CSC’s statement on recommendations on descriptions of data management

CSC’s statement on recommendations on descriptions of data management

CSC considers the proposed recommendation on data management model suitable and desirable. In order to achieve maximum benefits from it, CSC suggests that interoperability will be pursued already in the descriptions. This will be achieved by ensuring that the terminology used is coherent. In addition, the data management model should include adequate identifier policies. Life cycle and management of identifiers should be included in the description of document management process in chapter 8.

Considering information security of data sets and information systems, system owner's responsibility to identify requirements and accept implemented measures should be emphasized. In recommendation card about risk management (13 §), demand on risk ownership must be specified.

The ambition level in recommendation card on collection of log data (17 §) is desirable but rather ambitious. The recommendation should take into account also logs that are created by open or commercial software. In these cases, the possibility to impact logs is limited. In addition, describing log sets requires its own, more detailed recommendation and a process which supports different data management units in producing high quality descriptions of data contents of log sets.

Recommendations on technical interfaces and viewing connections need specifications on the code of conduct when the data is in the possession of a third party, such as the service provider. In addition, it must be clarified how the need for information is verified in practise.

CSC supports the idea of creating models that assist in developing the descriptions of data management. CSC reminds that it is highly important to use common concepts when creating the descriptions.

Read the entire statament here (in Finnish).