Implementing Effective Data Governance
In the third of our series of data management blogs, we look at data governance. The first blog described the symptoms of poor data management, the second looked at metadata tooling. Here, we bring the themes together.
Data governance done badly can be expensive, time consuming, and can easily lead to fruitless bureaucracy. However, without it, the enterprise can be exposed to unreliable data quality, poorly understood data in divergent architectures, unpredictable impacts from IT change, and poor adherence to information security and regulatory obligations.
Whether you are just embarking on the data governance journey or adjusting your current direction, we recommend making a clear statement of what you expect your governance to deliver for the firm and keeping sight of that during the journey. Our view of its function and benefit is described below.
What is the objective of data governance?
Enterprise data is an asset, and it needs to be governed well so that it is:
- Usable: data must be accessible to users, and available through tools the business can use to solve problems
- Understood: knowing the source, meaning, lineage, lifecycle and purpose of your data is critical to appropriate usage and to developing quality insights
- Reliable: timely, correct and complete data, which is fit for purpose
- Secure: technical and procedural controls which prevent data leakage through carelessness or malicious intent
- Compliant: e.g. with external regulation, privacy laws, internal policies, etc.
Data governance ensures continuous attention to and management of these facets over time. Each facet can be improved in isolation, but it can only retain the appropriate standard and deliver value if effective and efficient processes, policies, oversight, measures and controls are in place.
How is effective data governance implemented?
Modern data governance considers data to be an enterprise-wide shared asset and introduces management principles and processes around it. Typically, this requires the creation of some new roles and forums, including: a Data Officer, Data Owners, a Data Governance Committee, a Data Management Office and Data Architects.
The key is that data governance structure is data-centric, permanent, and is led by the business. Data is owned and generated by the business. Clearly, IT has a huge part to play in providing custody of key business data through the lifecycle, and will also generate data in its own right through systems processing, monitoring, logs, cost recovery data, etc.
This structure oversees the critical elements of the data governance framework.
Data Strategy: This is the long-term playbook for the governance process. It includes the firm’s vision for data, the Governance Operating Model, and the data architecture roadmap.
The operating model needs to establish clear data ownership across the enterprise, the forums to enforce governance policy, data processes, and clarity on the roles and responsibilities for data across the organisation. Citihub have developed a standardised data governance operating model to assist with this, if needed.
Change Management: This manages compliance with the data strategy. It includes monitoring progress towards the target data architecture and policing the adoption and implementation of data management standards (eg adherence to an enterprise data model, or mandatory messaging formats, etc). The change management function must integrate with the existing change lifecycle and data lifecycle management (DLM) controls.
MetaData Management: This is a key enabler of effective data governance. Metadata supports:
- Usability by supporting discovery of datasets within the firm (you cannot access data if you don’t know it exists).
- Understanding through documenting data definitions, relationships and sources providing contextual attributes allowing datasets to be usable and relatable across different enterprise processes.
- Security through correct categorisation, mapping data distribution and access, etc.
- Compliance which requires metadata to know which policies should apply, and what systems are in scope.
Data Quality: Data quality is often misunderstood in the context and role of data governance. Whilst the activities of data quality management are federated across data owners, activities driven by data governance include stipulating the inclusion of quality metrics in business dashboards, setting and monitoring quality targets, and achieving data quality standards during system testing and continuous improvement. A long-term, iterative focus on quality will be necessary to improve quality over time.
Information Security: This is an area of data governance that most firms have a good handle on, albeit from a systems rather than data-centric perspective. For example, access rights are typically granted at a systems level, but this does not align with data as an enterprise shared asset. Often, data is treated with the same ‘least privilege’ access approach, making it difficult for data to be utilised effectively in the enterprise. There is an emerging view that entitlements should be managed in a data-centric and functional way and technology is emerging to make this feasible.
Policies and Procedures: These need to be fit for purpose and understood by the actors in the governance process (the Data Officer, the Data Architects, the Data Owners, etc). Note that policies do not change data – processes do. So the data governance function must identify the processes which are expected to manage each facet of the data, and must scrutinise the execution/result of the process to ensure it is delivering what was expected (quality metrics are an example of this).
But hang on… data has traditionally been managed through IT/Business projects – why change that approach? Why centralise data management operations?
Firms are recognising that much of the data they generate should be treated as an enterprise-wide asset. Core reference data such as products and customers clearly is but, for example, transactional, financial, and risk data also have uses across the enterprise with every consumer invested in the usability and reliability of the sources. Just as financial assets, human resources or IT Infrastructure requires a centralised department for effective management, shared data assets also benefit from a central focus ensuring a holistic view of data quality, flows, compliance, security and usage.
Furthermore, we increasingly see regulators insisting that firms have a clear understanding of their data and the inputs into decisions that are taken, and that appropriate controls to maintain that data are in place. In response, many firms are centralising responsibility for meeting these obligations and also looking to improve the intrinsic and utilitarian value of their enterprise data across other functions such as Sourcing, Supply Chain Management, Cost Transparency, Spend Management, Vulnerability Management, Cybersecurity, and Business Continuity.
Modern data governance teams are data-centric, not project or system aligned, and their role is to support proper development, control, and improve overall value of the firm’s data assets.
How can Citihub Help?
Citihub have experience of implementing effective and practical data governance from the ground up.
If you already have data governance in place but are uncertain of the efficiency or benefit, we can assess the effectiveness of your existing solution. Our maturity model assessment will establish and measure coverage of the key elements, and our practical know-how will assess the effectiveness of existing processes and operating models to realise your policy objectives.
If you have not yet started the journey, we can lead your organisation through the adoption process, shaping and guiding the creation of the operating model including establishing data ownership and establishing oversight forums, and design an implementation to work alongside your existing organisational processes.
We have experience and partnerships with some of the leading data governance tools. We can work with you to capture the key metadata (i.e. glossary, lineage, etc) and implement appropriate data controls, documentation, workflows, and mapping to regulation and policy.
Above all, we believe data governance has to be practical and effective and must deliver real benefit to an organisation.
Whether you are just embarking on the data governance journey or adjusting your current direction, we recommend making a clear statement of what you expect your governance to deliver for the firm and keeping sight of that during the journey.
NYU partnered with Citihub to offer a course on public cloud security technologies
Citihub was recently added as an industry partner to New York University’s (NYU Tandon) Cyber Security program. Exclusive to NYU Cyber...
Ian Tivey & Jim Oulton Named Technical Directors
Ian Tivey and Jim Oulton have been promoted to Technical Directors, a role reserved for senior leaders in Citihub who provide...
In the press
Using a ‘Three Lines of Defense’ Program to Balance Development Stakeholder Needs
Using the NIST three layers of defence as a framework, Citihub’s Glen Notman outlines how to leverage agile development capabilities and underpin them...
In the press
The Balancing Act
In this podcast, we will go into the details of how the “technical” automation-for-speed perspective is shifting to a “business-centric” perspective...
Life (and work) in the time of Corona
Less than two months after starting his job at Citihub, Senior Consultant Luis Carrazana, together with the rest of New York,...
In the press
Role of Security in a Digital First Enterprise
Join Citihub’s Glen Notman as he injects practical insights on how to enable security practices in a digital enterprise.
In the press
Compliance Challenges in a Lockdown World
The ongoing coronavirus crisis has changed business norms around the world, but as organisations struggle to come to terms with large-scale...
In the press
Institutionalizing DevSecOps in the Large Enterprise
Citihub’s Chris Zanelli, joined by several industry peers, will discuss topics across DevOps & DevSecOps, Enterprise Compliance as Code, Cloud Compliance...
Military Veterans are Welcome at Citihub Digital
This Memorial Day, when the rest of the United States of America will pay tribute to the military personnel who have...