Skip to product information
1 of 11

PayPal, credit cards. Download editable-PDF and invoice in 1 second!

GB/T 40685-2021 English PDF (GBT40685-2021)

GB/T 40685-2021 English PDF (GBT40685-2021)

Regular price $230.00 USD
Regular price Sale price $230.00 USD
Sale Sold out
Shipping calculated at checkout.
Quotation: In 1-minute, 24-hr self-service. Click here GB/T 40685-2021 to get it for Purchase Approval, Bank TT...

GB/T 40685-2021: Information technology service -- Data asset -- Management requirements

This Standard specifies data asset management general principles, management objects, management processes and management assurance requirements. This Standard is applicable to the application and management of data assets of organizations, and users including organizations that need to carry out data asset management and provide data asset management services.
GB/T 40685-2021
NATIONAL STANDARD OF THE
PEOPLE REPUBLIC OF CHINA
ICS 35.080
CCS L 77
Information technology service - Data asset - Management
requirements
ISSUED ON: OCTOBER 11, 2021
IMPLEMENTED ON: MAY 01, 2022
Issued by: State Administration for Market Regulation;
Standardization Administration of the People's Republic of China.
Table of Contents
Foreword ... 3
1 Scope ... 5
2 Normative references ... 5
3 Terms and definitions... 5
4 General management rules ... 7
4.1 Management principle ... 7
4.2 Management framework ... 7
5 Management object ... 9
5.1 Overview ... 9
5.2 Data asset characteristics ... 9
5.3 Data asset information elements ... 9
6 Management process ... 10
6.1 Overview ... 10
6.2 Data asset catalog management ... 10
6.3 Data asset identification ... 10
6.4 Data asset registration ... 11
6.5 Data asset application ... 11
6.6 Data asset inventory ... 12
6.7 Data asset change ... 12
6.8 Data asset disposal ... 13
6.9 Data asset assessment ... 13
6.10 Data asset audit ... 14
6.11 Data asset security management ... 14
7 Management assurance ... 15
7.1 Overview ... 15
7.2 Organizational guarantee ... 15
7.3 Institutional guarantee ... 16
7.4 Technical support ... 16
Annex A (informative) Reference method for data asset value assessment ... 17 A.1 Market method ... 17
A.2 Income method ... 17
A.3 Cost method ... 19
A.4 Comprehensive assessment method ... 19
Bibliography... 21
Information technology service - Data asset - Management
requirements
1 Scope
This Standard specifies data asset management general principles, management objects, management processes and management assurance requirements.
This Standard is applicable to the application and management of data assets of organizations, and users including organizations that need to carry out data asset management and provide data asset management services.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. GB/T 25000.12-2017, Systems and software engineering-Systems and software Quality Requirements and Evaluation (SQuaRE) - Part 12: Data quality model GB/T 25000.24-2017, Systems and software engineering - Systems and software Quality Requirements and Evaluation (SQuaRE) - Part 24: Measurement of data quality
GB/T 33770.2-2019, Information technology service ?€? Outsourcing - Part 2: Data protection requirements
GB/T 35273-2020, Information security technology - Personal information security specification
GB/T 37973-2019, Information security technology - Big data security management guide
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply. 3.1 data asset
legally owned or controlled data resources that can be measured and bring economic and social value to the organization
[Source: GB/T 34960.5-2018, 3.3, modified]
3.2 management objective
the objective set for data asset management activities within a certain period of time, based on organizational strategy
3.3 management domain
the collection of management objects, management processes and management guarantees in the process of data asset management
NOTE: Intra-domain behavior is subject to a system-administered policy. 3.4 data asset catalog
a set of information that describes the characteristics of a data asset by means of classification, grading, and coding
3.5 data asset identification
the activity to identify and register data assets from existing data sources according to management objectives
3.6 data asset registration
the activity of registering and confirming the ownership of data assets in an organization through technical means, so that it has attributes such as time, identity and content 3.7 data asset application
the activity to meet business scenarios and organizational development needs, and promote the appreciation of data assets through sharing, circulation, use, and so on 3.8 data asset change
the activity to ensure consistency of data assets with catalog information through a change control process
3.9 data asset assessment
the activity to quantitatively and qualitatively evaluate the status, quality, and value of data assets within an organization
3.10 data asset audit
the activity to review and monitor the authenticity, consistency, correctness, legality, 5 Management object
5.1 Overview
The object of data asset management is the data asset itself. Identify data assets based on characteristics in the management process. Describe and manage through the information elements of data assets.
5.2 Data asset characteristics
The characteristics of data assets are as follows:
a) Value can be increased: The value of data assets is easy to change. It can be increased with the application scenarios, the number of users and the frequency of use. Its economic value and social value will continue to grow;
b) Can be shared: Under the premise of controllable permissions, data assets can be copied and shared and applied by multiple entities inside and outside the organization;
c) Can be controlled: To meet the requirements of risk controllability and operational compliance, data assets need to have controllable permissions and traceable behavior;
d) Can be quantified: The quality, cost and value of data assets are measurable and assessable.
5.3 Data asset information elements
The elements of data asset information shall mainly include:
a) Basic attributes, including data source, type, structure, scale, update cycle, standard and quality;
b) Business elements, including business descriptions, business indicators, business rules and associations;
c) Management elements, including data ownership, classification and grading, security information, data traceability, responsibilities, authority, and application; d) Value elements, including market information, field information, geographical information, application value and financial attributes.
6 Management process
6.1 Overview
The management process defines a series of activities for an organization to implement data asset management. The data asset catalog is used to record and manage the information elements of data assets. The identification, confirmation, application, inventory, change and disposal of data assets are the core management activities. Realize the life cycle management of data assets, as well as preserve and increase value. Assessment, auditing and security management of data assets provide support for value discovery, operational compliance and risk control of data assets.
6.2 Data asset catalog management
6.2.1 Purpose
Record all identified data asset information in the organization through the data asset catalog. Support the whole process management of data asset identification, application, change, inventory and disposal.
6.2.2 Requirements
The specific requirements that data asset catalog management shall meet are as follows: a) Create a data asset catalog. Record data asset information elements; b) Establish control mechanisms such as permissions, versions and releases for data asset catalog management;
c) Categorize data assets. Dimensions include but are not limited to subject, subject and business;
d) Combining with the implementation of other management processes of data assets, ensure the timely and effective data asset catalog information.
6.3 Data asset identification
6.3.1 Purpose
The organization shall be based on management objectives. Sort out existing data resources. Identify data assets and their information elements based on business applications and market requirements. Register data asset information to ensure it is accurate and valid.
6.3.2 Requirements
b) Establish mechanisms for data asset service guarantee, benefit evaluation, and effect evaluation;
c) Ensure that the application process of data assets is safe, controllable, legal and compliant;
d) Completely record the behavior of data asset application to ensure traceability and auditability.
6.6 Data asset inventory
6.6.1 Purpose
Check the status of data assets through data asset inventory activities. Discover the inconsistency between the data asset catalog and data assets. Update data asset catalog information to ensure the consistency and integrity of data asset information. 6.6.2 Requirements
The specific requirements that data asset inventory shall meet are as follows: a) Prepare data asset inventory plan. Clarify the scope, requirements, procedures and timing of the inventory;
b) Arrange a special person to be responsible for the inventory of data assets. Define the rights and responsibilities of the inventory personnel;
c) According to the data asset inventory plan, the inventory personnel check the consistency and accuracy of the data asset catalog and data assets. Record the inventory results;
d) Analyze and deal with problems found in the inventory in a timely manner. 6.7 Data asset change
6.7.1 Purpose
When data asset management activities or business requirements trigger data asset changes, the change activities shall be implemented in an orderly manner through a change management process. Update the data asset catalog in a timely manner to ensure that the data asset catalog information is consistent with the actual situation. 6.7.2 Requirements
The specific requirements that data asset changes shall meet are as follows: a) Establish a data asset change mechanism. Clarify the triggering conditions for data asset changes. Effectively manage the change process;
b) Review the submitted changes to data assets, including completeness of information, business necessity, compliance with requirements, scope of impact, and ownership;
c) Analyze the impact of changes to data assets. Post a change impact notice; d) Implement changes based on data asset change review results. Update data asset catalog;
e) Document the change process. Establish a mechanism for continuous tracking, review and improvement of data asset changes.
6.8 Data asset disposal
6.8.1 Purpose
On the premise of complying with relevant laws, regulations and standards, optimize the allocation of data assets through the destruction and transfer of data assets. Reduce operation and management costs. Excavate the remaining use value.
6.8.2 Requirements
The specific requirements that shall be met for the disposal of data assets are as follows: a) Establish a data asset disposal mechanism. Effectively control the disposal process and risks;
b) Develop a disposal plan based on disposal needs. Prepare a disposal plan; c) Carry out risk assessment and impact analysis of the disposal plan, and review them;
d) According to the approved disposal plan, implement disposal and record. Set a retention period for data assets that need to be destroyed.
6.9 Data asset assessment
6.9.1 Purpose
Sort out the status quo of data assets by carrying out data asset assessment activities. Assess the quality and value of data assets. Promote the quality improvement and value realization of data assets.
6.9.2 Requirements
Establish a data asset security management mechanism that combines management and technical means and is oriented to the data life cycle. Develop data asset security management process. Clarify the management requirements of organizational personnel to ensure that data assets are safe and controllable.
6.11.2 Requirements
The specific requirements for data asset security management are as follows: a) It shall be classified and graded according to the sensitivity and importance of data assets, which shall comply with the provisions of GB/T 37973-2019; b) Establish a safety management team. Establish a safety management mechanism. Carry out supervision and inspection. Ensure segregation of duties;
c) Mechanisms for collection, transmission, storage, processing, exchange, destruction, and backup and recovery shall be established. See GB/T 37988-2019; d) Sensitive data shall be protected by means of data desensitization. That involves personal information security shall comply with the provisions of GB/T 35273- 2020;
e) It is advisable to mark and trace the data assets through technical means, so as to realize the controllable risk of the life cycle.
7 Management assurance
7.1 Overview
Management guarantee specifies the resource condition guarantee for data asset management activities, including organization, system and technology.
7.2 Organizational guarantee
The specific requirements for organizational security are as follows:
a) A data asset management leadership group shall be established. Designate senior managers as team leaders;
b) A data asset management oversight group shall be established to carry out regular inspections and assessments;
c) A data asset management team shall be formed. Clarify job responsibilities. Identify the person responsible for data asset management;
d) It is advisable to select a qualified third-party organization to carry out data asset assessment and audit;
e) It is advisable to conduct regular training for stakeholders in data asset management. The training content includes laws and regulations, management systems and job skills.
7.3 Institutional guarantee
The specific requirements that institutional guarantees shall meet are as follows: a) Develop a management system for data assets and make continuous improvements; b) Clarify the management requirements, standard procedures and operating specifications of each process;
c) Establish a work appraisal mechanism and incorporate it into the performance appraisal of relevant departments;
d) Clarify the scope, content, form and management procedures of deliverables; e) Establish a funding guarantee mechanism. The budget is included in the overall budget plan of the organization.
7.4 Technical support
The specific requirements for technical support are as follows:
a) Data asset catalog management shall be supported. Realize the query and traceability of data assets;
b) It shall support data asset sensitivity analysis and sensitive information processing; c) Data asset value assessment and quality assessment shall be supported; d) Management of deliverables in the data asset management process shall be supported.
P2 - The social value of data assets calculated based on the income method, in yuan; R2t - The expected social benefit of the data asset to be assessed in year t, in yuan. It can be weighted by data sharing value, government governance value, data industry value and data environment value. Data sharing value is such as data access, browsing, downloading, and so on. Government governance values are such as government governance efficiency, transparency and other values. The value of the data industry is such as the value of employment, taxation, and upgrading of the industry. The value of data environment is such as the value of data ecology, business, healthy environment and so on;
n2 - The remaining social value life, refers to the remaining time that the data assets to be evaluated can still generate social value, in years;
r2 - The social discount rate is the rate (%) at which the expected future social benefits are discounted to their present value.
A.3 Cost method
The cost method is based on a series of labor consumption during the formation of data assets. It reflects the value of data assets by cost.
The value of data assets is based on the replacement cost and combined with the market value of data assets to assess the value of data assets. See formula (A.5): Where,
P - The value of the data asset to be assessed, in yuan;
Ci - The replacement cost of each dataset, which is estimated according to the cost of data collection, storage, processing and other processes and the operation and maintenance cost, in yuan;
n - The number of datasets (pieces);
Qi - The impact of data asset value (%);
b - The data asset value influence coefficient (%).
A.4 Comprehensive assessment method
The calculation method of the comprehensive assessment method is shown in the formula (A.6):

View full details