Internal Organisation Management & Oversight
Internal Organisation Management & Oversight
3.1. Internal Organisation
Item nr. | Item Name and Page | Control | Aim |
---|---|---|---|
3.1.1. | Data Science Managers |
The Management Committee should appoint Data Science Managers to oversee Products and warrant their effective alignment in accordance with the directives of the Management Committee, Policies, and, more broadly, Organisation strategies, business requirements, Corporate Governance Principles, Social Corporate Responsibilities, legal regulations and Ethical Practices. |
To ensure the clear management, oversight, ownership and custody of Products. |
3.1.2. | Data Science Managers Products Ownership and Custody |
The Management Committee ought to define and allocate to Data Science Managers Products. |
To ensure clear managerial oversight, ownership and custody of Products. |
3.1.3. | Data Science Managers Segregation of Duties |
Conflicting duties and areas of responsibility of Data Science Managers should be segregated to reduce opportunities for the unauthorised and/or unintentional modification and/or misuse of Products. |
To reduce the threat of Product abuse, misuse and/or mala fide actions by Data Science Managers. |
3.1.4. | Product Owners |
Data Science Managers ought to appoint Product Owners to (a) oversee specific Products and Product Teams; and (b) warrant their effective management in accordance with the directives of Data Science Managers, the Management Committee, and Organisation Policies. |
To ensure the clear management, oversight, ownership and custody of a Product and its Product Team. |
3.1.5. | Product Owners Ownership and Custody |
Data Science Managers ought to define and allocate to designated Product Owners Products and Product Teams. |
To ensure clear managerial oversight, ownership and custody of a Product and its Product Team. |
3.1.6. | Product Owners Segregation of Duties |
Conflicting duties and areas of responsibility of Product Owners should be segregated to reduce opportunities for the unauthorised and/or unintentional modification and/or misuse of a Product. |
To reduce the threat of Product abuse, misuse and/or mala fide actions by Product Owners. |
3.1.7. | Product Teams |
Data Science Managers, in consultation with Product Owners, should define and allocate Products to designated Product Teams. |
To ensure clear Product ownership and custody. |
3.1.8. | Product Definitions |
Data Science Managers, Product Owners, Business Stakeholders and, when relevant, Product employees ought to collectively document and define clear Product definitions, aims, internal deliverables and outcomes. |
To ensure Products have clear scopes to warrant (a) their effective oversight, management and execution, as well as (b) to allow for the accurate evaluation of Product risks and controls. |
3.1.9. | Approval of Product Definitions |
The Management Committee should review and approve Product Definitions. |
To ensure managerial oversight of Products scopes. |
3.1.10. | Product Definitions Review |
Product Definitions ought to be reviewed periodically, or if significant changes occur, by Data Science Managers, Product Owners, Business Stakeholders and, when relevant, Product employees. |
To ensure that Product Definitions are kept up-to-date to ensure their continued effectiveness, suitability, and accuracy. |
3.1.11. | Product Risk Classification Policy |
A Policy and Guide, which standarises the approaches to assessing Product risks, ought to be derived by Data Science Managers and approved by the Managerial Committee. |
To ensure that (a) clear guidelines exist on how to evaluate and determine Product based-risks for subsequent evaluation in Product Risk Portfolios; and (b) Products are assigned risk-appropriate mandatory minimum capacity and oversight. |
3.1.12. | Product Risk Classification Portfolio |
Data Science Managers, Product Owners, Business Stakeholders and, when relevant, Product employees ought to collectively document and interrogate - (a) Product Definitions; and (b) Product design, development, and implementation - to identify Product based-risks and assign Product risk values and classifications. |
To ensure Products have clear risk portfolios to warrant (a) their effective oversight, management and execution, as well as (b) to allow for the accurate evaluation of Product risks and controls. |
3.1.13. | Approval of Product Risk Classification Portfolio |
The Management Committee should review and approve Product Risk Portfolios. |
To ensure managerial oversight of Products risks. |
3.1.14. | Product Product Risk Classification Portfolio Review |
The Product Risk Classification Portfolio ought to be continuously reviewed and developed by Data Science Managers, Product Owners, Business Stakeholders and, when relevant, Product employees. |
To ensure that Product Risk Portfolios are kept up-to-date to ensure their continued effectiveness, suitability, and accuracy. |
3.2. Product Management
Item nr. | Item Name and Page | Control | Aim |
---|---|---|---|
3.2.1. | Product Lifecycle Guide |
Data Science Managers and, when relevant, Product Owners should derive a clear Product Lifecycle Guide for the Organisation. |
To ensure a clear organisational Product Lifecycle Guide to warrant the effective management and oversight of Machine Learning. |
3.2.2. | Product Lifecycle and Workflow Descriptions |
Having consideration for the Product Lifecycle Policy, Product Definitions, and the Product Risk Classification Portfolio, Product workflows ought to be derived, developed, and documented by Data Science Managers, Product Owners and, when relevant, Product employees for each Product. |
To ensure clear Lifecycle and Workflows for Products to warrant their effective management and oversight. |
3.2.3. | Reviewed of Product Lifecycle Guide |
The Product Lifecycle Guide should be reviewed and approved by Data Science Managers and, when relevant, the Management Committee. |
To ensure managerial oversight of the Product Lifecycle Guide. |
3.2.4. | Reviewed of Product Lifecycle and Workflow Description |
Product Lifecycle and Workflow Descriptions should be reviewed and approved by Data Science Managers and, when relevant, the Management Committee. |
To ensure managerial oversight of Product Lifecycle and Workflow Descriptions. |
3.2.5. | Product Lifecycle and Workflow Procedures |
Each Product ought to derive, develop and implement a set of Procedures to operationalise Product Lifecycle and Workflow Descriptions. |
To ensure the operationalisation of Product Lifecycle and Workflow Descriptions. |
3.2.6. | Reviewed of Product Lifecycle and Workflow Procedures |
The Product Lifecycle and Workflow Procedures should be reviewed periodically, or if significant changes occur, by the Product Team to ensure their continued effectiveness, suitability, and accuracy. |
To ensure that Product Product Lifecycle and Workflow Procedures are kept up-to-date. |
3.2.7. | Product Employee Roles and Responsibilities |
Data Science Managers and Product Owners ought to define and allocate to Product employees defined responsibilities and roles in terms of Product Lifecycle and Workflow Descriptions. |
To establish clear employee responsibilities and custodies in terms of Product Lifecycle and Workflow Descriptions. |
3.2.8. | Data Science Managers Reports |
Frequent reports detailing Product progress, changes and risks ought to be made to the Management Committee by Data Science Managers and, subsequently, reviewed timeously. |
To ensure the clear communication and management of Product deliverables to the Management Committee. |
3.2.9. | Product Owners Reports |
Frequent reports detailing Product progress, changes and risks ought to be made to the Data Science Managers and Business Stakeholders by Product Owners and, subsequently, reviewed timeously. |
To ensure the clear communication and management of Product deliverables to Data Science Managers and Business Stakeholders. |