Data Administrator vs. Data Custodian

g33k3r · November 2015

I ran across some conflicting information regarding these two roles.

Data Administrator - areresponsible for granting appropriate access to personnel. They don't necessarily have fulladministrative rights, but have the ability to assign permissions using leastprivileges and role-based access control.

Data Custodian - performsthe hands-on protection of assets such as data. They perform data backups and restoration, patch systems, configureanti-virus, ect. They follow detailedorders and do not make critical decisions on how data is protected.

As I read this, it looks like the Data Administrator actually assigns permissions to data. I've seen other resources state this is the Data Custodian. Which is correct?

jt2929 · November 2015

The Data Custodian is responsible for maintaining and protecting the data. I've never heard of a Data Administrator. Where did you get that title? Shon Harris AIO lists titles as Data Owner, Data Custodian, System Owner, Security Administrator, Security Analyst, Data Analyst. No Data Administrator anywhere.

636-555-3226 · November 2015

In my opinion they'd be the same person. I only differentiate the data owner and the data custodian (or administrator, if you prefer). Custodian/admin handles the technical side of the systems that store the data. Owner is the person the data belongs to and who determines the standards the custodian has to adhere to.

Example - Director of Engineering is the data owner for all of the engineering data and determines and approves the appropriate level of access for people. IT System Administrator is the custodian who actually handles the day-to-day technical storage, maintenance, and actually clicking the buttons to grant access to the data.

g33k3r · November 2015

Thanks guys. I can't recall where I got this in my notes since I've used 2 books researching questions. Make sense though.

Data Administrator vs. Data Custodian

Comments