COBIT DSS06.02 - Control The Processing Of Information

by Rajeshwari Kumar


COBIT DSS06.02 focuses on controlling the processing of information within an organization to ensure the confidentiality, integrity, and availability of data. This control objective is vital in today's digital landscape, where organizations are constantly dealing with sensitive information that needs to be protected from unauthorized access or tampering. By implementing the guidelines outlined in COBIT DSS06.02, organizations can establish effective controls over the processing of information and safeguard their data assets.

Implementing Controls For Efficient Processing In COBIT DSS06.02

Need Of Controlling The Processing Of Information In COBIT DSS06.02 

Data is considered one of the most valuable assets for any organization. With the increasing amount of data being generated and processed, it has become essential for businesses to have control over information processing. COBIT DSS06.02, which stands for "Manage Changes," is a control objective in the COBIT 5 framework that focuses on managing changes to the information processing environment to ensure that they are authorized and implemented in a controlled manner.

One of the main reasons why controlling the processing of information in COBIT DSS06.02 is crucial is to mitigate the risks associated with unauthorized changes to the information processing environment. Unauthorized changes can lead to data breaches, loss of sensitive information, and even financial losses for the organization. By having controls in place to monitor and manage changes to the information processing environment, organizations can ensure that only authorized changes are implemented and that potential risks are mitigated.

Another reason why controlling the processing of information is important in COBIT DSS06.02 is to ensure data integrity and reliability. In today's interconnected world, organizations rely heavily on data to make informed decisions and drive business growth. Any unauthorized changes to the information processing environment can compromise the integrity and reliability of the data, leading to inaccurate insights and poor decision-making. By having controls in place to manage changes effectively, organizations can maintain the integrity and reliability of their data, ensuring that it remains accurate and trustworthy.

Implementing Controls For Efficient Processing In COBIT DSS06.02

  1. Identify relevant processes: The first step in implementing controls for efficient processing is to identify the key processes that are critical for the organization's operations. These processes may include data processing, system monitoring, performance tuning, and capacity planning.
  1. Define control objectives: Once the relevant processes have been identified, the next step is to define control objectives for each process. Control objectives should be specific, measurable, achievable, relevant, and time-bound (SMART). For example, a control objective for data processing could be to ensure that all data is processed accurately and in a timely manner.
  1. Implement controls: After defining control objectives, the next step is to implement controls to achieve those objectives. Controls may include policies, procedures, tools, and technologies that are designed to prevent errors, detect anomalies, and mitigate risks. For example, implementing data validation checks can help ensure that data is accurate and complete before processing.
  1. Monitor and evaluate controls: Once controls have been implemented, it is important to monitor and evaluate their effectiveness on a regular basis. This may involve conducting audits, assessments, and reviews to identify any gaps or deficiencies in the controls. Continuous monitoring and evaluation can help organizations identify and address issues before they escalate into major problems.
  1. Improve controls: Finally, organizations should continuously strive to improve their controls for efficient processing. This may involve updating policies and procedures, investing in new technologies, or providing training and education to employees. By continuously improving controls, organizations can enhance their operational efficiency and reduce the risk of costly errors and disruptions.
IT Governance Framework Toolkit

Ensuring Compliance With Regulations And Standards In COBIT DSS06.02 

  1. Understand the Regulatory Landscape: The first step in ensuring compliance with regulations and standards in COBIT DSS06.02 is to have a thorough understanding of the regulatory landscape that applies to your organization. This includes identifying the relevant regulations, standards, and industry best practices that impact your operations.
  1. Establish a Compliance Framework: Once you have identified the relevant regulations and standards, it is important to establish a compliance framework that outlines the specific requirements and controls that need to be in place to meet those requirements. This framework should align with the principles and objectives set out in COBIT DSS06.02.
  1. Conduct Regular Assessments: Regular assessments are essential to ensure ongoing compliance with regulations and standards. This includes conducting internal audits, risk assessments, and compliance reviews to identify any gaps or deficiencies in your compliance efforts.
  1. Implement Controls and Remediate Issues: Based on the findings from assessments, it is important to implement controls to address any gaps or deficiencies identified. This may include updating policies and procedures, implementing technical controls, and providing training to staff on compliance requirements.
  1. Monitor and Report on Compliance: Monitoring and reporting are critical components of ensuring compliance with regulations and standards. This includes tracking key performance indicators (KPIs) related to compliance, documenting compliance efforts, and reporting on compliance status to key stakeholders.
  1. Stay Up to Date on Changes: Regulations and standards are constantly evolving, so it is important to stay informed of any changes that may impact your organization. This includes monitoring regulatory updates, attending industry events, and engaging with regulatory bodies to stay ahead of changes.

Addressing Potential Challenges And Risks In Information Processing In COBIT DSS06.02

  1. Lack of Proper Controls: One of the primary challenges in information processing is the absence of adequate controls. Without proper controls in place, organizations leave themselves vulnerable to data breaches and inaccuracies in their information processing. To address this challenge, organizations should implement a robust control framework that aligns with COBIT DSS06.02 guidelines. This can include regularly monitoring and reviewing controls to ensure they are effectively mitigating risks.
  1. Data Quality Issues: Another common challenge in information processing is data quality issues. Poor data quality can lead to incorrect decision-making and erode trust in the organization's information systems. To address this risk, organizations should establish data quality standards and implement data validation processes to ensure the accuracy and integrity of their data.
  1. Lack of Data Encryption: In today's cyber threat landscape, data encryption is essential to protect sensitive information from unauthorized access. Failure to encrypt data can expose organizations to data breaches and compliance violations. To address this risk, organizations should implement encryption protocols that align with industry standards and regulatory requirements.
  1. Insufficient Training and Awareness: Employees play a crucial role in information processing, and lack of training and awareness can pose significant risks to an organization. To address this challenge, organizations should invest in training programs to educate employees on the importance of information security and how to mitigate risks effectively. Regular awareness campaigns can also help reinforce good security practices.
  1. Inadequate Disaster Recovery Planning: Disasters can strike at any time, and organizations need to have robust disaster recovery plans in place to ensure business continuity. Inadequate disaster recovery planning can result in data loss and extended downtime, impacting the organization's operations and reputation. To address this risk, organizations should regularly test and update their disaster recovery plans to ensure they are effective in mitigating potential disruptions.


COBIT DSS06.02 plays a crucial role in ensuring the proper control of information processing within an organization. By implementing this control objective effectively, organizations can enhance their data security, integrity, and availability. It is imperative for businesses to prioritize the implementation of COBIT DSS06.02 to maintain a robust information processing framework and mitigate potential risks.

IT Governance Framework Toolkit