SysFEAT - Systemic Framework for Enterprise Architecture & Transformation

DEFINITION CONCEPT GRAPH CONCEPT DESCRIPTIONS TEXTUAL SYNTAX CONTENT MANAGEMENT

CONCEPT DOMAIN - Privacy Assurance

Description	Privacy assurance offers strategies and schemes adopted by an organization to prevent the flow of important information outside of the workplace. The approach includes investigation, remediation and reporting.
Dictionary	Dictionary of SysFEAT concepts
Parent Domain	Data Governance
Domain dependencies	Appraisal Pattern Architecture Assets Data Governance Core Information Assets Operational Assurance People & Accountability Policies Product & Customer Experience

DOMAIN CONCEPT GRAPH

../images/75d07c2b5a1583f5_2f93307758ef256d_i.png

CONCEPT DESCRIPTIONS

ABSTRACT CONCRETE

Concept	Description
Business Process	A Business Process is a set of Business-Process Steps performed by Org-Units and/or by automated systems (Business Systems) to produce a Business Outcome Event. It is depicted as a series of Business-Process Steps, controlled by Business Events and conditions. Business-Process Steps are carried out by the involvment of Org-Units and system resources (often Applications) as participants in the process (Participant Business Agents). During its course of action, a Business Process consumes or produces Business Objects. 1) It may memorize or access Business Objects from its Process Store. 2) It may receive Business Objects at its boundary: Business Outcome Consumption. 3) It may signal the production of Business Objects at its boundary: Business Outcome Production. The course of actions of a Business Process is constrained by the application of rules ( Business Rule Enforcement) that define how to react to what is allowed and not allowed to do, References: ISO 9000 - 3.4.1 - Process Lean.org - Value Stream Lean.org - Value Stream Mapping OMG - BMM - Business Process OMG - BPMN - Process OMG - UAF - Function OpenGroup - OAA - Process OpenGroup - TOGAF - Enterprise Metamodel Overview OpenGroup - TOGAF 9 - Definition - Process
Data Assurance Case	A Data Assurance Case is a structured argument, supported by evidence, intended to justify that a data is acceptably assured relative to a concern (such as quality, safety, security or privacy) in the intended operating environment. The operating environment includes: 1. Policies related to the use of data in the organization (privacy policy, regulation policy, ...). 2. Data quality policies defined by the organization. 3. Risk to be mitigated in the use, consumption and sharing of data by the organization. 4. Control directives to be followed in the use, consumption and sharing of data by the organization. References: NIST - Assurance Case
Data Assurance Instrument	A Data Assurance Instrument is a resource or course of actions used by an Data Catalog to achieve its objectives. For instance: Actions plans are course of actions aimed at solving Data breaches. Data Controls are mechanisms used to ensure data quality and data integrity Data Processors are used to processings involved in Data Lineages.
Data Risk Type	A Data Risk Type is a Risk Type that refers to the accuracy, consistency, and reliability of data during its entire lifecycle.
Governance Event	A Governance Event is any event that has an impact on the management and governance of an Enduring Initiative. This includes the result of Assessments, Decisions, recorded Incidents, Drivers, etc.
Information Asset	An Information Asset represents anything that can be communicated or memorized by an Agent to produce and react to Outcome Events. An Information Asset is either an Information Entity or an Information Property. The difference lies in their relationship to change and to time. Information Entity(ies) can change over time and have a lifeycle while Information Propertys are immutable characteristics. References: OpenGroup - ArchiMate - Passive-Structure-Elements
Management System	A Management System is a mezzo Enduring Initiative within an Enterprise, aimed at creating, maintaining, evaluating, evolving, and operating a collection of essential Functional Architecture Assets of the Enterprise. A Management System may transcend organisational boundaries and consequently requires an integrated team working under the direction of a Management Initiative Committee. References: ISO 22301 - Management System ISO 9000 - 3.5.3 Management System OpenGroup - TOGAF - Definition - Portfolio SAFe© - Large Solution SAFe SAFe© -Enterprise Solution Delivery
Organization	An Organization is a group of people who share a common purpose and establish a functional division of labor in pursuit of their common purpose. It is the relationships between its members in the pursuit of their common purpose that give unity and identity to an organization. References: OMG - BMM - Organizational Unit OMG - UAF - ActualOrganization OpenGroup - ArchiMate - Business Internal Active Structure Element Russell Ackoff - System of concepts - FunctionalDivisionOfLabor Russell Ackoff - System of Concepts - Organizations Russell Ackoff - Transformational leadership - Social System SAFe© - Organizational Agility
Privacy Assessment
Privacy Block
Privacy Processing	A Privacy Processing is a Data Assurance Case related to any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction

Concept	Description
Application	An Application is a Business Software System that provides a set of Functionality(ies) that End Users see as a single unit. Essentially Applications are architectural constructions resulting from the combinaison of the following four criteria: 1) A group of Functionality that End Users see as a single unit. 2) A managed asset (Managed Application) associated with a budget line in the context of an Application Portfolio. 3) A body of code that is seen by developers as a single unit. 4) A group of deployable software units (Deployable Application Packages) that must be installed together on one or multiple execution nodes (Computing System). Application is a Mezzo enterprise asset that sits between Application System and Application Component in the decomposition of Business Software Systems. Example: " Payroll" is an Application that is part an " HR System" which is an Application System. The "Payroll" Application includes, among other things, the "Salary and Wage Calculation" Application Component. References: C4 Model - Software System Martin Fowler - Application Boundary Microsoft - Architecture Design - Architecture Styles OMG - UAF - Software OpenGroup - ArchiMate - Application Component OpenGroup - TOGAF - Definition - Application Component OpenGroup - TOGAF - Enterprise Metamodel - Physical Application Component
Business Partner	A Business Partner is a state of a Resource Agent, who acts as a party interacting with the enterprise in the context its operating eco-system (the Resource Operating Ecosystem). Example : Private Sector Customer, Regulation Authority, Public health Authority.
Data breach	Breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
Data Catalog	A Data Catalog is an Assurance System of Data Assets, ensuring understanding, trust, compliance and confidence of enterprise data. This includes: 1. Relationship with Enterprise Glossary to provide business context to metadata. 2. Data policy definition and enforcement to ensure data quality. 3. Data Lineage to master data provenance: where data comes from, how data is transformed, and where it is used.
Data Category	A Data Category is a classification or division of Information Assets regarded as having particular shared characteristics. Examples: . Health data, . Financial data, . Contact data.
DPIA	A data protection impact assessment (DPIA) is a privacy-related impact assessment whose objective is to identify and analyse how data privacy might be affected by certain actions or activities.
Governance Committee	A Governance Committee is a group of Stakeholders that contributes to architecting and assurance activities and governs Enduring Initiatives.
Individual Stakeholder	An Individual Stakeholder is a person with a Stakeholder role in architecting & assurance activities.
Location	A Location is a geopolitical location anywhere on the earth. Examples: - France - Paris - Washington DC - Cairo - Buenos-Aires - Asia References: ISO 15926 - SpatialLocation OMG - UAF - ActualLocation
Management Initiative Committee	A Management Initiative Committee is a Governing Team responsible for overseeing the administration of a Management System.
Person	A Person represents a human being that is recognized by law as the subject of rights and duties. References: Merriam Webster - Person OMG - UAF - ActualPerson WordNet - Person
Person Right	Rights are legal, social or ethical principals of freedom that people are entitled for by a governing body.
Privacy Endpoint	It represents an establishment. It allows to add a geographic location to an organization. This is a minimum requirement to use the organization when documenting a data flow.
Privacy Pre-Assessment	This will help you determine your program or activity's potential privacy impacts and give you a sense of the risk level. The more privacy risk associated with your program or activity, the more you will need to analyze and mitigate the risk.
Privacy Representative	A National Representative is a representative of the legal entity in one of the Member States where the data subjects, whose personal data are processed, are located.
Privacy Risk Type	A Privacy Risk Type is a Data Risk Type that refers to the potential for harm that could occur to Information Assets due to the loss, exposure, or misuse of personal or sensitive data.
Processing Activity	Any operation or set of operations performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.
Processing Sensitivity	A sensitive activity is an activity whose impact on the overall processing risk is important and should be highlighted when describing the properties of a Processing Activity.
Regulatory agency	A Regulatory agency is public or government agency that supervises, through investigative and corrective powers, the application of Regulatory Frameworks. References: UCF Glossary - regulatory body WordNet - Regulatory Agency
Security Control Family
Transfer Safe Guard	Transfer safeguards are measures taken to ensure the legitimacy of data flows.

CONCEPT DOMAIN - Privacy Assurance

DOMAIN CONCEPT GRAPH

CONCEPT DESCRIPTIONS

TEXTUAL SYNTAX

CHARTER

Missing Content

Governance

Provide Feedback