ISO/IEC 5259-5:2025

International
Standard
ISO/IEC 5259-5
First edition
Artificial intelligence — Data
2025-02
quality for analytics and machine
learning (ML) —
Part 5:
Data quality governance framework
Intelligence artificielle — Qualité des données pour les analyses
de données et l'apprentissage automatique —
Partie 5: Cadre pour la gouvernance de qualité des données
Reference number
© ISO/IEC 2025
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
© ISO/IEC 2025 – All rights reserved
ii
Contents Page
Foreword .iv
Introduction .v
1 Scope .1
2 Normative references .1
3 Terms and definitions .1
4 Abbreviated terms .3
5 Data quality governance in the context of analytics and ML .4
5.1 Foundation .4
5.2 Ambiguous responsibilities for data .4
5.3 Purpose and justification .4
6 Data quality governance framework . 5
6.1 General .5
6.2 DQ guiding principles .6
6.3 Strategies and policies for DQ .6
6.4 Business planning for DQ .6
6.5 DQ accountabilities .7
6.6 DQ risk management .7
6.7 Management processes for DQ .7
7 Responsibilities of governing body .8
7.1 Understand the strategic importance of data quality .8
7.2 Establish enabling environment for data quality governance .8
7.3 Formulate data quality strategies .9
7.4 Business planning for data quality .10
7.5 Data quality risk management capability .10
7.6 Set policies to ensure data quality .10
7.7 Establish oversight mechanisms . 12
8 Responsibilities of management .12
8.1 Implement data quality strategies . 12
8.2 Establish and enforce comprehensive data quality policies . 12
8.3 Implement data quality management processes . 12
8.4 Establishing internal risk control as part of management process . 13
Bibliography .15

© ISO/IEC 2025 – All rights reserved
iii
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical activity.
ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations,
governmental and non-governmental, in liaison with ISO and IEC, also take part in the work.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types
of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/
IEC Directives, Part 2 (see www.iso.org/directives or www.iec.ch/members_experts/refdocs).
ISO and IEC draw attention to the possibility that the implementation of this document may involve the
use of (a) patent(s). ISO and IEC take no position concerning the evidence, validity or applicability of any
claimed patent rights in respect thereof. As of the date of publication of this document, ISO and IEC had not
received notice of (a) patent(s) which may be required to implement this document. However, implementers
are cautioned that this may not represent the latest information, which may be obtained from the patent
database available at www.iso.org/patents and https://patents.iec.ch. ISO and IEC shall not be held
responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO's adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www.iso.org/iso/foreword.html.
In the IEC, see www.iec.ch/understanding-standards.
This document was prepared by Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee
SC 42, Artificial intelligence.
A list of all parts in the ISO/IEC 5259 series can be found on the ISO and IEC websites.
Any feedback or questions on this document should be directed to the user’s national standards
body. A complete listing of these bodies can be found at www.iso.org/members.html and
www.iec.ch/national-committees.

© ISO/IEC 2025 – All rights reserved
iv
Introduction
To address data quality properly without wasting critical resources, the organization’s governing body can
set the strategic direction for the use of analytics and machine learning (ML) and can oversee the quality of
the needed data.
The data quality governance framework for analytics and ML assists the governing body in establishing
a data quality governance within its organization with adequate controls across different layers of the
organization throughout the data life cycle (DLC).
The framework can be used by both the governing body and management to interact and ensure the
establishment of an effective data quality governance for analytics and ML at all levels in the organization.
The framework can be applicable regardless of an organization’s size and type; and used in conjunction with
other parts of the ISO/IEC 5259 series.

© ISO/IEC 2025 – All rights reserved
v
International Standard ISO/IEC 5259-5:2025(en)
Artificial intelligence — Data quality for analytics and
machine learning (ML) —
Part 5:
Data quality governance framework
1 Scope
This document provides a data quality governance framework for analytics and machine learning (ML) to
enable governing bodies of organizations to direct and oversee the implementation and operation of data
quality measures, management, and related processes with adequate controls throughout the data life cycle
(DLC) model according to ISO/IEC 5259-1.
This document can be applied to any analytics and ML. This document does not define specific management
requirements or process requirements according to ISO/IEC 5259-3 and ISO/IEC 5259-4 respectively.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content constitutes
requirements of this document. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 5259-1, Artificial intelligence — Data quality for analytics and machine learning (ML) — Part 1:
Overview, terminology, and examples
ISO/IEC 22989:2022, Information technology — Artificial intelligence — Artificial intelligence concepts and
terminology
ISO/IEC 38505-1, Information technology — Governance of IT — Governance of data — Part 1: Application of
ISO/IEC 38500 to the governance of data
ISO/IEC 38507:2022, Information technology — Governance of IT — Governance implications of the use of
artificial intelligence by organizations
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 5259-1, ISO/IEC 22989,
ISO/IEC 38505-1 and ISO/IEC 38507, and the following apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1
data creator
role within an organization responsible for generating, collecting and curating data from data sources

© ISO/IEC 2025 – All rights reserved
3.2
data owner
organization that is in the position to obtain, create, and have significant control over the content, access
and distribution of data
Note 1 to entry: A data owner does not necessarily have a legal status with respect to data.
[SOURCE: ISO/TR 14872:2019, 3.4 — modified, Note 1 to entry replaced]
3.3
data steward
role within an organization responsible for ensuring that data-related work is performed according to
policies and practices as established through data governance
[SOURCE: ISO/IEC TS 38505-3:2021, 3.9]
3.4
direct
communicate desired purposes and outcomes
Note 1 to entry: Within the context of governance of IT, directing involves setting objectives, strategies, and policies to
be adopted by the members of the organization, to ensure that the use of IT meets organization’s business objectives.
Note 2 to entry: Objectives, strategies, and policies can be set by management if they have the relevant authority
delegated to them by the governing body.
[SOURCE: ISO/IEC 38500:2024, 3.1]
3.5
executive manager
person who has authority delegated from the governing body for implementation of strategies and policies
to fulfil the purpose of the organization
Note 1 to en
...