Speaker
Description
Bank Indonesia’s digital transformation increasingly depends on integrated, secure, and policy-responsive data and information management. In this setting, internal data access governance is a pivotal control to ensure effective data use by Bank Indonesia staff while safeguarding confidentiality, ensuring accountability, and protecting public trust. Yet digitalisation initiatives often underdeliver meaningful governance improvements when they merely automate legacy procedures. This paper argues that effective digitalisation of access management must be preceded by thorough business process reengineering (BPR), built on a comprehensive understanding of “as-is” processes, its control weaknesses, and operational pain points.
This paper presents Bank Indonesia’s experience in reengineering and digitalising statistical data access management at Bank Indonesia through the development of the Integrated Digital Data Access Governance System (DATRA). The initiative began with end-to-end process mapping of the existing access lifecycle (request, approval, provisioning, modification, and revocation), followed by a structured gap analysis. Key deficiencies identified included fragmented workflows, limited standardisation of requests, weak audit trails, and constrained monitoring and reporting. These findings were translated into a redesigned “to-be” process that explicitly embeds governance requirements directly into operational steps and control points including compliance-by-design principles, role-based access control (RBAC), and the need-to-know rules.
DATRA operationalises the reengineered process as an interim, self-service solution aligned with the Bank’s broader data and information governance framework. Leveraging a taxonomy-based data catalogue, entitlement packages, and workflow automation, DATRA standardises access requests, perform rule-based checks of user authority, accelerates provisioning through traceable approvals, and enables timely updates to access-rights records and logs.
The paper demonstrates that the combined BPR-and-digitalisation approach delivers improvements beyond administrative efficiency. It strengthens internal statistical data governance by enhancing transparency, accountability, and consistency in access control, while establishing a scalable foundation for information security and sustainable digital transformation.
