Information Custodian (Dictionary Entry)

Contexts

Data Privacy, IAM, Information Security

Term

Information Custodian

Alternative Forms

Data Custodian Synonym

Definitions

The information custodian is responsible for the protection of the data confidentiality, integrity and availability in compliance with the information owner’s requirements.

In general, the role is held by the security or IT department.

The perspective of the information custodian is that of the information itself, in contrast with the system owner whose perspective is that of the system storing or processing the information.

Related Terms

Quotes

The data custodian (information custodian) is responsible for maintaining and protecting the data. This role is usually filled by the IT or security department, and the duties include implementing and maintaining security controls; performing regular backups of the data; periodically validating the integrity of the data; restoring data from backup media; retaining records of activity; and fulfilling the requirements specified in the company’s security policy, standards, and guidelines that pertain to information security and data protection.

A Custodian provides hands-on protection of assets such as data. They perform data backups and restoration, patch systems, configure antivirus software, etc. The Custodians follow detailed orders; they do not make critical decisions on how data is protected. The Data Owner may dictate, “All data must be backed up every 24 hours.” The Custodians would then deploy and operate a backup solution that meets the Data Owner’s requirements.

Information custodian — The information custodian, usually an information systems person, is the delegate of the information owner with primary responsibilities for dealing with backup and recovery of the business information. Responsibilities include the following:
— Perform backups according to the backup requirements established by the information owner
— When necessary, restore lost or corrupted information from backup media to return the application to production status
— Perform related tape and DASD management functions as required to ensure availability of the information to the business
— Ensure record retention requirements are met based on the information owner’s analysis

DATA CUSTODIAN: The person(s) who is responsible for the accuracy of authorised data updates/creation/deletion.

Bibliography

See Also


Follow us on LinkedIn | Discuss on Slack | Support us with Patreon | Sign-up for a free membership.


This wiki is owned by Open Measure, a non-profit association. The original content we publish is licensed under a Creative Commons Attribution 4.0 International License.