Data Governance-Part 8: Framework for Geo-Residency and Sovereignty

Note: CIO Strategy Council announced an organizational name change to the Digital Governance Council (DGC), effective January 30, 2023 and the creation of a new standards development division, Digital Governance Standards Institute (DGSI). This proposed standard aims to specify the minimum requirements for organizations to protect data and assets that reside in foreign entities, while taking advantage of the global technology eco-systems. The standard is not intended to prescribe how an organization should implement controls. Instead, the standard will guide organizations using jurisdictional and technological agnostic approaches due to differences across sectors. Considerations are given to: - Organizations developing and supporting SaaS Cloud Service products, hosted from outside of their resident nation; - Reliance on foreign entities for redundancy and resiliency (network connectivity as an example); - Reliance on foreign controlled assets, both internal and external; - Reality situations data and assets leaving the resident nation (aircraft, payment data, PII Data, Intellectual Property, Health Data, Automotive data, Other Devices); - Benefits of using Global assets; - Challenges of using Global assets; - Economic realities; and - Steps to mitigate associated risks. - Data sets and assets that reside in country i.e. promotion of national interests. This standard applies to all sectors, including public and private companies, government entities, and not-for-profit organizations.