Principle 2: Compliance with Statutory Obligations

Classification:  Business Principle

Statement: Enterprise data and information management processes comply with all relevant internal and external laws, policies, and regulations.

Rationale: Enterprise policy is to abide by laws, policies, and regulations. This will not preclude business process improvements that lead to changes in policies and regulations.


  • The enterprise must be mindful to comply with all laws, regulations, and external policies regarding the collection, retention, and management of data.
  • Continual education, access and awareness to the rules must be maintained.
  • Efficiency, need, and common sense are not the only drivers. Changes in the law and changes in regulations may drive changes in our processes or applications.