A data governance policy is a documented set of guidelines for ensuring that an organization's data and information assets are managed consistently and used properly. Such guidelines typically include individual policies for data quality, access, security, privacy and usage, and they specify different roles and responsibilities for implementing those policies and monitoring compliance with them.
A well-crafted policy is the foundation of an organization's data governance program. The data governance policy should articulate the principles, practices and standards that senior business and IT leaders have determined are necessary to ensure that the organization has high-quality data and that its data assets are protected against both internal misuse and external threats.
Ideally, the policy-forming group, called a data governance committee or data governance council, is primarily made up of business executives and other data owners. The policy document this group creates, in a process coordinated by data governance managers, clearly defines the organization's data governance structure and a set of governance rules and procedures for the executive team, business managers, data analysts and operational workers to follow.
For example, a data governance policy formally outlines how data processing and data management should be carried out to make sure that data is accurate, consistent and accessible throughout an organization's systems. The policy also establishes who is responsible for data under various circumstances. In addition, it can incorporate risk management and data ethics principles to reduce potential business problems from the improper use of data.
A data governance policy is a living document: It must be flexible, and an organization should be ready to quickly modify it in response to changing business or data needs. Furthermore, an effective policy requires a cross-discipline approach to data governance, with input from senior management, the legal department and other business stakeholders, as well as the IT department.
The importance of a data governance policy is tied directly to the benefits of a strong data governance program and the value of data itself. Starting in the 20th century and accelerating in the last few decades, data became one of the most valuable assets held by organizations, which increasingly use it to drive both tactical and strategic business decisions.
It also now powers automation, machine learning and artificial intelligence initiatives that can streamline and improve business processes. In addition, data enables the creation of new products and services. For example, manufacturers found that they could use their product data to analyze performance and predict when scheduled maintenance will be needed at customer sites.
However, data is only a valuable asset if it meets an organization's needs and is accurate and used consistently throughout the organization. That creates a strategic imperative to govern data and the need for a comprehensive policy to underpin the governance program.
Such a policy helps establish a data governance framework that provides the following:
A successful policy also helps ensure that the enterprise data governance structure supports the organization's strategic vision for its data management and analytics programs, whether the main goal is using data to drive new revenue, develop new products and services, fuel broader digital transformation initiatives or achieve another business objective.
To aid in meeting such goals, data governance policies include a data stewardship function that's responsible for overseeing data sets and ensuring that governance rules and procedures are implemented. Governance policies can also be aligned with ones for other corporate management processes, such as business process management and enterprise risk management.
As mentioned above, a data governance policy sets various types of data-related rules. In that sense, it can be seen as a collection of policies that cover different parts of the governance process. The common aspects of a governance policy include the following:
Beyond the business representatives on the data governance committee, the policy-making process should include legal, compliance and risk management executives, plus IT and security leaders and the chief data officer -- or, if an organization doesn't have a CDO, the executive charged with overseeing enterprise data.
They should help determine who is responsible for different data assets, the business risks associated with those assets and what regulatory requirements apply to the organization's data, as well as what the requirements entail for compliance efforts. Once those assessments are done, the data governance committee should use the information in developing the data governance policy's rules and procedures.
The following are some specific steps typically taken by data governance proponents and then the committee and members of a data governance team as part of creating a governance policy:
Once the data governance policy is in place, it should be reviewed on a regular basis and updated when necessary to ensure that it continues to meet business needs and doesn't become outdated.
Data governance policies often are structured differently from organization to organization. Their length and level of detail can also vary. In general, though, a policy typically includes the following components:
Many organizations have posted their data governance policies online. Most of them are government agencies or academic institutions, but their policies may be able to serve as models for a governance policy in a business. Templates for creating a data governance framework that are available from educational and professional organizations, such as the Data Governance Institute and DAMA International, may also be able to help guide policy development. Some data governance software vendors also offer templates and methodologies for creating a governance framework.
Although such templates can help organizations plan their approach to creating a data governance policy, some consultants have cautioned against relying on them -- at least exclusively -- because a strong, well-crafted governance policy must meet the individual needs of each organization.
04 Aug 2022