View
12.295
Download
2
Embed Size (px)
DESCRIPTION
To provide an overview of the importance and relevance of data governance as part of an information management initiative
Citation preview
Data Governance: Keystone of Information Management Initiatives
Alan McSweeney
April 21, 2010 2
Objectives
• To provide an overview of the importance and relevance of data governance as part of an information management initiative
April 21, 2010 3
Agenda
• Data Management Issues
• Data Governance and Data Management Frameworks
• Approach to Data Governance
• State of Information and Data Governance
April 21, 2010 4
Data Governance
• Provides an operating discipline for managing data and information as a key enterprise asset
• Includes organisation, processes and tools for establishing and exercising decision rights regarding valuation and management of data
• Elements of data governance− Decision making authority− Compliance− Policies and standards− Data inventories− Full lifecycle management− Content management− Records management,− Preservation and disposal− Data quality− Data classification− Data security and access− Data risk management− Data valuation
April 21, 2010 5
Data Management Issues
• Discovery - cannot find the right information
• Integration - cannot manipulate and combine information
• Insight - cannot extract value and knowledge from information
• Dissemination - cannot consume information
• Management – cannot manage and control information volumes and growth
April 21, 2010 6
Data Management Problems – User View
• Managing Storage Equipment
• Application Recoveries / Backup Retention
• Vendor Management
• Power Management
• Regulatory Compliance
• Lack of Integrated Tools
• Dealing with Performance Problems
• Data Mobility
• Archiving and Archive Management
• Storage Provisioning
• Managing Complexity
• Managing Costs
• Backup Administration and Management
• Proper Capacity Forecasting and Storage Reporting
• Managing Storage Growth
April 21, 2010 7
Information Management Challenges
• Explosive Data Growth−Value and volume of data is overwhelming
−More data is see as critical
−Annual rate of 50+% percent
• Compliance Requirements− Compliance with stringent regulatory requirements and audit
procedures
• Fragmented Storage Environment− Lack of enterprise-wide hardware and software data storage
strategy and discipline
• Budgets− Frozen or being cut
April 21, 2010 8
Information Management Issues
• 52% of users don’t have confidence in their information
• 59% of managers miss information they should have used
• 42% of managers use wrong information at least once a week
• 75% of CIOs believe they can strengthen their competitive advantage by better using and managing enterprise data
• 78% of CIOs want to improve the way they use and manage their data
• Only 15% of CIOs believe that their data is currently comprehensively well managed
April 21, 2010 9
Data Quality
• Poor data quality costs real money
• Process efficiency is negatively impacted by poor data quality
• Full potential benefits of new systems not be realised because of poor data quality
• Decision making is negatively affected by poor data quality
April 21, 2010 10
Information
• Information in all its forms –input, processed, outputs – is a core component of any IT system
• Applications exist to process data supplied by users and other applications
• Data breathes life into applications
• Data is stored and managed by infrastructure – hardware and software
• Data is a key organisation asset with a substantial value
• Significant responsibilities are imposed on organisations in managing data
Processes
People Infrastructure
Information
Applications
IT Systems
April 21, 2010 11
Data, Information and Knowledge
• Data is the representation of facts as text, numbers, graphics, images, sound or video
• Data is the raw material used to create information
• Facts are captured, stored, and expressed as data
• Information is data in context
• Without context, data is meaningless - we create meaningful information by interpreting the context around data
• Knowledge is information in perspective, integrated into a viewpoint based on the recognition and interpretation of patterns, such astrends, formed with other information and experience
• Knowledge is about understanding the significance of information
• Knowledge enables effective action
April 21, 2010 12
Data, Information, Knowledge and Action
Data
ActionKnowledge
Information
April 21, 2010 13
Information is an Organisation Asset
• Tangible organisation assets are seen as having a value and are managed and controlled using inventory and asset management systems and procedures
• Data, because it is less tangible, is less widely perceived as a real asset, assigned a real value and managed as if it had a value
• High quality, accurate and available information is a pre-requisite to effective operation of any organisation
• Information is a high-value asset of any enterprise
• What do you do when you have something valuable
− Retain it
− Protect it
− Manage it
April 21, 2010 14
Data Management and Project Success
• Data is fundamental to the effective and efficient operation of any solution
− Right data
− Right time
− Right tools and facilities
• Without data the solution has no purpose
• Data is too often overlooked in projects
• Project managers frequently do not appreciate the complexity of data issues
April 21, 2010 15
Generalised Information Management Lifecycle
• Design, define and implement framework to manage information through this lifecycle
• Generalised lifecycle that differs for specific information types
Enter, Create, Acquire, Derive, Update, Capture
Store, Manage, Replicate and Distribute
Protect and Recover
Archive and Recall
Delete/Remove
Manage, Control and Adm
inister
April 21, 2010 16
Generalised Information Management Lifecycle
• Need to implement management frameworks and associated solutions to automate the information lifecycle
Data Governance Framework
Data Architecture to Implement Data
Governance
Data Infrastructure to Implement Data
Architecture
Data Operations to Manage Data Infrastructure
April 21, 2010 17
Expanded Generalised Information Management Lifecycle
Enter, Create, Acquire, Derive, Update, Capture
Store, Manage, Replicate and
Distribute
Protect and Recover
Archive and Recall
Delete/Remove
Design, Implem
ent, Manage, Control and Adm
inister
Implement Underlying
Infrastructure
Plan, Design and Specify
• Include phases for information management lifecycle design and implementation of appropriate hardware and software to actualise lifecycle
April 21, 2010 18
Objectives of Implementing Solutions to Deliver Generalised Information Management Lifecycle
• Establish effective policies for lifecycle enterprise information management to control data growth and lower information management costs
• Meet service level goals to ensure the timely completion of key business processes for mission-critical applications
• Support appropriate data retention compliance initiatives and mitigate risk for compliance, audits and legal discovery requests
• Support appropriate data retention compliance requirements and mitigate risk for compliance, audits and legal discovery requests that keep historical transaction records accessible until legal retention periods expire
• Implement scalable archiving strategies that easily adapt to ongoing business requirements
• Improve application portfolio management to decommission redundant applications and simplify the IT infrastructure
• Manage application information growth and its impact on service levels, operational costs and risks as well as storage requirements
• Manage data quality, consistency, security, privacy and accuracy
April 21, 2010 19
Data and Information Management
• Data and information management is a business process consisting of the planning and execution of policies, practices, and projects that acquire, control, protect, deliver, and enhance the value of data and information assets
April 21, 2010 20
Data and Information Management
To manage and utilise information as a strategic asset
To implement processes, policies, infrastructure and solutions to govern, protect, maintain and use information
To make relevant and correct information available in all business processes and IT systems for the right people in the right context at
the right time with the appropriate security and with the right quality
To exploit information in business decisions, processes and relations
April 21, 2010 21
Data Management Goals
• Primary goals
− To understand the information needs of the enterprise and all its stakeholders
− To capture, store, protect, and ensure the integrity of data assets
− To continually improve the quality of data and information, including accuracy, integrity, integration, relevance and usefulness of data
− To ensure privacy and confidentiality, and to prevent unauthorised inappropriate use of data and information
− To maximise the effective use and value of data and information assets
April 21, 2010 22
Data Management Goals
• Secondary goals
− To control the cost of data management
− To promote a wider and deeper understanding of the value of data assets
− To manage information consistently across the enterprise
− To align data management efforts and technology with business needs
April 21, 2010 23
Triggers for Data Management Initiative
• When an enterprise is about to undertake architectural transformation, data management issues need to be understood and addressed
• Structured and comprehensive approach to data management enables the effective use of data to take advantage of its competitive advantages
April 21, 2010 24
Data Management Principles
• Data and information are valuable enterprise assets
• Manage data and information carefully, like any other asset, by ensuring adequate quality, security, integrity, protection, availability, understanding and effective use
• Share responsibility for data management between business data owners and IT data management professionals
• Data management is a business function and a set of related disciplines
April 21, 2010 25
Organisation Data Management Function
• Business function of planning for, controlling and delivering data and information assets
• Development, execution, and supervision of plans, policies, programs, projects, processes, practices and procedures that control, protect, deliver, and enhance the value of data and information assets
• Scope of the data management function and the scale of its implementation vary widely with the size, means, and experience of organisations
• Role of data management remains the same across organisations even though implementation differs widely
April 21, 2010 26
Scope of Complete Data Management Function
Data
Operations
Management
Data
Governance
Data
Development
Metadata
ManagementData
Warehousing
and Business
Intelligence
Management
Data
Quality
Management
Data
Security
Management
Reference and
Master Data
Management
Document and
Content
Management
Data
Architecture
Management
April 21, 2010 27
Data Governance
• Capstone of Data Management initiatives
Database Architecture Management
Data Warehousing and Business Intelligence Management
Data Quality Management
Data Security Management
Metadata Management
Data Development
Data Operations Management
Reference and Master Data Management
Document and Content Management
Data Governance
April 21, 2010 28
Objectives of Data Governance
• Guide information management decision-making
• Ensure information is consistently defined and well understood
• Increase the use and trust of data as an organisation asset
• Improve consistency of projects across the organisation
• Ensure regulatory compliance
• Eliminate data risks
April 21, 2010 29
Shared Role Between Business and IT
• Data management is a shared responsibility between data management professionals within IT and the business data owners representing the interests of data producers and information consumers
• Business data ownership is the concerned with accountability for business responsibilities in data management
• Business data owners are data subject matter experts
• Represent the data interests of the business and take responsibility for the quality and use of data
April 21, 2010 30
Why Develop and Implement a Data Management Framework?
• Improve organisation data management efficiency
• Deliver better service to business
• Improve cost-effectiveness of data management
• Match the requirements of the business to the management of the data
• Embed handling of compliance and regulatory rules into data management framework
• Achieve consistency in data management across systems and applications
• Enable growth and change more easily
• Reduce data management and administration effort and cost
• Assist in the selection and implementation of appropriate data management solutions
• Implement a technology-independent data architecture
April 21, 2010 31
Data Governance and Data Management Frameworks
April 21, 2010 32
Data Governance and Data Management Frameworks
• DMBOK - Data Management Book of Knowledge
• TOGAF - The Open Group Architecture Framework
• COBIT - Control Objectives for Information and related Technology
April 21, 2010 33
DMBOK, TOGAF and COBIT
TOGAF Defines the Process for Creating a Data
Architecture as Part of an Overall Enterprise
Architecture
COBIT Provides Data Governance as Part of Overall IT Governance
DMBOK Provides Detailed for Definition,
Implementation and Operation of Data
Management and Utilisation
Can be a Precursor to
Implementing Data
Management
Can Provide a Maturity Model for Assessing Data Management
DMBOK Is a Specific and Comprehensive Data Oriented Framework
April 21, 2010 34
DMBOK, TOGAF and COBIT – Scope and Overlap
DMBOK
COBIT
TOGAF
Data Governance
Data Architecture ManagementData Management
Data Migration
Data DevelopmentData Operations Management
Reference and Master Data ManagementData Warehousing and Business Intelligence Management
Document and Content ManagementMetadata Management
Data Quality Management
Data Security Management
April 21, 2010 35
Data Management Book of Knowledge (DMBOK)
• DMBOK is a generalised and comprehensive framework for managing data across the entire lifecycle
• Developed by DAMA (Data Management Association)
• DMBOK provides a detailed framework to assist development and implementation of data management processes and procedures and ensures all requirements are addressed
• Enables effective and appropriate data management across the organisation
• Provides awareness and visibility of data management issues and requirements
April 21, 2010 36
Data Management Book of Knowledge (DMBOK)
• Not a solution to your data management needs
• Framework and methodology for developing and implementing an appropriate solution
• Generalised framework to be customised to meet specific needs
• Provide a work breakdown structure for a data management project to allow the effort to be assessed
• No magic bullet
April 21, 2010 37
Data Management-Related Frameworks
• TOGAF (and other enterprise architecture standards) define a process for arriving an at enterprise architecture definition, including data
• TOGAF has a phase relating to data architecture
• TOGAF deals with high level
• DMBOK translates high level into specific details
• COBIT is concerned with IT governance and controls:− IT must implement internal controls around how it operates− The systems IT delivers to the business and the underlying business processes
these systems actualise must be controlled – these are controls external to IT− To govern IT effectively, COBIT defines the activities and risks within IT that
need to be managed
• COBIT has a process relating to data management
• Neither TOGAF nor COBIT are concerned with detailed data management design and implementation
April 21, 2010 38
TOGAF and Data Management
Phase H: Architecture
Change Management
Phase G:
Implementation
Governance
Phase F: Migration Planning
Phase E: Opportunities and Solutions
Phase D: Technology Architecture
Phase C: Information
Systems Architecture
Phase B: Business
Architecture
Phase A: Architecture
Vision
Requirements Management
Phase C1: Data
Architecture
Phase C2: Solutions and Application Architecture
• Phase C1 (subset of Phase C) relates to defining a data architecture
April 21, 2010 39
TOGAF Phase C1: Information Systems Architectures - Data Architecture - Objectives
• Purpose is to define the major types and sources of data necessary to support the business, in a way that is:
−Understandable by stakeholders
− Complete and consistent
− Stable
• Define the data entities relevant to the enterprise
• Not concerned with design of logical or physical storage systems or databases
April 21, 2010 40
TOGAF Phase C1: Information Systems Architectures - Data Architecture - Overview
Phase C1: Information Systems Architectures - Data Architecture
Approach Elements Inputs Steps Outputs
Key Considerations for Data Architecture
Architecture Repository
Reference Materials External to the Enterprise
Non-Architectural Inputs
Architectural Inputs
Select Reference Models, Viewpoints, and Tools
Develop Baseline Data Architecture Description
Develop Target Data Architecture Description
Perform Gap Analysis
Define Roadmap Components
Resolve Impacts Across the Architecture Landscape
Conduct Formal Stakeholder Review
Finalise the Data Architecture
Create Architecture Definition Document
April 21, 2010 41
TOGAF Phase C1: Information Systems Architectures - Data Architecture - Approach - Key Considerations for Data Architecture
• Data Management− Important to understand and address data management issues
− Structured and comprehensive approach to data management enables the effective use of data to capitalise on its competitive advantages
− Clear definition of which application components in the landscape will serve as the system of record or reference for enterprise master data
− Will there be an enterprise-wide standard that all application components, including software packages, need to adopt
− Understand how data entities are utilised by business functions, processes, and services
− Understand how and where enterprise data entities are created, stored, transported, and reported
− Level and complexity of data transformations required to support the information exchange needs between applications
− Requirement for software in supporting data integration with external organisations
April 21, 2010 42
TOGAF Phase C1: Information Systems Architectures - Data Architecture - Approach - Key Considerations for Data Architecture
• Data Migration
− Identify data migration requirements and also provide indicatorsas to the level of transformation for new/changed applications
− Ensure target application has quality data when it is populated
− Ensure enterprise-wide common data definition is established to support the transformation
April 21, 2010 43
TOGAF Phase C1: Information Systems Architectures - Data Architecture - Approach - Key Considerations for Data Architecture
• Data Governance
− Ensures that the organisation has the necessary dimensions in place to enable the data transformation
− Structure – ensures the organisation has the necessary structure and the standards bodies to manage data entity aspects of the transformation
−Management System - ensures the organisation has thenecessary management system and data-related programs to manage the governance aspects of data entities throughout its lifecycle
− People - addresses what data-related skills and roles the organisation requires for the transformation
April 21, 2010 44
TOGAF Phase C1: Information Systems Architectures - Data Architecture - Outputs
• Refined and updated versions of the Architecture Vision phase deliverables− Statement of Architecture Work
− Validated data principles, business goals, and business drivers
• Draft Architecture Definition Document− Baseline Data Architecture
− Target Data Architecture• Business data model
• Logical data model
• Data management process models
• Data Entity/Business Function matrix
• Views corresponding to the selected viewpoints addressing key stakeholder concerns
− Draft Architecture Requirements Specification• Gap analysis results
• Data interoperability requirements
• Relevant technical requirements
• Constraints on the Technology Architecture about to be designed
• Updated business requirements
• Updated application requirements
− Data Architecture components of an Architecture Roadmap
April 21, 2010 45
COBIT StructureCOBIT
Plan and Organise (PO) Acquire and Implement (AI) Deliver and Support (DS) Monitor and Evaluate (ME)
PO1 Define a strategic IT plan
PO2 Define the information architecture
AI1 Identify automated solutionsDS1 Define and manage service
levelsME1 Monitor and evaluate IT
performance
PO3 Determine technological direction
PO4 Define the IT processes, organisation and relationships
PO5 Manage the IT investment
PO6 Communicate management aims and direction
PO7 Manage IT human resources
PO8 Manage quality
PO9 Assess and manage IT risks
PO10 Manage projects
AI2 Acquire and maintain application software
AI3 Acquire and maintain technology infrastructure
AI4 Enable operation and use
AI5 Procure IT resources
AI6 Manage changes
AI7 Install and accredit solutions and changes
DS2 Manage third-party services
DS3 Manage performance and capacity
DS4 Ensure continuous service
DS5 Ensure systems security
DS6 Identify and allocate costs
DS7 Educate and train users
DS8 Manage service desk and incidents
DS9 Manage the configuration
DS10 Manage problems
DS11 Manage data
DS12 Manage the physical environment
DS13 Manage operations
ME2 Monitor and evaluate internal control
ME3 Ensure regulatory compliance
ME4 Provide IT governance
April 21, 2010 46
COBIT and Data Management
• COBIT objective DS11 Manage Data within the Deliver and Support (DS) domain
• Effective data management requires identification of data requirements
• Data management process includes establishing effective procedures to manage the media library, backup and recovery of data and proper disposal of media
• Effective data management helps ensure the quality, timeliness and availability of business data
April 21, 2010 47
COBIT and Data Management
• Objective is the control over the IT process of managing data that meets the business requirement for IT of optimising the use of information and ensuring information is available as required
• Focuses on maintaining the completeness, accuracy, availability and protection of data
• Involves taking actions− Backing up data and testing restoration
− Managing onsite and offsite storage of data
− Securely disposing of data and equipment
• Measured by− User satisfaction with availability of data
− Percent of successful data restorations
− Number of incidents where sensitive data were retrieved after media were disposed of
April 21, 2010 48
COBIT Process DS11 Manage Data
• DS11.1 Business Requirements for Data Management− Establish arrangements to ensure that source documents expected from the business are received, all data received from the
business are processed, all output required by the business is prepared and delivered, and restart and reprocessing needs are supported
• DS11.2 Storage and Retention Arrangements− Define and implement procedures for data storage and archival, so data remain accessible and usable− Procedures should consider retrieval requirements, cost-effectiveness, continued integrity and security requirements− Establish storage and retention arrangements to satisfy legal, regulatory and business requirements for documents, data, archives,
programmes, reports and messages (incoming and outgoing) as well as the data (keys, certificates) used for their encryption and authentication
• DS11.3 Media Library Management System− Define and implement procedures to maintain an inventory of onsite media and ensure their usability and integrity− Procedures should provide for timely review and follow-up on any discrepancies noted
• DS11.4 Disposal− Define and implement procedures to prevent access to sensitive data and software from equipment or media when they are
disposed of or transferred to another use− Procedures should ensure that data marked as deleted or to be disposed cannot be retrieved.
• DS11.5 Backup and Restoration− Define and implement procedures for backup and restoration of systems, data and documentation in line with business
requirements and the continuity plan− Verify compliance with the backup procedures, and verify the ability to and time required for successful and complete restoration− Test backup media and the restoration process
• DS11.6 Security Requirements for Data Management− Establish arrangements to identify and apply security requirements applicable to the receipt, processing, physical storage and
output of data and sensitive messages− Includes physical records, data transmissions and any data stored offsite
April 21, 2010 49
COBIT Data Management Goals and Metrics
•Backing up data and testing restoration•Managing onsite and offsite storage of data•Securely disposing of data and equipment
Activity Goals
•Frequency of testing of backup media•Average time for data restoration
Key Performance Indicators
•Maintain the completeness, accuracy, validity and accessibility of stored data•Secure data during disposal of media•Effectively manage storage media
Process Goals
•% of successful data restorations•# of incidents where sensitive data were retrieved after media were disposed of•# of down time or data integrity incidents caused by insufficient storage capacity
Process Key Goal Indicators
•Backing up data and testing restoration•Managing onsite and offsite storage of data•Securely disposing of data and equipment
Activity Goals
•Occurrences of inability to recover data critical to business process•User satisfaction with availability of data•Incidents of noncompliance with laws due to storage management issues
IT Key Goal Indicators
Are Measured By
Are Measured By
Are Measured By Drive Drive
April 21, 2010 50
Approach to Data Governance
April 21, 2010 51
Data Governance
• Core function of Data Management
• Interacts with and influences each of the surrounding ten data management functions
• Data governance is the exercise of authority and control (planning, monitoring, and enforcement) over the management of data assets
• Data governance function guides how all other data management functions are performed
• High-level, executive data stewardship
• Data governance is not the same thing as IT governance
• Data governance is focused exclusively on the management of dataassets
April 21, 2010 52
Data Governance
• Shared decision making is the hallmark of data governance
• Requires working across organisational and system boundaries
• Some decisions are primarily business decisions made with input and guidance from IT
• Other decisions are primarily technical decisions made with input and guidance from business data stewards at all levels
Business Operating Model
IT Leadership
Capital Investments
Research and Development Funding
Data Governance Model
Enterprise Information Model
Information Needs
Information Specifications
Quality Requirements
Issue Resolution
Information Management Strategy
Information Management Policies
Information Management Standards
Information Management Metrics
Information Management Services
Database Architecture
Data Integration Architecture
Data Warehousing Architecture
Metadata Architecture
Technical Metadata
Decisions Made by Business
Management
Decisions Made by IT
Management
April 21, 2010 53
Data Governance
• Data governance is accomplished most effectively as an on-going program and a continual improvement process
• Every effective data governance program is unique, taking into account distinctive organisational and cultural issues, and the immediate data management challenges and opportunities
• Data governance is not the same thing as IT governance
April 21, 2010 54
Data Governance and IT Governance
• IT Governance makes decisions about − IT investments
− IT application portfolio
− IT project portfolio
• IT Governance aligns the IT strategies and investments with enterprise goals and strategies
• COBIT (Control Objectives for Information and related Technology) provides standards for IT governance− Only a small portion of the COBIT
framework addresses managing information
• Some critical issues, such as Sarbanes-Oxley compliance, span the concerns of corporate governance, IT governance, and data governance
• Data Governance is focused exclusively on the management of data assets
• Data Governance is at the heart of managing data assets
April 21, 2010 55
Data Governance – Definition and Goals
• Definition
− The exercise of authority and control (planning, monitoring, andenforcement) over the management of data assets
• Goals
− To define, approve, and communicate data strategies, policies, standards, architecture, procedures, and metrics
− To track and enforce regulatory compliance and conformance to data policies, standards, architecture, and procedures
− To sponsor, track, and oversee the delivery of data management projects and services
− To manage and resolve data related issues
− To understand and promote the value of data assets
April 21, 2010 56
Data Governance - Overview
•Business Goals•Business Strategies•IT Objectives•IT Strategies•Data Needs•Data Issues•Regulatory Requirements
Inputs
•Business Executives•IT Executives•Data Stewards•Regulatory Bodies
Suppliers
•Intranet Website•E-Mail•Metadata Tools•Metadata Repository•Issue Management Tools•Data Governance KPI•Dashboard
Tools
•Executive Data Stewards•Coordinating Data Stewards•Business Data Stewards•Data Professionals•DM Executive•CIO
Participants
•Data Policies•Data Standards•Resolved Issues•Data Management Projects and Services•Quality Data and Information•Recognised Data Value
Primary Deliverables
•Data Producers•Knowledge Workers•Managers and Executives•Data Professionals•Customers
Consumers
•Data Value•Data Management Cost•Achievement of Objectives•# of Decisions Made•Steward Representation / Coverage•Data Professional Headcount•Data Management Process Maturity
Metrics
Data Governance
April 21, 2010 57
Data Governance Function, Activities and Sub-Activities
Data Governance
Data Management Planning Data Management Control
Understand Strategic Enterprise Data Needs
Develop and Maintain the Data Strategy
Establish Data Professional Roles and Organisations
Identify and Appoint Data Stewards
Establish Data Governance and Stewardship Organisations
Develop and Approve Data Policies, Standards, and Procedures
Review and Approve Data Architecture
Plan and Sponsor Data Management Projects and Services
Estimate Data Asset Value and Associated Costs
Supervise Data Professional Organisations and Staff
Coordinate Data Governance Activities
Manage and Resolve Data Related Issues
Monitor and Ensure Regulatory Compliance
Monitor and Enforce Conformance with Data Policies, Standards and Architecture
Oversee Data Management Projects and Services
Communicate and Promote the Value of Data Assets
April 21, 2010 58
Data Governance
• Data governance is accomplished most effectively as an on-going program and a continual improvement process
• Every data governance programme is unique, taking into account distinctive organisational and cultural issues, and the immediate data management challenges and opportunities
• Data governance is at the core of managing data assets
April 21, 2010 59
Data Governance - Possible Organisation Structure
Data Governance Structure
Organisation Data Governance Council
Business Unit Data Governance Councils
Data Stewardship Committees
Data Stewardship Teams
CIO
Data Technologists
Data Management ExecutiveData Governance Office
April 21, 2010 60
Data Governance Shared Decision Making
Enterprise Information Model
Business Operating Model
Information NeedsIT Leadership
Information SpecificationsCapital Investments
Quality Requirements
Research and Development
Funding
Issue ResolutionData Governance Model
Business Decisions IT DecisionsShared Decision Making
Database Architecture
Enterprise Information
Management Strategy
Data Integration Architecture
Enterprise Information
Management Policies
Data Warehousing and Business Intelligence Architecture
Enterprise Information
Management Standards
Metadata Architecture
Enterprise Information
Management Metrics
Technical Metadata
Enterprise Information
Management Services
April 21, 2010 61
Data Stewardship
• Formal accountability for business responsibilities ensuring effective control and use of data assets
• Data steward is a business leader and/or recognised subject matter expert designated as accountable for these responsibilities
• Manage data assets on behalf of others and in the best interests of the organisation
• Represent the data interests of all stakeholders, including but not limited to, the interests of their own functional departments and divisions
• Protects, manages, and leverages the data resources
• Must take an enterprise perspective to ensure the quality and effective use of enterprise data
April 21, 2010 62
Data Stewardship - Roles
• Executive Data Stewards – provide data governance and make of high-level data stewardship decisions
• Coordinating Data Stewards - lead and represent teams of business data stewards in discussions across teams and with executive data stewards
• Business Data Stewards - subject matter experts work with data management professionals on an ongoing basis to define and control data
April 21, 2010 63
Data Stewardship Roles Across Data Management Functions - 1
Control the creation, update, and retirement of code values and other reference data, define master data management requirements, identify and help resolve issues
Reference and Master Data Management
Provide security, privacy and confidentiality requirements, identify and resolve data security issues, assist in data security audits, and classify information confidentiality
Data Security Management
Define requirements for data recovery, retention and performance
Help identify, acquire, and control externally sourced data
Data Operations Management
Define data requirements and specifications
Validate physical data models and database designs, participate in database testing and conversion
Data Development
Define data requirements specifications
Integrate specifications, resolving differences
Review and approve the enterprise data architecture
Review, validate, approve, maintain and refine data architecture
Data Architecture Management
Business Data StewardsCoordinating Data Stewards
Executive Data StewardsAll Data Stewards
April 21, 2010 64
Data Stewardship Roles Across Data Management Functions - 2
Define data quality requirements and business rules, test application edits and validations, assist in the analysis, certification, and auditing of data quality, lead clean-up efforts, identify ways to solve causes of poor data quality, promote data quality awareness
Data Quality Management
Create and maintain business metadata (names, meanings, business rules), define metadata access and integration needs and use metadata to make effective data stewardship and governance decisions
Metadata Management
Define enterprise taxonomies and resolve content management issues
Document and Content Management
Provide business intelligence requirements and management metrics, and they identify and help resolve business intelligence issues
Data Warehousing and Business Intelligence Management
Business Data StewardsCoordinating Data Stewards
Executive Data StewardsAll Data Stewards
April 21, 2010 65
Data Strategy
• High-level course of action to achieve high-level goals
• Data strategy is a data management program strategy a plan for maintaining and improving data quality, integrity, security and access
• Address all data management functions relevant to the organisation
April 21, 2010 66
Elements of Data Strategy
• Vision for data management
• Summary business case for data management
• Guiding principles, values, and management perspectives
• Mission and long-term directional goals of data management
• Management measures of data management success
• Short-term data management programme objectives
• Descriptions of data management roles and business units along with a summary of their responsibilities and decision rights
• Descriptions of data management programme components and initiatives
• Outline of the data management implementation roadmap
• Scope boundaries
April 21, 2010 67
Data Strategy
Data Management Scope Statement
Goals and objectives for a defined planning horizon and the
roles, organisations, and individual leaders accountable for achieving these objectives
Data Management Programme Charter
Overall vision, business case, goals, guiding principles,
measures of success, critical success factors, recognised risks
Data Management Implementation
Roadmap
Identifying specific programs, projects, task assignments, and
delivery milestones
April 21, 2010 68
• Statements of intent and fundamental rules governing the creation, acquisition, integrity, security, quality, and use of data and information
• More fundamental, global, and business critical than data standards
• Describe what to do and what not to do
• Should be few data policies stated briefly and directly
Data Policies
April 21, 2010 69
Data Policies
• Possible topics for data policies−Data modeling and other data development activities
−Development and use of data architecture
−Data quality expectations, roles, and responsibilities
−Data security, including confidentiality classification policies, intellectual property policies, personal data privacy policies, general data access and usage policies, and data access by external parties
−Database recovery and data retention
−Access and use of externally sourced data
− Sharing data internally and externally
−Data warehousing and business intelligence
−Unstructured data - electronic files and physical records
April 21, 2010 70
Data Architecture
• Enterprise data model and other aspects of data architecture sponsored at the data governance level
• Need to pay particular attention to the alignment of the enterprise data model with key business strategies, processes, business units and systems
• Includes
−Data technology architecture
−Data integration architecture
−Data warehousing and business intelligence architecture
−Metadata architecture
April 21, 2010 71
Data Standards and Procedures
• Include naming standards, requirement specification standards, data modeling standards, database design standards, architecture standards and procedural standards for each data management function
• Must be effectively communicated, monitored, enforced and periodically re-evaluated
• Data management procedures are the methods, techniques, and steps followed to accomplish a specific activity or task
April 21, 2010 72
Data Standards and Procedures
• Possible topics for data standards and procedures− Data modeling and architecture standards, including data naming conventions,
definition standards, standard domains, and standard abbreviations
− Standard business and technical metadata to be captured, maintained, and integrated
− Data model management guidelines and procedures
− Metadata integration and usage procedures
− Standards for database recovery and business continuity, database performance, data retention, and external data acquisition
− Data security standards and procedures
− Reference data management control procedures
− Match / merge and data cleansing standards and procedures
− Business intelligence standards and procedures
− Enterprise content management standards and procedures, including use of enterprise taxonomies, support for legal discovery and document and e-mail retention, electronic signatures, report formatting standards and report distribution approaches
April 21, 2010 73
Regulatory Compliance
• Most organisations are is impacted by government and industry regulations
• Many of these regulations dictate how data and information is to be managed
• Compliance is generally mandatory
• Data governance guides the implementation of adequate controls to ensure, document, and monitor compliance with data-related regulations.
April 21, 2010 74
Regulatory Compliance
• Data governance needs to work the business to find the best answers to the following regulatory compliance questions− How relevant is a regulation?
− Why is it important for us?
− How do we interpret it?
− What policies and procedures does it require?
− Do we comply now?
− How do we comply now?
− How should we comply in the future?
− What will it take?
− When will we comply?
− How do we demonstrate and prove compliance?
− How do we monitor compliance?
− How often do we review compliance?
− How do we identify and report non-compliance?
− How do we manage and rectify non-compliance?
April 21, 2010 75
Issue Management
• Data governance assists in identifying, managing, and resolving data related issues
− Data quality issues
− Data naming and definition conflicts
− Business rule conflicts and clarifications
− Data security, privacy, and confidentiality issues
− Regulatory non-compliance issues
− Non-conformance issues (policies, standards, architecture, and procedures)
− Conflicting policies, standards, architecture, and procedures
− Conflicting stakeholder interests in data and information
− Organisational and cultural change management issues
− Issues regarding data governance procedures and decision rights
− Negotiation and review of data sharing agreements
April 21, 2010 76
Issue Management, Control and Escalation
• Data governance implements issue controls and procedures
− Identifying, capturing, logging and updating issues
− Tracking the status of issues
−Documenting stakeholder viewpoints and resolution alternatives
−Objective, neutral discussions where all viewpoints are heard
− Escalating issues to higher levels of authority
−Determining, documenting and communicating issue resolutions.
April 21, 2010 77
Data Management Projects
• Data management roadmap sets out a course of action for initiating and/or improving data management functions
• Consists of an assessment of current functions, definition of a target environment and target objectives and a transition plan outlining the steps required to reach these targets including an approach to organisational change management
• Every data management project should follow the project management standards of the organisation
April 21, 2010 78
Data Asset Valuation
• Data and information are truly assets because they have business value, tangible or intangible
• Different approaches to estimating the value of data assets
• Identify the direct and indirect business benefits derived from use of the data
• Identify the cost of data loss, identifying the impacts of not having the current amount and quality level of data
April 21, 2010 79
State of Information and Data Governance
• Information and Data Governance Report, April 2008
− International Association for Information and Data Quality (IAIDQ)
−University of Arkansas at Little Rock, Information Quality Program (UALR-IQ)
• Ponemon Institute 2009 Annual Study Cost of a Data Breach
April 21, 2010 80
Terms Used by Organisations to Describe the Activities Associated with Governing Data
13.7%
10.3%
10.3%
10.8%
17.2%
43.6%
46.6%
55.4%
62.7%
0% 10% 20% 30% 40% 50% 60% 70%
Other
Information Resource
Management
Information Stew ardship
Data Resource
Management
Information Governance
Information Management
Data Stewardship
Data Governance
Data Management
April 21, 2010 81
Your Organisation Recognises and Values Information as a Strategic Asset and Manages it Accordingly
18.5%
39.5%
17.1%
21.5%
3.4%
0% 10% 20% 30% 40% 50%
Strongly Agree
Agree
Neutral
Disagree
Strongly Disagree
April 21, 2010 82
Direction of Change in the Results and Effectiveness of the Organisation's Formal or Informal Information/Data Governance Processes Over the Past Two Years
5.4%
0.0%
3.9%
31.9%
50.0%
8.8%
0% 10% 20% 30% 40% 50% 60% 70%
Don’t Know
Results and Effectiveness Have Significantly
Worsened
Results and Effectiveness Have Worsened
Results and Effectiveness Have Remained
Essentially the Same
Results and Effectiveness Have Improved
Results and Effectiveness Have Significantly
Improved
April 21, 2010 83
Perceived Effectiveness of the Organisation's Current Formal or Informal Information/Data Governance Processes
2.0%
3.9%
19.1%
51.5%
21.1%
2.5%
0% 10% 20% 30% 40% 50% 60% 70%
Don’t Know
Very Poor (No Goals are
Met)
Poor (Few Goals are Met)
OK (Some Goals are Met)
Good (Most Goals are
Met)
Excellent (All Goals are
Met)
April 21, 2010 84
Actual Information/Data Governance Effectiveness vs. Organisation's Perception
11.8%
35.8%
32.4%
20.1%
0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%
Don’t Know
It is Worse Than Most
People Think
It is the Same as Most
People Think
It is Better Than Most
People Think
April 21, 2010 85
Current Status of Organisation's Information/Data Governance Initiatives
6.4%
8.8%
19.1%
13.2%
23.0%
20.1%
7.4%
0.5%
1.5%
0% 5% 10% 15% 20% 25% 30%
Don’t Know
First Interation"in Place for More Than 2 Years
First Iteration Implemented the Past 2 Years
Now Planning an Implementation
Evaluating Alternative Frameworks and Information
Governance Structures
Exploring, Still Seeking to Learn More
None Being Considered - Keeping the Status Quo
Considered a Focused Information/Data Governance
Effort but Abandoned the Idea
Started an Information/Data Governance Initiative, but
Discontinued the Effort
April 21, 2010 86
Expected Changes in Organisation's Information/Data Governance Efforts Over the Next Two Years
2.0%
0.5%
1.0%
10.8%
39.2%
46.6%
0% 10% 20% 30% 40% 50% 60%
Don’t Know
Will Decrease Significantly
Will Decrease Somewhat
Will Remain the Same
Will Increase Somewhat
Will Increase Significantly
April 21, 2010 87
Focus of Information / Data Governance Efforts
9.5%
10.5%
13.1%
16.2%
20.4%
25.1%
31.4%
35.6%
41.9%
46.6%
57.6%
70.2%
0% 10% 20% 30% 40% 50% 60% 70% 80%
Other
Environment, Health and Safety
Maintenance
Equipment and Facilities
Items / Materials
Supply Chain, Vendors, Suppliers
Employees
Sales
Services
Products and Production
Financials
Customers
April 21, 2010 88
Overall Objectives of Information / Data Governance Efforts
2.6%
1.0%
5.2%
35.4%
45.3%
49.6%
55.7%
56.8%
59.4%
65.6%
80.2%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100
%
Don't Know
None Applicable
Other
Involve IT in Data Decisions non-IT Personnel Should
not Make by Themselves
Enable Joint Accountability for Shared Data
Promote Interdependencies and Synergies Between
Departments or Business Units
Involve Non-IT Personnel in Data Decisions IT Should
not Make by Itself
Provide Mechanism to Resolve Data Issues
Increase the Value of Data Assets
Establish Clear Decision Rules and Decisionmaking
Processes for Shared Data
Improve Data Quality
April 21, 2010 89
Primary Activities of Organisation's Information / Data Governance Efforts
10.0%
10.0%
10.0%
13.2%
23.2%
25.3%
27.9%
40.0%
42.6%
43.7%
45.8%
46.8%
47.9%
49.5%
53.7%
58.4%
61.6%
70.5%
0% 10% 20% 30% 40% 50% 60% 70% 80%
Other
Implement Information Product Management
Implement External Data Supplier Management
Implement Internal Information Chain Management
Measure The Value Of High Quality Data
Measure The Costs Of Low Quality Data
Manage Information Products
Support Information Management Problem-Solving And Decision-Making And Providing Processes
For Strategic Alignment.
Guide The Management Of Master Or Reference Data
Support The Development Of An Enterprise Logical Data Model
Support The Access And Use Of Common Corporate Data Through A Focus On Architecture And
Integration
Establish A Common Vocabulary And Culture Around The Deployment Of Data That Ensures Its
Privacy, Compliance, And Security
Provide Oversight And Enforcement Of Data Standards On Every Project That Involves Information
Systems And Technology
Select And Charter Specific Data Quality Improvement Projects
Define And Standardise Common Business Rules Across The Organisation
Support Data Warehouse And Business Intelligence Initiatives
Provide Common Information Strategies, Processes, Policies, And Standards On Behalf Of The
Organisation
Standardise Data Definitions Across The Organisation
April 21, 2010 90
Primary Drivers for Organisation's Information / Data Governance Efforts
8.5%
3.7%
10.1%
12.7%
16.4%
18.0%
22.2%
25.9%
30.2%
31.2%
32.3%
33.3%
46.6%
57.7%
65.6%
0% 10% 20% 30% 40% 50% 60% 70% 80%
Other
Reaction To Competitors' Activity
Product Information Management (PIM) Project
Merger And Acquisition Planning Or Implementation
Enterprise Resource Planning (ERP) Project
Service-Oriented Architecture (SOA) Project
Suffered Major Negative Impact From Bad Data Quality
Customer Data Integration (CDI) Project
Applications / Systems Integration
Master Data Management (MDM) Project
Information Security / Privacy
Enterprise Architecture
Compliance / Risk
Data Warehousing / Business Intelligence
General Desire To Improve The Quality Of Our Data
April 21, 2010 91
Category of Tools Currently Used in Organisation
5.9%
4.3%
5.9%
13.4%
18.7%
20.3%
25.7%
28.9%
39.0%
44.4%
45.5%
48.7%
48.7%
57.2%
66.3%
0% 10% 20% 30% 40% 50% 60% 70% 80%
Other
Rules Discovery Tools
Product Information Management (PIM)
Tools
Customer Data Integration (CDI) Tools
Master Data Management (MDM) Tools
Business Rules Engines
Workflow Tools
Data Relationship Discovery And Mappings
Data Remediation / Cleansing Tools
Metadata Repository
Data Quality Monitoring
Data Matching And Reconciliation (Data
De-Duplication)
Data Modeling (Computer-Aided Software
Engineering)
Extract-Transform-Load (ETL) And Other
Data Integration Tools
Data Quality Analysis, Assessment Or
Profiling
April 21, 2010 92
Functional Area to Which the Leader of the Organisation's Information / Data Governance Effort Reports
8.6%
1.7%
1.7%
5.2%
8.6%
8.6%
17.2%
31.0%
43.1%
0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%
Other
Legal
Purchasing
Marketing
Operations / Manufacturing
Compliance / Risk
Finance
Senior / Executive Management Team
Information Technology
April 21, 2010 93
Number of Levels Between the Organisation's Most Senior Leader and the Person Most Directly in Charge of the Information / Data Governance Effort
7.0%
3.5%
14.0%
22.8%
26.3%
14.0%
12.3%
0% 5% 10% 15% 20% 25% 30%
Don't Know
They are the Same Person
1 Level
2 Levels
3 Levels
4 Levels
5 Levels or More
April 21, 2010 94
Membership of Senior Information / Data Governance Body within an Organisation
7.1%
14.3%
7.1%
33.9%
51.8%
26.8%
26.8%
21.4%
0% 10% 20% 30% 40% 50% 60%
My Organisation Does Not Have any Governance Body for
Information and Data Assets
Junior-Level IT Supervisors / Managers
Junior-Level non-IT Supervisors/Managers
Middle-Level IT Managers
Middle-Level non-IT Managers
C-Level IT Executives
C-Level non-IT Executives
The Senior / Executive Management Team is the Top
Information / Data Governance Body
April 21, 2010 95
Relationship Between Information / Data Governance and Data Quality Leadership
8.8%
17.5%
19.3%
17.5%
36.8%
0% 10% 20% 30% 40% 50% 60%
Other
There is No Specific Individual in Charge of Our Data Quality
Program
Information Governance and Data Quality Are Led by Different
People Who Report to Different Managers
Information Governance and Data Quality Are Led by Different
People Who Report to the Same Manager
Information Governance and Data Quality Are Led by the Same
Person
April 21, 2010 96
Change In Organisation's Information / Data Quality Over the Past Two Years
1.8%
0.0%
3.5%
15.8%
68.4%
10.5%
0% 10% 20% 30% 40% 50% 60% 70% 80%
Don’t Know
Information / Data Quality
Has Significantly Worsened
Information / Data Quality
Has Worsened
Information / Data Quality
Has Remained Essentially
the Same
Information / Data Quality
Has Improved
Information / Data Quality
Has Significantly Improved
April 21, 2010 97
Maturity Of Information / Data Governance Goal Setting And Measurement In Your Organisation
28.9%
28.9%
26.7%
11.8%
3.7%
0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%
1 - Ad-hoc
2 - Repeatable
3 - Defined
4 - Managed
5 - Optimised
April 21, 2010 98
Maturity Of Information / Data Governance Processes And Policies In Your Organisation
22.9%
46.3%
24.5%
4.8%
1.6%
0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%
1 - Ad-hoc
2 - Repeatable
3 - Defined
4 - Managed
5 - Optimised
April 21, 2010 99
Maturity Of Responsibility And Accountability For Information / Data Governance Among Employees In Your Organisation
32.8%
25.4%
31.7%
3.2%
6.9%
0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%
1 - Ad-hoc
2 - Repeatable
3 - Defined
4 - Managed
5 - Optimised
April 21, 2010 100
Average Per Record Cost of a Data Breach 2005 –2009 USD
$138
$182$197 $202 $204
$0
$50
$100
$150
$200
$250
2005 2006 2007 2008 2009
April 21, 2010 101
Average Organisational Cost of a Data Breach 2005 –2009 USD
$4,514,429$4,787,637
$6,355,132$6,655,758 $6,751,451
$0
$1,000,000
$2,000,000
$3,000,000
$4,000,000
$5,000,000
$6,000,000
$7,000,000
$8,000,000
2005 2006 2007 2008 2009