Data governance
Encyclopedia
Data governance is an emerging discipline with an evolving definition. The discipline embodies a convergence of data quality, data management, data policies, business process management, and risk management surrounding the handling of data in an organization. Through data governance, organizations are looking to exercise positive control over the processes and methods used by their data stewards and data custodians
to handle data.
Data governance is a set of processes that ensures that important data assets are formally managed throughout the enterprise. Data governance ensures that data can be trusted and that people can be made accountable for any adverse event that happens because of low data quality. It is about putting people in charge of fixing and preventing issues with data so that the enterprise can become more efficient. Data governance also describes an evolutionary process for a company, altering the company’s way of thinking and setting up the processes to handle information so that it may be utilized by the entire organization. It’s about using technology when necessary in many forms to help aid the process. When companies desire, or are required, to gain control of their data, they empower their people, set up processes and get help from technology to do it.
There are some commonly cited vendor definitions for data governance. Data governance is a quality control
discipline for assessing, managing, using, improving, monitoring, maintaining, and protecting organizational information. It is a system of decision rights and accountabilities for information-related processes, executed according to agreed-upon models which describe who can take what actions with what information, and when, under what circumstances, using what methods.:
required to create a consistent and proper handling of an organization's data across the business enterprise. Goals may be defined at all levels of the enterprise and doing so may aid in acceptance of processes by those who will use them. Some goals include:
These goals are realized by the implementation of Data governance programs, or initiatives using Change Management techniques.
, Basel II
, HIPAA, and a number data privacy regulations. To achieve compliance with these regulations, business processes and controls require formal management processes to govern the data subject to these regulations. Successful programs identify drivers meaningful to both supervisory and executive leadership.
Common themes among the external regulations center on the need to manage risk. The risks can be financial misstatement, inadvertent release of sensitive data, or poor data quality for key decisions. Methods to manage these risks vary from industry to industry. Examples of commonly referenced best practices and guidelines include COBIT
, ISO/IEC 38500
, and others. The proliferation of regulations and standards creates challenges for data governance professionals, particularly when multiple regulations overlap the data being managed. Organizations often launch data governance initiatives to address these challenges.
by assigning a team responsible for data's accuracy, accessibility, consistency, and completeness, among other metrics. This team usually consists of executive leadership, project management
, line-of-business managers
, and data steward
s. The team usually employs some form of methodology for tracking and improving enterprise data, such as Six Sigma
, and tools for data mapping
, profiling
, cleansing, and monitoring data.
Data governance initiatives may be aimed at achieving a number of objectives including offering better visibility to internal and external customers (such as supply chain
management), compliance with regulatory law
, improving operations after rapid company growth or corporate mergers
, or to aid the efficiency of enterprise knowledge worker
s by reducing confusion and error and increasing their scope of knowledge. Many data governance initiatives are also inspired by past attempts to fix information quality at the departmental level, leading to incongruent and redundant data quality processes. Most large companies have many applications and databases that can't easily share information. Therefore, knowledge workers within large organizations often don't have access to the information they need to best do their jobs. When they do have access to the data, the data quality
may be poor. By setting up a data governance practice or Corporate Data Authority, these problems can be mitigated.
The structure of a data governance initiative will vary not only with the size of the organization, but with the desired objectives or the 'focus areas' of the effort.
The Data Governance and Stewardship Community of Practice (DGS-COP)
Data Governance Conferences
Master Data Management & Data Governance Conferences
Data Governance Professionals Organization (DGPO)
Data custodian
In Data Governance groups, responsibilities for data management are increasingly divided between the business process owners and information technology departments. Two functional titles commonly used for these roles are Data Steward and Data Custodian....
to handle data.
Data governance is a set of processes that ensures that important data assets are formally managed throughout the enterprise. Data governance ensures that data can be trusted and that people can be made accountable for any adverse event that happens because of low data quality. It is about putting people in charge of fixing and preventing issues with data so that the enterprise can become more efficient. Data governance also describes an evolutionary process for a company, altering the company’s way of thinking and setting up the processes to handle information so that it may be utilized by the entire organization. It’s about using technology when necessary in many forms to help aid the process. When companies desire, or are required, to gain control of their data, they empower their people, set up processes and get help from technology to do it.
There are some commonly cited vendor definitions for data governance. Data governance is a quality control
Quality control
Quality control, or QC for short, is a process by which entities review the quality of all factors involved in production. This approach places an emphasis on three aspects:...
discipline for assessing, managing, using, improving, monitoring, maintaining, and protecting organizational information. It is a system of decision rights and accountabilities for information-related processes, executed according to agreed-upon models which describe who can take what actions with what information, and when, under what circumstances, using what methods.:
Overview
Data governance encompasses the people, processes, and information technologyInformation technology
Information technology is the acquisition, processing, storage and dissemination of vocal, pictorial, textual and numerical information by a microelectronics-based combination of computing and telecommunications...
required to create a consistent and proper handling of an organization's data across the business enterprise. Goals may be defined at all levels of the enterprise and doing so may aid in acceptance of processes by those who will use them. Some goals include:
- Increasing consistency and confidence in decision makingDecision makingDecision making can be regarded as the mental processes resulting in the selection of a course of action among several alternative scenarios. Every decision making process produces a final choice. The output can be an action or an opinion of choice.- Overview :Human performance in decision terms...
- Decreasing the risk of regulatory fines
- Improving data securityInformation securityInformation security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction....
- Maximizing the income generation potential of data
- Designating accountability for information quality
- Enable better planning by supervisory staff
- Minimizing or eliminating re-work
- Optimize staff effectiveness
- Establish process performance baselines to enable improvement efforts
- Acknowledge and hold all gains
These goals are realized by the implementation of Data governance programs, or initiatives using Change Management techniques.
Data governance drivers
While data governance initiatives can be driven by a desire to improve data quality, they are more often driven by C-Level leaders responding to external regulations. Examples of these regulations include Sarbanes-Oxley, Basel IBasel I
Basel I is the round of deliberations by central bankers from around the world, and in 1988, the Basel Committee in Basel, Switzerland, published a set of minimal capital requirements for banks. This is also known as the 1988 Basel Accord, and was enforced by law in the Group of Ten countries...
, Basel II
Basel II
Basel II is the second of the Basel Accords, which are recommendations on banking laws and regulations issued by the Basel Committee on Banking Supervision...
, HIPAA, and a number data privacy regulations. To achieve compliance with these regulations, business processes and controls require formal management processes to govern the data subject to these regulations. Successful programs identify drivers meaningful to both supervisory and executive leadership.
Common themes among the external regulations center on the need to manage risk. The risks can be financial misstatement, inadvertent release of sensitive data, or poor data quality for key decisions. Methods to manage these risks vary from industry to industry. Examples of commonly referenced best practices and guidelines include COBIT
COBIT
COBIT is a framework created by ISACA for information technology management and IT Governance. It is a supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks.-Overview:...
, ISO/IEC 38500
ISO/IEC 38500
The ISO/IEC 38500 Corporate governance of information technology standard, provides a framework for effective governance of IT to assist those at the highest level of organizations to understand and fulfill their legal, regulatory, and ethical obligations in respect of their organizations’ use of...
, and others. The proliferation of regulations and standards creates challenges for data governance professionals, particularly when multiple regulations overlap the data being managed. Organizations often launch data governance initiatives to address these challenges.
Data governance initiatives
Data governance initiatives improve data qualityData quality
Data are of high quality "if they are fit for their intended uses in operations, decision making and planning" . Alternatively, the data are deemed of high quality if they correctly represent the real-world construct to which they refer...
by assigning a team responsible for data's accuracy, accessibility, consistency, and completeness, among other metrics. This team usually consists of executive leadership, project management
Project management
Project management is the discipline of planning, organizing, securing, and managing resources to achieve specific goals. A project is a temporary endeavor with a defined beginning and end , undertaken to meet unique goals and objectives, typically to bring about beneficial change or added value...
, line-of-business managers
Line function
A line function is a primary business activity that negatively affects income or the customer experience if it is interrupted. Line functions vary between businesses. These functions are directly related with the objectives of the enterprise....
, and data steward
Data steward
In metadata, a data steward is a person that is responsible for maintaining a data element in a metadata registry. A data steward may share some responsibilities with a data custodian....
s. The team usually employs some form of methodology for tracking and improving enterprise data, such as Six Sigma
Six Sigma
Six Sigma is a business management strategy originally developed by Motorola, USA in 1986. , it is widely used in many sectors of industry.Six Sigma seeks to improve the quality of process outputs by identifying and removing the causes of defects and minimizing variability in manufacturing and...
, and tools for data mapping
Data mapping
Data mapping is the process of creating data element mappings between two distinct data models. Data mapping is used as a first step for a wide variety of data integration tasks including:...
, profiling
Data profiling
Data profiling is the process of examining the data available in an existing data source and collecting statistics and information about that data...
, cleansing, and monitoring data.
Data governance initiatives may be aimed at achieving a number of objectives including offering better visibility to internal and external customers (such as supply chain
Supply chain
A supply chain is a system of organizations, people, technology, activities, information and resources involved in moving a product or service from supplier to customer. Supply chain activities transform natural resources, raw materials and components into a finished product that is delivered to...
management), compliance with regulatory law
Compliance (regulation)
In general, compliance means conforming to a rule, such as a specification, policy, standard or law. Regulatory compliance describes the goal that corporations or public agencies aspire to in their efforts to ensure that personnel are aware of and take steps to comply with relevant laws and...
, improving operations after rapid company growth or corporate mergers
Mergers and acquisitions
Mergers and acquisitions refers to the aspect of corporate strategy, corporate finance and management dealing with the buying, selling, dividing and combining of different companies and similar entities that can help an enterprise grow rapidly in its sector or location of origin, or a new field or...
, or to aid the efficiency of enterprise knowledge worker
Knowledge worker
Knowledge workers in today's workforce are individuals who are valued for their ability to act and communicate with knowledge within a specific subject area. They will often advance the overall understanding of that subject through focused analysis, design and/or development. They use research...
s by reducing confusion and error and increasing their scope of knowledge. Many data governance initiatives are also inspired by past attempts to fix information quality at the departmental level, leading to incongruent and redundant data quality processes. Most large companies have many applications and databases that can't easily share information. Therefore, knowledge workers within large organizations often don't have access to the information they need to best do their jobs. When they do have access to the data, the data quality
Data quality
Data are of high quality "if they are fit for their intended uses in operations, decision making and planning" . Alternatively, the data are deemed of high quality if they correctly represent the real-world construct to which they refer...
may be poor. By setting up a data governance practice or Corporate Data Authority, these problems can be mitigated.
The structure of a data governance initiative will vary not only with the size of the organization, but with the desired objectives or the 'focus areas' of the effort.
Implementation
Implementation of a Data Governance initiative may vary in scope as well as origin. Sometimes, an executive mandate will arise to initiate an enterprise wide effort, sometimes the mandate will be to create a pilot project or projects, limited in scope and objectives, aimed at either resolving existing issues or demonstrating value. Sometimes an initiative will originate lower down in the organization’s hierarchy, and will be deployed in a limited scope to demonstrate value to potential sponsors higher up in the organization.Data governance tools
Leaders of successful data governance programs declared in December 2006 at the Data Governance Conference in Orlando, Fl, that data governance is between 80 and 95 percent communication.” That stated, it is a given that many of the objectives of a Data Governance program must be accomplished with appropriate tools. Many vendors are now positioning their products as Data Governance tools; due to the different focus areas of various data governance initiatives, any given tool may or may not be appropriate, in addition, many tools that are not marketed as governance tools address governance needs.Data governance organizations
The IBM Data Governance Council- The IBM Data Governance Council is an organization formed by IBM consisting of companies, institutions and technology solution providers with the stated objective to build consistency and quality control in governance, which will help companies better protect critical data."
The Data Governance and Stewardship Community of Practice (DGS-COP)
- The Data Governance and Stewardship Community of Practice is a vendor-neutral organization open to practitioners, stakeholders and academics, as well as vendors and consultants. The DGS-COP offers a large collection of data governance artifacts to members including case studies, metrics, dashboards, and maturity models as well as on-line events.
Data Governance Conferences
- Two major conferences are held annually, the Data Governance Conference, held in the USA, and the Data Governance Conference Europe, held in London, England.
Master Data Management & Data Governance Conferences
- Six major conferences are held annually, London, San Francisco, Sydney and Toronto in the spring, and Madrid, Frankfurt, and New York City in the fall. 2009 was the 4th annual iteration with more than 2,000 attendees per year receiving their data governance and master data management updates via this 2-3 day event.
Data Governance Professionals Organization (DGPO)
- The Data Governance Professionals Organization (DGPO) is a non-profit, vendor neutral, association of business, IT and data professionals dedicated to advancing the discipline of data governance. The objective of the DGPO is to provide a forum that fosters discussion and networking for members and to encourage, develop and advance the skills of members working in the data governance discipline.
See also
- Information technology governanceInformation technology governanceInformation Technology Governance, IT Governance is a subset discipline of Corporate Governance focused on information technology systems and their performance and risk management...
- Semantics of Business Vocabulary and Business RulesSemantics of Business Vocabulary and Business RulesThe Semantics of Business Vocabulary and Business Rules is an adopted standard of the Object Management Group intended to be the basis for formal and detailed natural language declarative description of a complex entity, such as a business...
- Master data managementMaster Data ManagementIn computing, master data management comprises a set of processes and tools that consistently defines and manages the non-transactional data entities of an organization...
- COBITCOBITCOBIT is a framework created by ISACA for information technology management and IT Governance. It is a supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks.-Overview:...
- ISO/IEC 38500ISO/IEC 38500The ISO/IEC 38500 Corporate governance of information technology standard, provides a framework for effective governance of IT to assist those at the highest level of organizations to understand and fulfill their legal, regulatory, and ethical obligations in respect of their organizations’ use of...
- ISO/TC 215ISO/TC 215The ISO/TC 215 is the International Organization for Standardization's Technical Committee on health informatics. TC 215 works on the standardization of Health Information and Communications Technology , to allow for compatibility and interoperability between independent systems.-Working...
- Operational risk managementOperational risk managementThe term Operational Risk Management is defined as a continual cyclic process which includes risk assessment, risk decision making, and implementation of risk controls, which results in acceptance, mitigation, or avoidance of risk...
- Basel II Accord
- HIPAA
- Sarbanes-Oxley ActSarbanes-Oxley ActThe Sarbanes–Oxley Act of 2002 , also known as the 'Public Company Accounting Reform and Investor Protection Act' and 'Corporate and Auditing Accountability and Responsibility Act' and commonly called Sarbanes–Oxley, Sarbox or SOX, is a United States federal law enacted on July 30, 2002, which...
- Information technology controlsInformation technology controlsIn business and accounting, Information technology controls are specific activities performed by persons or systems designed to ensure that business objectives are met. They are a subset of an enterprise's internal control...
- Data Protection Directive (EU)