The Trust Layer

Identity: Identity and access management (IAM) can be defined as the management of an individual’s identity, their authentication, authorisation for accessing resources and their privileges. It is necessary to implement good governance. The goal of IAM is to ensure that all resources are accessed in a secure manner and that users can gain access to the resources that they need, when they need them, and to keep them productive without compromising the organisation by having inappropriate access. (Bloor – FH)

Governance: The excise of authority and control over the resources of an organisation. It influences the decision-making processes of individuals in the organisation. It refers to the mechanisms, processes and relations by which organisations are controlled and directed. Governance is a hierarchy of concerns. Overall organisational governance (supported by industry initiatives such as TQM and Six Sigma) is the result of well-governed, more specific, processes (using accepted standard frameworks such as COBIT and ITIL) acting on and producing good quality data. (Bloor – DN)

Quality: Quality is a perceptual, conditional, and somewhat subjective component and may be understood differently by different people. It a measure of compliance with defined product or process requirements. The international standard, ISO 9001:2015, specifies requirements for a quality management system when an organisation needs to demonstrate its ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements, and aims to enhance customer satisfaction through the effective application of the system, including processes for improvement of the system and the assurance of conformity to customer and applicable statutory and regulatory requirements. (Bloor – PH, ISO)

Security: It is essential that adequate and appropriate security controls are applied to all information and data at all times so that that information is properly governed, including when they are being used, transmitted over networks or at rest in storage. Those controls should address the specific confidentiality, integrity and availability requirements of the specified information and should tie all actions taken regarding data usage to the identity of the user, as well as other contextual information such as the location from which they are accessed, the device used and the time of day. (Bloor – FH)

Resilience: The capacity to recover quickly from difficulties. This requires an organisation to manage risks both effectively and efficiently so that the purpose of the organisation (i.e. the business) can continue to operate. (Bloor – FH)