Click to learn more about author Steve Zagoudis.
In previous blog posts, we defined the purpose, scope, and objectives and target audience of a Data Governance policy. In this blog post, we will complete the remaining sections needed for an effective Data Governance policy.
These sections are designed to provide the guiding principles and basic foundational elements of Data Governance. We continue to move the bar on defining Governance-in-Motion, which is a Systems Thinking approach to Data Governance. As such we have updated the guiding principles to include a more systemic look at an organization.
The final section of this Data Governance policy outlines the roles and responsibilities of effective Data Governance. Keep in mind that defining Data Governance within an organization requires understanding the different metadata components that link the various governance roles associated with a business unit and its data needs.
In this blog post, we have defined the proverbial “thou shalt” aspects of a Data Governance policy. The tone is intentionally firm to set the expectation across the organization that Data Governance is a formal discipline. Many clients elevate Data Governance to a committee designation (e.g., Data Governance committee), with all the associated board-level governance artifacts such as meeting minutes and metrics.
Several clients have asked us to expand the scope of their policy to include unstructured data, records, records retention, and overall Crown Jewel Data Management. For example, awareness of the location of confidential, PII, and HIPAA data is of growing interest among our clients. We have had considerable success in merging the Data Governance and Information Governance disciplines together under an overarching risk management policy. This change would move your organization towards the broader information governance or risk management area instead of the more limited Data Governance focus. We can expand on this point as requested.
V. GUIDING PRINCIPLES
The following guiding principles are aspirational in nature to provide guidance on strategic business and technical decisions regarding an organization’s data and information:
VI. FOUNDATIONAL ELEMENTS
The following foundational elements set the implementation tone for Data Governance:
- Metadata: Term used to describe “data about data.” Metadata is the collection of business rules and technology characteristics about any given data element.
- An organization strives to achieve zero-defect for key data elements, such that data errors do not have a material impact on operations, internal reporting, and financial disclosure.
- Data Governance will be implemented based on subject areas of data. A subject area consists of similar data elements by type or business purpose.
- An organization shall have a Data Governance Council (DGC), reporting to a designated executive management body.
- Data Governance roles of owner, delegate, and consumer will be assigned for each subject area.
- Protection and safeguard of an organization’s data assets will be in keeping with the requirement of any prevailing the information security policy or the record management policy.
VII. ROLES AND RESPONSIBILITIES
Outlined below are the detailed roles and responsibilities associated with an effective Data Governance implementation:
A. Data Governance Council (DGC)
- DGC defines roles, standardizes rules, and provides Data Governance oversight.
- DGC designates the following registered governance stakeholders for each subject area: data owner, data delegate, and data consumer.
- DGC recommends the implementation of technical Data Governance controls, which provide evidence that known copies of data are in sync with the system of record.
- The DGC will assign responsibility to a team within an organization who will maintain and provide a list of all registered governance stakeholders.
- The DGC will ensure that data definitions are maintained for data subject areas. Data definitions for specific data elements will be in accordance with business requirements and established priorities.
- The DGC will ensure that departments consuming an organization’s data are documented at the level of the subject area to provide awareness needed so data consumers are notified of pending data changes or issues.
- Other specific roles and responsibilities of the DGC will be as defined in the council’s charter.
B. Data Owner
- The data owner is responsible for data definition (including source and security classification), validation (including controls), and authorizing access.
- The data owner is responsible for the accuracy of the data element(s), or the rules defining derived data, or both.
- The data owner ensures that data follows required process flows upon its creation and establishes appropriate controls for downstream data feeds/flows.
- As the subject matter expert over the data, the data owner provides guidance to data delegates and consumers as needed.
- The data owner authorizes data access via an organization’s existing user access rights procedures.
C. Data Delegate (Data Steward)
- The data delegate acts as the agent to control and communicate process and distribution of data.
- The data delegate ensures data follows process flows over the life of the data, performs data maintenance, and verifies data accuracy.
- The data delegate communicates to consumers and owners regarding data and may also be responsible for granting access to the data in accordance with rules defined by the data owner.
D. Data Consumer
The data consumer is anyone with a legitimate, clearly articulated business need to access a specific type of data for business reasons. Data consumers may also be entities outside of an organization that consume specific types of data (e.g., customers, vendors, tax authorities, state or federal governing bodies, SEC, etc.). When data consumers transform existing data to derive new data, they become data owners for the resulting data.
The last component to a Data Governance policy would be the business glossary of terms that provide a common understanding for all stakeholders.