Data governance is becoming a more important concept for enterprises of all sizes to embrace. The practice is concerned with how an organization handles one of its most precious commodities, namely its data. Governance provides processes by which decisions are made regarding how, when, and by whom data can be accessed and used. Data governance initiatives may look very different based on the focus of the institutions creating the plans.
The type of data that an organization utilizes has a tremendous bearing on how they construct their data governance policies. Defining these policies can be the most challenging aspect of developing a company’s data governance program. One way to alleviate some of the obstacles likely to be encountered is to adopt a data governance framework to build a firm foundation on which your policies can be built.
General Data Governance Frameworks
The Data Governance Institute (DGI) has created general frameworks that can be used by organizations whose focus varies based on their business or regulatory requirements. The purpose of a framework is to help an enterprise settle on the underlying components of their governance initiative. Some of the benefits of following a framework are to:
- Create a clear mission for the data governance program.
- Ensure that there is value in your efforts.
- Establish who will be accountable for various aspects of the program.
- Maintain the scope and focus of the initiative.
- Define measurable successes.
The DGI goes on to describe how a generic framework can be used by organizations with diverse reasons to build policies for data governance. Some examples are organizations focused on:
Data quality – The main points that need to be addressed are defining, monitoring, and reporting on data quality and identifying the stakeholders and their roles in the process.
Privacy, security, and compliance – Stakeholders also need to be identified in this type of governance scenario. The overriding concern here is protecting sensitive data and controlling the risk associated with its handling. Enforcing requirements revolving around regulatory compliance is the purpose of this type of data governance program.
Architecture and integration – A data governance program of this type is usually the result of major system development or acquisition. It strives to create consistent data definitions, support architectural standards and policies, and bring attention to challenges associated with the integration. As in all data governance efforts, the identification of the proper stakeholders is of prime importance.
Universal Data Governance Frameworks
Many universal frameworks have been developed by organizations or governmental agencies to address various aspects of a company’s operations or data management. These can be an excellent resource to be used as the foundation of your data governance program. They offer a standardized and tested method of codifying the requirements associated with the handling of data. In some cases, compliance with these frameworks is mandated by the type of data with which a business is involved.
ISO 27001 – This framework was created by the International Standards Organization and formally specifies a management system designed to provide information security. It lays out requirements that must be met when auditing information security management systems and is designed to assist an institution in their attempts to secure their data.
HIPPA – The Health Insurance Portability and Accountability Act is enforced by law on any organization that handles and maintains health information. There are specific parts of the act that relate to IT and cybersecurity.
PCI DSS – The Global Payment Card Data Security Standard is used by the credit card industry as a form of self-regulation. It guides businesses to process card information securely. Companies that are involved with credit cards also are handling personal information and will also be impacted by other compliance regulations.
GDPR – The European Union began enforcing the General Data Protection Regulation in 2018. If affects anyone doing business with EU citizens who will need to comply with the regulation’s requirements. Failure to do so risks substantial financial penalties.
Implementing a Data Governance Framework
Regardless of the framework you choose to employ in your data governance initiative, you need the right tools to successfully implement it in your organization. What is needed is a collaborative tool that can be used to build data definitions, naming standards, and a glossary of business terms. It should provide an effective means of communicating data models and metadata throughout the enterprise. This tool will be used to build the foundation of your data governance program.
IDERA’s ER/Studio Enterprise Team Edition supplies all of these features in an application that will allow your business to develop and maintain a viable data governance program. The tool enables the building of the enterprise data model on which a data governance program can be based. It can discover and document existing data assets and perform impact analysis related to new policies and data modifications. ER/Studio can be instrumental in facilitating a data governance program in conjunction with an underlying framework that provides your business with clear directives regarding the handling of its data.