Outcome

  Roles, responsibilities and accountability defined and include the business ecosystem.

  Metric

  % business units or functions with defined data protection roles, responsibilities and accountabilities.