If you and your enterprise are in the process of establishing and implementing a new Data Strategy and Governance (DSG) program or improving your existing DSG program, you’ll want to be clear on the things your DSG program should be concerning itself with. This publication covers the topics that most mature DSG programs concern themselves with in attempt to help you make your own DSG efforts more thorough and fruitful.
A quick note. If you’re wondering why it’s called Data Strategy and Governance (DSG), rather than just Data Governance (DG), consider that it is impossible to implement a good DG if it is not closely aligned with strategy, where governance is proactively planned for, funded, and implemented before your enterprise gets into data trouble (not after you get into trouble), and where governance acts as direct and continuous driver for strategy development.
List of Data Strategy and Governance Dimensions and Concerns
The following list, provided in no particular order, itemizes the most common topics and work areas that most Data Strategy and Governance (DSG) implementations and programs concern themselves with.
To be clear, all data forms and structures such as Structured Data, Semi-Structured Data, and Unstructured Data, all fall within the scope of DSG.
Please note that it is not the intention of this publication to get into the details of each topic area but, rather, to provide a basic understanding of why each is important to DSG.
- Data Ownership and Accountability: This topic most importantly concerns itself with ensuring that clear Organizations have been labeled as Data Owners for specific Data Categories/Types, also ensuring there are clearly defined responsibilities for what it means to be a Data Owner. This topic space also ensures that appropriate roles and responsibilities are established for any other relevant roles that may be needed for your DG program, such as but not limited to Data Managers, Data Stewards, Data Operators, Data Architects, and Data Analysts.
- Data Inventory Management: This topic area goes hand-in-hand with Data Ownership and Accountability. It concerns itself with explicitly ensuring that all Data Categories and their associated Data Inventories are fully accounted for, associated with their appropriate owners, accessible, and being proactively managed by the right people.
- Data Life Cycle: This topic area concerns itself with the various stages of data, from inception, creation, all forms of modification, and eventually its destruction and purging. It is important to note that not all Data Life Cycle is worth your efforts and that this topic area should be applied only to the appropriate types of data that warrant such attention and resources.
- Data-related Knowledge Management (via Libraries & Dictionaries): This topic area concerns itself with ensuring that enterprise stakeholders can answer questions about any and all enterprise data (usually through Data Categories/Types). It heavily leverages Data Inventory Management and concerns itself with the itemization, curation, access to, and transparency of any and all Data Categories/Types and their related sets of Data Inventories; via tools like Libraries (including Catalogs and Indexes) and Dictionaries. This area of concern is especially critical in larger enterprises, where significant time and money can be wasted trying to find answers about or access to the appropriate types of data necessary for solving specific business problems. Because it relies so heavily on Libraries and Dictionaries, this topic area also has a very heavy reliance on the disciplines of Library Management and Lexicography.
- Data Policies, Standards, and Best Practices: This topic area concerns itself with the written and communicated governance constructs that all stakeholders, such as but not limited to employees, consultants, partners, and board members, should follow when working with specific enterprise Data Categories/Types. Such written constructs govern things like the storage, access, and use of data. They are also heavily integrated into broader Governance, Risk Management, and Compliance (GRC) functions, which also concern themselves with Policies, Standards, and Best Practices that include and go beyond data.
- Data Processes and Procedures: This topic area concerns itself with the specific steps taken by humans and systems to deal with any data functions, such as creation, storage, formatting, access, communications, etc.
Such processes and procedures have a heavy reliance on governance constructs, such as Data Policies, Standards, and Best Practices.
- Data Access and Availability: This topic area concerns itself with the means for making appropriate data available to appropriate people, organizations, and systems at the right times, in the right ways, at the appropriate levels of quality, for the appropriate costs. This is also an area where tools like Microservices and capabilities that support Business Intelligence and Reporting become important.
- Data Contracts, Agreements, and Licenses: This topic area concerns itself with any binding artifacts, such as contracts, licenses, and any other legal agreements, for both providers of data and consumers of data.
- Data-Related Intellectual Property: This topic area is concerned with any form of Intellectual Property (IP) or Intellectual Capital (IC) that is associated with any data or data-related solutions for the enterprise. It also has a very significant reliance on Data Contracts, Agreements, and Licenses.
- Data Capabilities: This topic area concerns itself with the various human and technical abilities that are necessary for an enterprise to deal with any and all data, in any and all manners, which are appropriate for that enterprise.
- Data Services: This topic area concerns itself with the human and technical services that are required and put in place in order to facilitate any and all Data Capabilities necessary for an enterprise. For example,
such services can address access, collection, downloading/loading, processing, transformation, communications (reception/transmission), and any other relevant capabilities.
- Data Technologies and Tools: This topic concerns itself with any and all technologies and tools that are necessary to enable, deliver, and support all Data Capabilities and Services, along with any and all other topics covered herein. For a large enterprise, this list can be and usually is very large.
- Data Skills & Resources: This topic area concerns itself with the required skills and people who can help plan for, deliver, manage, operate, and/or support any of the different topics discussed in this publication.
- Data Lineage: This topic area concerns itself with the linkages and forms of data, across people, organizations, and systems. It heavily utilizes Data Interfaces and covers where data is, where it came from, where it’s going, where and how it gets transformed, how it gets transported, etc.
- Data Architecture and Design: This topic area concerns itself with the design of data and data related solutions (e.g. Types, Structures, Processes, Procedures, Systems, etc.) that enable enterprise-specific Data Capabilities and Services.
- Data Quality and Trust: This topic area concerns itself with how usable your data is. It has a strong reliance on Data Inventory Management and classifying Sources of Truth (SoTs). (Read more about Understanding different Data Source Types, Levels of Trust, and Sources of Truth.) This area also concerns itself with functions such as Master Data Management (MDM) and Reference Data Management (RDM) since such activities are all about raising the stability and quality of data.
- Data Security: While Data Access is concerned with ensuring that the right people have access to the right data, at the right times, and in the right ways, Data Security more specifically is concerned with ensuring that the wrong people don’t access your data, especially in the cases of avoiding intentional Data Breaches that can lead to outcomes like Brand Damage, Revenue Damage, Litigation, Fines, etc.
- Data Confidentiality Levels: This topic area concerns itself with the tracking of which Data Categories and Inventories do or do not contain specific types of Confidential Data. For example, this topic area concerns itself with knowing which Data Categories contain Personal Credit Information (PCI), Personal Identification Information (PII), and/or Personal Health Information (PHI).
- Data History: This topic area concerns itself with all forms of data history and versioning to support stakeholders and systems that rely on such views of data to perform work.
- Data Relationships and Impacts: This topic area goes far beyond Data Lineage and concerns itself with the semantic linkages between data and other data, people, places, and things. The outcome of knowing such relationships helps with critical functions like Knowledge Management and Impact Analysis, especially for the purposes of strategy development, change management, and incident management. Understanding such relationships also becomes critical for most other DSG areas of concern, which are expressed throughout this publication.
- Data as Evidence (i.e. Records Management): A very critical concern for any Data Strategy and Governance program is its tie to general Governance, Risk Management, and Compliance (GRC) as a means of supporting things like litigation and audits. As a result, Data Records Management is a critical sub-area of and integrated link to GRC.
- Data Risk: This topic area concerns itself with the various forms of risk that may be associated with your enterprise data and the impacts such a risk can have on appropriate enterprise stakeholders. For example, Data Breach Risk, Legal Risk, Brand Risk, Revenue Risk, etc.
- Data Roadmaps: Data Roadmaps are the foundation for understanding and defining, both, tactical and strategic data-related work. Each roadmap represents a summary of one or more Transition Plans that are depicted through high-level timelines (usually via Phases or Dates). Such roadmaps are used to communicate summaries change and improvements for more detailed work Initiative, Programs, and Projects.
Summary and Conclusions
Data Strategy and Governance (DSG) is a complex issue that concerns itself with many different areas. The primary areas of concern have been summarized, herein, and represent a set of dimensions that all DSG programs should strive to address. While it is not the responsibility of DSG leadership to get into the details for each of the above areas, it is their concern to ensure that each area has clear ownership and accountability and that each is somehow being addressed to the best of the enterprise’s ability.
The concerns summarized herein act as a foundation for maturity model. Each area can be listed and given a Current State Maturity Score (CS-MS) and, given a desired Future State Maturity Score (FS-MS), can be used to help you and your enterprise develop transition strategies, plans, and roadmaps for maturing each individual area to your desired Future State.
If you are an Enterprise Data Architect and your enterprise does not have a DSG program, you may want to consider the above as a framework for getting started. You can start with your own assessments of each of the above concerns and work with your enterprise to develop a desired Future State plan that helps you communicate needs, desires, and critical gaps. Such assessments become critical when attempting to justify and establish budgets for work. (Note that a good plan shows incremental maturity improvements occurring at multiple future state points in time.)
A mature DSG program will also establish continuous feedback loops that monitor and govern the Current State for each area of concern. Such feedback loops will tie data (e.g. issues, desires, new requirements) back into the strategy development and execution process that drives each area and which, in turn, helps drive continuous change and improvement.