Data governance is a high-sounding term which describes what’s essentially a fundamental process: Effectively managing the information that resides within, and flows in or out of an organization.
It’s perhaps because the concept is couched in such ominous terms that IT managers and users have a difficult time understanding, interpreting, and applying data governance responsibly.
In this article, we’ll be looking at some strategies and best practices to help demystify the process, and facilitate its implementation.
Why Data Governance Is Necessary
Within a typical enterprise, information must be stored or manipulated by people, processes, and technology. Deciding who (or which process or piece of technology) is responsible for what, requires the establishment of clearly defined roles and responsibilities for the various members and elements making up the organization. This applies across multiple sectors, including IT, finance, health-care, administration, manufacturing, and retail.
Hardware and software may be used to manage some key information assets, but for the enterprise as a whole, a formalized structure and management strategy needs to be put in place, to define and enforce policies and rules determining how data should best be treated to ensure maximum operational efficiency, security, confidentiality, and quality control. That’s what “data governance” is really all about.
Objectives Of Data Governance
A comprehensive and effective data governance policy sets the framework for how information is managed and used by the enterprise. Data governance also needs to create formalized procedures for resolving any issues related to the information being handled, and to put in place mechanisms which allow business users to make decisions based on data of the highest quality.
The data governance strategies adopted by an enterprise will depend upon how and where relevant data resides within and outside the organization, who owns this information, and who is given the responsibility of “stewardship” (overseeing and management) for the data that’s being handled.
Establishing An Enterprise Governance Structure
A fundamental part of effective data governance is the establishment of a governance structure for the enterprise. This must take into account factors such as the organizational hierarchy of a business, its various departments and business units, and the assignment of governance roles and responsibilities spanning all of these divisions.
Data governance structures are typically established based on the following categories:
· Centralized governance: Where a central data management authority assumes responsibility for the entire enterprise.
· Decentralized governance: Here, a group of discrete authorities or a decentralized data management body cover all aspects of an enterprise.
· Federated governance: In this model, there’s little or no shared ownership of data, and governance is the responsibility of independent groups, or multiple groups within the enterprise.
Determining Where Data Resides
Once a data governance structure has been determined, it’s necessary to establish where the information relevant to each division of the enterprise or to each line of business currently resides. This usually involves a classification of enterprise information into various “data domains” such as customer data, vendor information, supply chain, or product specifications.
Within each major classification, it’s then necessary to drill down to the finer details of what each domain actually contains. This should be done with an eye to establishing where the relevant information comes from, who it belongs to, and who within the organization should be involved, when alterations are made to this data.
Identifying What’s Critical To The Enterprise
Within each “data domain”, care must then be taken to identify those specific pieces of information which are most critical to the enterprise and its stated business objectives.
With those objectives and values in mind, it should then be possible to draw up strategies and procedures for how the key data relevant to their achievement needs to be treated and managed.
Maintaining A Secure Environment
Throughout the governance process, it’s essential to safeguard the integrity and confidentiality of all the enterprise data and external data sources that are being governed. So best practices for information security management and the establishment of a strong cyber-security posture for the enterprise must be followed at all times.
Perimeter firewalls, detection devices, and endpoint defenses are only part of the story, here. Network privileges and access management protocols must be strictly observed within the corporate barriers. Digital tokens for authorized access, multi-factor authentication procedures, and strong encryption for information in storage and transit should all be considered, in this regard.
Complying To All Required Standards
The demands of industry standards and regulatory compliance regimes will also have an influence on data governance planning and implementation.
Depending on the industry or market sector, there may be unique and specific demands on how customer or transaction data are stored and manipulated, how data should be protected in transit, and so on.
Auditing and record-keeping requirements may draw up their own set of governance conditions, and these will need to be taken into consideration as well.
Setting Benchmarks And Controls To Measure Success
Having established clear goals as to why data governance is being imposed, the final but ongoing stage in the process is to ensure that these objectives are quantifiable, and are being monitored and measured to gauge the program’s success.
Adopting measurable criteria can be a challenge, but benchmarks can be established with a bit of “outside the box” thinking and a focus on key governance areas such as the structure of the scheme itself, data domains, critical data elements, and stewardship.
Automation can be of great value in this regard – from the collection of relevant metrics, through to automated workflow processing and reporting.