Data Governance Policy

Home » Data Governance Policy

Introduction

Cam Industrial, hereafter referred to as “the Company”, recognizes the importance of data governance in achieving its objectives and fulfilling its obligations. This policy outlines the principles and practices that govern the collection, use, storage, sharing, and disposal of data within the Company.

Scope

This policy applies to all employees, contractors, and third-party vendors who collect, use, store, share, or dispose of data on behalf of the Company, as well as to all data assets owned or managed by the Company, regardless of format or location. 

Principles

The following principles guide the Company’s data governance practices:

  • Data shall be collected, used, and shared in a lawful, ethical, and transparent manner, and in compliance with all applicable laws, regulations, and industry standards.
  • Data shall be accurate, complete, and up-to-date, and shall be regularly reviewed, validated, and corrected as necessary. 
  • Data shall be appropriately secured, protected, and backed up to ensure its confidentiality, integrity, and availability.
  • Data shall be accessed, used, and shared only on a need-to-know basis and in accordance with the Company’s access control policies and procedures.
  • Data shall be disposed of in a timely, secure, and environmentally responsible manner in accordance with the Company’s data retention and disposal policies and procedures. 

Roles and Responsibilities

The following roles and responsibilities are established to support the Company’s data governance practices: 

  • The Chief Information Officer (CIO) shall be responsible for developing, implementing, and monitoring the Company’s data governance framework, policies, and procedures, and for ensuring that all employees, contractors, and third-party vendors are aware of and comply with them.
  • Data owners shall be responsible for defining and documenting the data they own, establishing appropriate access control policies and procedures, and ensuring the accuracy, completeness, and quality of their data.
  • Data custodians shall be responsible for managing the storage, protection, and backup of the data they are entrusted with, in accordance with the Company’s data security and backup policies and procedures.
  • Data users shall be responsible for using the data they are authorized to access in a lawful, ethical, and responsible manner, and for reporting any data inaccuracies, discrepancies, or security incidents to their supervisors and the CIO.
  • Third-party vendors shall be required to comply with the Company’s data governance policies and procedures and to provide appropriate assurances of their compliance. 

Compliance and Audit

The Company shall establish a process for monitoring, enforcing, and reporting on compliance with this policy and its associated procedures. The CIO shall be responsible for conducting periodic audits of the Company’s data governance practices to assess their effectiveness, identify gaps and risks, and recommend corrective actions as necessary. 

Training and Awareness

The Company shall provide training and awareness programs to all employees, contractors, and third-party vendors to ensure their understanding and compliance with this policy and its associated procedures. 

Review and Revision

This policy shall be reviewed and revised periodically, or as needed, to ensure its continued relevance, effectiveness, and compliance with applicable laws, regulations, and industry standards.

Enforcement

Violations of this policy may result in disciplinary action, up to and including termination of employment or contract, and may also lead to civil or criminal liability. 

Effective Date

This policy shall become effective as of April 26, 2023, of its approval by the Company’s management. 

Feedback or Questions

If you have any questions about this Data Governance Statement, please contact us here: https://camindustrial.net/contact/.