Implementing the EDM Council’s CDMC Framework

The Enterprise Data Management (EDM) Council is a global trade association promoting best practices for data management and analytics aimed at elevating data management as a business and operational priority. It has over 250 member organizations and 10,000 data management professionals as members.

Over the last 18 months, the council has been working on an in-depth framework to help people manage data in multi-cloud environments, for both migration of data to the cloud and when operating cloud services.

Securiti was proud to be part of this community and partner with our peers within cloud infrastructure, metadata management and industries to deliver this framework.

The full framework is 164 pages split into six major components, 14 capabilities and 37 sub-capabilities each designed to address different areas of cloud data including key controls for protecting sensitive data.

The framework’s goal is to help establish the following principles:

• An organization must establish clear accountability, controls and governance for data migrated to or created in cloud environments.
• A critical requirement is to always to know what data resides in cloud environments and the sensitivity of each of the data assets. Such tracking is essential to automating controls for data access and use. Tracking is also vital to enforcing the controls and maintaining evidence for required transparency, security, and protection levels.
• Data management controls must be established throughout the data lifecycle.
• Data assets must be fit-for-purpose and kept to required schedules for retention and archiving.
• As with on-premises data assets, the design of the data architecture and configuration of supporting technologies are important for ensuring that business objectives are met.

To help customers decide on the practical steps they need to take, Securiti has published a short paper that maps each of the 14 controls to technologies we deliver. This document is intended to be read by data management, governance, risk and compliance audiences together with other IT professionals to help define the appropriate policies and technology decisions required to implement the framework.

Many thanks to the EDM Council for allowing us to reference their materials in this manner. CDMC and all related materials are the sole property of EDM Council Inc.

The information provided in this document is for informational purposes only. No technology on its own can deliver compliance, we recommend a whole-company approach including policies, procedures, training and legal agreements with partner companies.