What Is Data Governance?
Data governance defines the rules, influence, and regulations for data in order to set and oversee appropriate policy. These rules and policies establish decision rights, as well as the controls that ensure security, accountability, and trustworthiness. Governance is not active day-to-day oversight, but rather a strong foundation for a viable data management system. Like any governance structure, data governance is in place to foster good use of information through sound policy, clarity of controls, and consistent processes.
Data governance stems in part from the collapse of Enron, Adelphia, and other businesses in the early 2000s, which forced companies to take another look at their data and the U.S. government to pass laws ensuring that corporations post accurate financial reports. Data governance formed the core of this work to satisfy requirements of the Sarbanes-Oxley Act (SOX) and other regulations. But data governance has evolved over its relatively short life, and today, even small businesses need available, accurate, and comprehensive information to lead their decision-making and growth.
The Difference Between Data Governance and Data Management
The Dictionary of Data Management defines data governance as “the exercise of authority, control, and shared decision making (planning, monitoring, and enforcing) over the management of data assets.” Data governance initiatives provide the foundation to develop appropriate data management protocols and procedures.
Data management, on the other hand, is the process that puts governance policies into action. Governance provides a framework; thereafter, you can define areas for management (such as security, database, and document control) and infrastructure or architecture management. The governance establishes the why and who for data accessibility and control, while management sets the where and how.
In a similar vein, it should be noted that data governance and data quality are not synonymous, but are closely related. Data quality is the measurement of data accuracy, completeness, availability, and effectiveness. Data governance policies apply guidelines to this vetted data.
What Is a Data Governance Policy?
Before you implement data governance, you need a data governance policy: a set of rules for safeguarding an organization’s data assets. Data governance policies center on establishing roles and responsibilities for data that include access, disposal, storage, backup, and protection.
Data Governance Policy Template
You can use this template to build your data governance policy. It will aid in establishing data quality and reliability standards, as well as standards associated with access, storage, and backup to promote data security.
Assembling a Data Governance Team
Data governance policies apply to everyone within the enterprise: staff, leadership, and even board members. To establish a governance structure, a team or committee is formed to develop the goals, mission, and vision for data oversight.
The team can be composed of information analysts, IT personnel, subject matter experts, and project managers to provide expertise; however, line-of-business professionals can offer the cross-functional balance needed for effective, proactive governance.
The team may be called the Data Governance Board, the Data Stewardship Council, or the Data Governance Committee, and role titles may vary from data manager to data scientist to data architect to data analyst. They may also be part of a larger data governance office (DGO).
The team is primarily responsible for stewardship of the data (the proper care of data assets). The role can fall to one person or, in the case of large organization, a group. The position is responsible for accuracy and for appropriate access. The steward also serves as the arbiter for completeness and updating of data according to stated governance mandates.
The team also provides guidance and structure on strategic data planning, data literacy, and data use, and it provides resolution for master data management (MDM) issues. MDM is often confused with data governance, but they are not one and the same: MDM is the method that enables organizations to link all data to a single master file to streamline data accessibility and sharing.
Data Governance Team Responsibilities
Once a governance team is in place and sets its goals, the group can then outline a policy to structure appropriate data controls, including access, availability, and methods to ensure quality. From the initial vision and mission statements, they can develop a framework to hand off the enactment of data management. Once in place and deployed, a governance team’s work and stewardship continue with a focus on monitoring, observation, and reporting. The team also handles issue resolution and analysis to support data acquisition strategies, compliance, and financial priorities to drive continuous improvement initiatives.
Why Do Organizations Need Data Governance?
More and more, in-house information is finding a new life as a valued asset across the entire organization rather than simply as the property of individual departments. In fact, many data governance initiatives originate as attempts to improve data as it becomes actionable across the organization. Data is now used to develop organizational efficiencies, identify profit opportunities, enhance customer experiences, and improve or develop new products.
However, two of the primary reasons for data governance are regulatory mandates and risk assessments that rely on high-quality data. In particular, many regulations focus on an organization’s data to show proof of compliance, especially in the area of data security. According to the 2013 Rand Secure Archive Data Governance Survey, “82 percent of respondents know they face external regulatory requirements, but 44 percent of those respondents still don’t have a defined data governance policy.”
Areas that benefit from data governance include those that require regulatory reporting data to meet guidelines for Sarbanes-Oxley; Basel I, II, and III; COBIT; Dodd-Frank; cGMP; ISO/IEC 38500; and elements of the Health Insurance Portability and Accountability Act (HIPAA).
What Businesses Need Data Governance?
Most businesses benefit from strong data governance, but industries with heavy regulatory burdens — such as banking, finance, and health care — have a greater need for formalized governance initiatives and are particularly focused on activities that put them at regulatory risk. Adherence to the regulatory challenges directly impact how they manage, report, and protect their sensitive information. Noncompliance can lead to fines, brand damage, or even jail time.
However, it should be noted that any organization that collects sensitive data, such as financial information, Social Security numbers, or medical records, is also subject to regulatory compliance mandates. Strong data governance first validates and promotes quality data, and then puts in place policies, controls, and management to meet internal and external expectations.
And although banking, finance, and healthcare are some of the most highly regulated industries, their governance structures can provide advantages that go beyond information security. In health care, for example, knowledge acquisition can open up opportunities for better patient outcomes.
The requirements for data security are constantly changing, and since many organizations have a global reach, one good use case can be found in the European Directive on General Data Protection Regulation (GDPR), previously known as the Data Protection Directive. This regulation, which goes into effect midyear 2018, outlines provisions that address individual data rights such as portability and access, as well as a right to be forgotten or erased from a company’s data storage.
Goals and Benefits of Data Governance
The primary goal of governance is to assure the integrity of data assets through accountability, consistent data distribution policies, processes, and procedures, standardized systems, and education. The benefits include the following:
- Improve data quality (many use methodologies focused on better process, such as Six Sigma).
- Deliver trustworthy information.
- Create confidence with high-quality, consistent data.
- Make intelligent business decisions.
- Decrease costs and improve profitability while reducing the risk for regulatory fines.
- Drive optimization and effectiveness across departments.
- Enable better strategic planning, risk management, and compliance.
- Establish better collaborative opportunities across organizations and departments.
- Eliminate redundant work.
- Improve data security by identifying vulnerabilities and remediating.
- Increase data value.
- Resolve data problems.
- Support data-driven customer service initiatives.
- Improve business operations quickly during times of growth or merger.
- Comply with industry regulations.
- Improve data transparency across the organization.
- Improve productivity and reduce error with high quality data.
- Enable continuous data improvement initiatives.
Challenges of Data Governance Initiatives
The biggest obstacles for data governance initiatives center on access and availability. Data availability involves more than who is authorized, but also where the data is kept and how it is retrieved, which can lead to new rules for data engagement and areas of misunderstanding. Other challenges come from overcomplicated mandates and policies that are hard to implement and can slow down the work of effective governance.
Conversely, the lack of proper oversight and adjustment can also prevent the benefits of governance from being realized throughout the organization. Many organizations advocate frameworks that value a focused, defined approach but allow for appropriate evaluations and modifications to address potential problems.
In her MIT 2007 Information Quality Industry Symposium presentation, Pierce explains that data is one of the least governed assets because of the following characteristics:
- Data “is increasingly easy to collect and digitize.”
- Data “has increasing importance in products and services.”
- Data “is very hard to value or price.”
- Data “has a decreasing half-life.”
- Data “has increasing security and privacy risk exposure.”
- Data “is a significant expense in most enterprises.”
How to Implement a Data Governance Initiative
A goal of a data governance initiative is to identify the principles for the team and to establish targets and direction. This template will aid you in capturing the meaning of data governance for your organization before you begin your initiative. It will help you gain sponsorship and educate the organization about your mission, vision, and goals.
Frameworks, such as one developed by the Data Governance Institute (DGI), advocate a focus-driven process and policy structure that calls out the elements of greatest importance, such as compliance, data availability, or data use. Data stewards can then begin the process of establishing the rules that specify controls.
Once the team is in place, the group is charged with monitoring and adjusting policy as needed to fulfill mandates. There are numerous software tools and frameworks that provide checklists and processes for clear data oversight.
You can take the following simple steps to implement a data governance program that is consistent and repeatable:
- Identify a framework to follow.
- Define owners of data assets (aka the data stewards).
- Define data governance processes that cover storage, archival, backup, and security.
- Identify regulatory mandates you must adhere to.
- Define controls and audit procedures that ensure compliance.
- Train and educate your users, and implement policies and procedures.
- Leverage analytics for continuous improvement.
To jump-start your initiative and sell the data governance plan internally, you can utilize expert data governance resources, choose powerful technology to enable easy management, and get the word out to the team and business members.
Data Governance Implementation Plan Template
For data governance implementation projects, this template will help collect and track all of the essential tasks for successful implementation. This can be used to keep the project moving and communicate status to stakeholders.
The Nuts and Bolts of Data Governance: Tools and Frameworks
Data governance is not in and of itself a technology, but it can be aided by the use of technology tools. A governance committee sets the guidelines, policies, and focus, and this team should be a prime driver for deploying appropriate data governance tools. Tools that support security and compliance will work differently than those that value storage and retrieval. However, as with most initiatives that involve changing roles or processes, transparent and continual communication should be a high priority. The right tool can also foster this function.
When researching appropriate tools, look for one that strikes the appropriate balance between the role of governance and the functional framework that supports data management.
As with other software solutions and tools, your choice will depend on your organization’s needs. Some tools may be labeled as data governance solutions, while others may be primarily used for different purposes, but are able to address governance needs.
The following are vendor tools for data governance:
- SAP Master Data Governance
- Global IDs
These tools might offer the following features and functionality:
- Data lineage tracking
- Workflow management
- Data governance process management
- Data mapping using metadata
- Data monitoring
- Data cleansing (removal of redundant data)
- Data access and quality controls
- Data usage audit trails
- Data governance policy consent management
- Big data analytics
- Data warehouse functionality
Data Governance Frameworks
Finding the right framework for data governance involves many of the same processes and questions of any new business initiative. As stated earlier, by identifying the overall purpose or focus, you’ve set the foundation to establish decision rights, data integrity, and accessibility.
Frameworks can have different structures that emphasize different goals. If your company is more concerned with compliance, a framework that stresses business intelligence may not be the right one for your organization. Also, frameworks might emphasize management over governance, which may or may not be appropriate for your organization.
Since governance is the setting of policy, many frameworks recognize that it is difficult to integrate an organization’s entire spectrum of data. But some frameworks take a holistic approach and treat data as a tangible asset that is as important as any other enterprise asset. Today's governance frameworks can provide both policy and operations aspects that work to improve operations, customer experiences, and business strategy.
For example, the Universal Data Element Framework incorporates elements for categorizing, naming, and indexing data. In 2004, the Data Governance Institute introduced the DGI Data Governance Framework in response to a demand for a better way to classify, organize, and communicate about data. The DGI framework covers all aspects of data governance, including people, rules, and processes.
Data Governance Framework
This template provides guidance in identifying the purpose and goals of your data governance initiative. In addition, you will include how you plan to measure success and the roles and responsibilities of the data governance team.
Data Governance Resources
Data governance organizations exist to provide new information, practices, and insight that support governance professionals. Organizations such as the Data Management Association (DAMA), Data Governance Professionals Association (DGPO), the Data Governance Society, the Data Governance Institute (DGI), IQ International, Data Governance Australia (DGA), and The Enterprise Data Management Council (EDM) offer articles, coursework, and conferences that follow best practices, industry news, and emerging trends. Many publish vendor-neutral information and advice, as well as comprehensive bodies of knowledge to assist in the development or augmentation of data governance initiatives.
Below is a list of some of the data governance conferences that are held around the world each year:
- Data Governance and Information Quality Conference
- Data Governance Conference Europe
- DAMA International Events
- Financial Information Summit
- Data World
For additional information on security audits, industry compliance standards, and data governance, watch this webinar from Smartsheet.
Related Business Processes
Several enterprise processes are related to data governance, such as the following:
- Risk management
- Regulatory compliance
- Business process management
- Master data management
- Information governance
- Information technology governance
For more information on these and other processes, read this article.
Improve Information and Data Security with Smartsheet
The need for data governance continues to grow among businesses. Backed by a solid framework and sound policy, a well-considered data governance plan helps organizations gain access to the vital information that drives their business, and can help ensure that they stay on top of industry regulations. To get started building a data governance plan, continue using a software tool to tie the pieces together from beginning to end.
Smartsheet is an enterprise work execution platform that fundamentally changes the way teams, leaders, and businesses get work done. Over 74,000 brands and millions of information workers trust Smartsheet as the best way to plan, capture, track, automate, and report on work, while meeting or exceeding preexisting security requirements and protocols.
Smartsheet offers a secure and flexible platform that integrates with your current systems to keep your data safe and your privacy in check. Manage control of user access and safely share information inside and outside of your company. With Smartsheet, you can boost efficiency, improve accuracy, and increase visibility, all while resting assured that your most valuable asset - your data - is encrypted, stored, and preserved under stringent security infrastructure.
Discover how Smartsheet can boost efficiency while keeping your data protected.
To learn more about how Smartsheet is committed to delivering a secure and extensible platform that meets today’s security and privacy requirements, visit our Trust Center.