What is Data Governance
Data governance is the practice of identifying important data across an organization, ensuring it is of high quality, and improving its value to the business.
A data governance policy is a document that formally outlines how organizational data will be managed and controlled. A few common areas covered by data governance policies are:
- Data quality – ensuring data is correct, consistent and free of “noise” that might impeded usage and analysis.
- Data availability – ensuring that data is available and easy to consume by the business functions that require it.
- Data usability – ensuring data is clearly structured, documented and labeled, enables easy search and retrieval, and is compatible with tools used by business users.
- Data integrity – ensuring data retains its essential qualities even as it is stored, converted, transferred and viewed across different platforms.
- Data security – ensuring data is classified according to its sensitivity, and defining processes for safeguarding information and preventing data loss and leakage.
Addressing all of these points requires a right combination of people skills, internal processes, and the appropriate technology.
A data steward is an organizational role responsible for enacting the data governance policy. Data stewards are typically subject matter experts who are familiar with the data used by a specific business function or department. They ensure the fitness of data elements, both content and metadata, administer the data and ensure compliance with regulations.
Data Governance Frameworks
A data governance framework is a structure that helps an organization assign responsibilities, make decisions, and take action on enterprise data. Data governance frameworks can be classified into three types:
- Command and control – the framework designates a few employees as data stewards, and requires them to take on data governance responsibilities.
- Traditional – the framework designates a larger number of employees as data stewards, on a voluntary basis, with a few serving as “critical data stewards” with additional responsibilities.
- Non-invasive – the framework recognizes people as data stewards based on their existing work and relation to the data; everyone who creates and modifies data becomes a data steward for that data.
Essential elements of a data governance framework include:
- Funding and management support – a data governance framework is not meaningful unless it is backed by management as an official company policy.
- User engagement – ensuring those who consume the data understand and will cooperate with data governance rules.
- Data governance council – a formal body responsible for defining the data governance framework and helping to enact it in the organization.
While many companies create data governance frameworks independently, there are several standards which can help formulate a data governance framework, including COBIT, ISO/IEC 38500, and ISO/TC 215.
Goals of Information Governance Initiatives
Data and information governance helps organizations achieve goals such as:
- Complying with standards like SOX, Basel I/II, HIPAA, GDPR
- Maximizing the value of data and enabling its re-use
- Improving data-driven decision making
- Reducing the cost of data management
Data Governance Strategy
A data governance strategy informs the content of an organization’s data governance framework. It requires you to define, for each set of organizational data:
- Where: Where it is physically stored
- Who: Who has or should have access to it
- What: Definition of important entities such as “customer”, “vendor”, “transaction”
- How: What the current structure of the data is
- Quality: Current and desired quality of the source data and consumable data sets
- Goals: What we want to do with this data
- Requirements: What needs to happen for the data to meet the goals
Data Governance Best Practices
A data governance initiative must start with broad management support and acceptance from stakeholders who own and manage the data (called data custodians).
It is advisable to start with a small pilot project, on a set of data which is especially problematic and in need of governance, to show stakeholders and management what is involved, and demonstrate the return on investment of data governance activity.
When rolling out data governance across the organization, use templates, models and existing tools when possible in order to save time and empower organizational roles to improve quality, accessibility and integrity for their own data. Evaluate and consider using data governance tools which can help standardize processes and automate manual activities.
Most importantly, build a community of data stewards willing to take responsibility for data quality. Preferably, these should be the individuals who already create and manage data sets, and understand the value of making data usable for the entire organization.
Data Governance Tools
Master Data Management (MDM) tools are commonly used in data governance projects, to define a business glossary which is a single point of reference for critical business data. MDM tools help define official data types, categories and values—for example, an official list of product catalog numbers—and manage business workflows related to this Master Data.
Security tools are also crucial for data governance, and responsible for the task of safeguarding of sensitive data.
Imperva File Firewall is an example of a security tool built specifically to assist with governance. With it, you can monitor files and databases across the organization, to:
- Discover and map file and database servers
- Identify securing sensitive data such as social security numbers, credit card data, etc.
- Gain visibility and control over current usage of data
- Enable role- and workflow-based management of data—allowing you to grant access to data stewards to the data for which they are responsible, at the appropriate stages of its lifecycle
- Create compliance reports for organizational data
All of the above are critical for laying down and effectively executing a comprehensive data governance.