Asset onboarding and change management

Collibra Data Privacy offers standardized procedural flows for the creation and maintenance of data privacy-related assets. There are two main processes:

Asset onboarding: The process of creating a new asset and agreeing to its characteristics.
Asset change management: The process of making changes to an approved asset.

The distinction between the types of data privacy assets

In the context of asset onboarding and asset change management, it is important to draw a distinction between three general categories of data privacy-related assets:

Category	Description
Business Process assets	Stored in Process Register domains. The ownership and characteristics of these assets can be updated at any time over the life of the asset. For these assets, the Business Steward, Data Steward and Privacy Steward are all required to contribute in the characteristics management phase.
Other business assets (meaning other than Business Process assets), including asset types: Data Set Technology Data Sharing Agreement Risk Remediation Plan Remediation Action	The ownership and characteristics of these assets can be updated at any time over the life of the asset. For these assets, only the Business Steward is required to contribute in the characteristics management workflow.
Assessment assets: Privacy Impact Assessment (PIA) Data Protection Impact Assessment (DPIA) Legitimate Interest Assessment (LIA) Compliance Self Assessment (CSA)	These assets assess a situation at a specific moment in time. As such, their characteristics cannot be updated. If an assessment asset is deemed to be outdated, a new assessment asset is required. Note The new assessment asset is a copy of the previous assessment asset, meaning it has all of the same characteristics as the previous assessment asset. The new asset is updated and eventually approved. The status of the previous assessment asset simultaneously becomes Obsolete.

Category

Description

Business Process assets

Stored in Process Register domains.
The ownership and characteristics of these assets can be updated at any time over the life of the asset.
For these assets, the Business Steward, Data Steward and Privacy Steward are all required to contribute in the characteristics management phase.

Other business assets (meaning other than Business Process assets), including asset types:

Data Set
Technology
Data Sharing Agreement
Risk
Remediation Plan
Remediation Action

The ownership and characteristics of these assets can be updated at any time over the life of the asset.
For these assets, only the Business Steward is required to contribute in the characteristics management workflow.

Assessment assets:

Privacy Impact Assessment (PIA)
Data Protection Impact Assessment (DPIA)
Legitimate Interest Assessment (LIA)
Compliance Self Assessment (CSA)

These assets assess a situation at a specific moment in time. As such, their characteristics cannot be updated. If an assessment asset is deemed to be outdated, a new assessment asset is required.
Note The new assessment asset is a copy of the previous assessment asset, meaning it has all of the same characteristics as the previous assessment asset. The new asset is updated and eventually approved. The status of the previous assessment asset simultaneously becomes Obsolete.