Audit and Assurance

Expand all | Collapse all

Is Data Dictionary an Intellectual Property?

  • 1.  Is Data Dictionary an Intellectual Property?

    Posted 18 Mar, 2020 01:35
    I was just wondering, I want to audit some data in a system but I do not know what kind of data I need to look at. So I requested the IT / System owner to provide me the data dictionary for the system so I can identify what kind of data is available in that system.

    Currently the IT team does not have a proper data dictionary in place hence, they have reached out to the vendor of that system to assist in providing the data dictionary.

    The vendor has responded that data dictionary is their intellectual property and cannot be shared.

    I thought source code is an IP. data dictionary is not even a source code. Correct me if I am wrong.

    I need the data dictionary to be able to identify what data I can look. Any alternatives?


  • 2.  RE: Is Data Dictionary an Intellectual Property?

    Posted 19 Apr, 2020 07:24
    Well technically the data belongs to the client. the software source code belongs to the vendor depending on the contract. Did you ask for the masterdata? or at least the database definition and data classifictaion/prioritization?

    Zineb Gridda
    Senior IT Auditor

  • 3.  RE: Is Data Dictionary an Intellectual Property?

    Posted 19 Apr, 2020 09:19
    Data Dictionary is one of the materials that SHOULD be given to the purchaser of any software. The only thing I know from my years of IT and Financial Audits is that the Source Code belongs to the vendor. It can be bought by the purchaser if the need be.

  • 4.  RE: Is Data Dictionary an Intellectual Property?

    Posted 19 Apr, 2020 15:44

    I am sharing example of Oracle . One of the most important parts of an Oracle database is its data dictionary, which is a read-only set of tables that provides information about the database. A data dictionary contains:

    • The definitions of all schema objects in the database (tables, views, indexes, clusters, synonyms, sequences, procedures, functions, packages, triggers, and so on)
    • How much space has been allocated for, and is currently used by, the schema objects
    • Default values for columns
    • Integrity constraint information
    • The names of Oracle users
    • Privileges and roles each user has been granted
    • Auditing information, such as who has accessed or updated various schema objects
    • Other general database information
    I agree with Zineb and Harrison, this is owned by vendor. However your own home grown application objects you would own you define if you are
    using open source software, in my opinion.

    Thanks and regards,

    Suresh "Sam" Chhabria, MCOM, MBB, TQM, SOX, VCA, CISA
    Technology Auditor
    Governance Advisor