Episode 187: Governance Structures and Roles (Part 2) (Domain 5)

Having a governance structure is only the beginning—the real value comes from clearly defining roles and responsibilities within that structure. In this episode, we examine the key roles involved in managing data and systems securely, including data owners, custodians, stewards, processors, and controllers. Data owners are responsible for setting classification levels and defining access policies, while custodians implement and manage those policies through technical controls and monitoring. Stewards help maintain data quality and compliance, especially in environments with regulated or shared datasets. Controllers and processors—terms often used in privacy laws like GDPR—distinguish between those who decide why data is collected and those who carry out processing on their behalf. We also highlight the importance of assigning accountability for each control in your security framework to avoid gaps or overlaps. Clear roles reduce ambiguity and ensure that everyone knows what they own—and what they’re accountable for.