Data Governance: Keystone of Information Management Initiatives
Upcoming SlideShare
Loading in...5
×
 

Data Governance: Keystone of Information Management Initiatives

on

  • 12,075 views

To provide an overview of the importance and relevance of data governance as part of an information management initiative

To provide an overview of the importance and relevance of data governance as part of an information management initiative

Statistics

Views

Total Views
12,075
Views on SlideShare
12,021
Embed Views
54

Actions

Likes
10
Downloads
1,809
Comments
3

4 Embeds 54

http://www.slideshare.net 48
http://www.linkedin.com 3
https://tasks.crowdflower.com 2
http://health.medicbd.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
  • Dear Alan,

    You have real pedagogical talents. Thank you so much for sharing this outstanding presentation.
    Are you sure you want to
    Your message goes here
    Processing…
  • the downloaded pdf is corrupted. Please fix it. Thanks a lot !
    Are you sure you want to
    Your message goes here
    Processing…
  • The world is made a better place to stay by the guys like you, who provide some solutions to problems at hand. it is both a challenge and privilege to join this group. thanks for the good stuff found here
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Data Governance: Keystone of Information Management Initiatives Data Governance: Keystone of Information Management Initiatives Presentation Transcript

  • Data Governance: Keystone of Information Management Initiatives Alan McSweeney
  • Objectives • To provide an overview of the importance and relevance of data governance as part of an information management initiative April 21, 2010 2
  • Agenda • Data Management Issues • Data Governance and Data Management Frameworks • Approach to Data Governance • State of Information and Data Governance April 21, 2010 3
  • Data Governance • Provides an operating discipline for managing data and information as a key enterprise asset • Includes organisation, processes and tools for establishing and exercising decision rights regarding valuation and management of data • Elements of data governance − Decision making authority − Compliance − Policies and standards − Data inventories − Full lifecycle management − Content management − Records management, − Preservation and disposal − Data quality − Data classification − Data security and access − Data risk management − Data valuation April 21, 2010 4
  • Data Management Issues • Discovery - cannot find the right information • Integration - cannot manipulate and combine information • Insight - cannot extract value and knowledge from information • Dissemination - cannot consume information • Management – cannot manage and control information volumes and growth April 21, 2010 5
  • Data Management Problems – User View • Managing Storage Equipment • Application Recoveries / Backup Retention • Vendor Management • Power Management • Regulatory Compliance • Lack of Integrated Tools • Dealing with Performance Problems • Data Mobility • Archiving and Archive Management • Storage Provisioning • Managing Complexity • Managing Costs • Backup Administration and Management • Proper Capacity Forecasting and Storage Reporting • Managing Storage Growth April 21, 2010 6
  • Information Management Challenges • Explosive Data Growth − Value and volume of data is overwhelming − More data is see as critical − Annual rate of 50+% percent • Compliance Requirements − Compliance with stringent regulatory requirements and audit procedures • Fragmented Storage Environment − Lack of enterprise-wide hardware and software data storage strategy and discipline • Budgets − Frozen or being cut April 21, 2010 7
  • Information Management Issues • 52% of users don’t have confidence in their information • 59% of managers miss information they should have used • 42% of managers use wrong information at least once a week • 75% of CIOs believe they can strengthen their competitive advantage by better using and managing enterprise data • 78% of CIOs want to improve the way they use and manage their data • Only 15% of CIOs believe that their data is currently comprehensively well managed April 21, 2010 8
  • Data Quality • Poor data quality costs real money • Process efficiency is negatively impacted by poor data quality • Full potential benefits of new systems not be realised because of poor data quality • Decision making is negatively affected by poor data quality April 21, 2010 9
  • Information • Information in all its forms – input, processed, outputs – is a Applications core component of any IT system • Applications exist to process data supplied by users and other applications Processes Information • Data breathes life into applications IT Systems • Data is stored and managed by infrastructure – hardware and software • Data is a key organisation asset with a substantial value People Infrastructure • Significant responsibilities are imposed on organisations in managing data April 21, 2010 10
  • Data, Information and Knowledge • Data is the representation of facts as text, numbers, graphics, images, sound or video • Data is the raw material used to create information • Facts are captured, stored, and expressed as data • Information is data in context • Without context, data is meaningless - we create meaningful information by interpreting the context around data • Knowledge is information in perspective, integrated into a viewpoint based on the recognition and interpretation of patterns, such as trends, formed with other information and experience • Knowledge is about understanding the significance of information • Knowledge enables effective action April 21, 2010 11
  • Data, Information, Knowledge and Action Knowledge Action Information Data April 21, 2010 12
  • Information is an Organisation Asset • Tangible organisation assets are seen as having a value and are managed and controlled using inventory and asset management systems and procedures • Data, because it is less tangible, is less widely perceived as a real asset, assigned a real value and managed as if it had a value • High quality, accurate and available information is a pre-requisite to effective operation of any organisation • Information is a high-value asset of any enterprise • What do you do when you have something valuable − Retain it − Protect it − Manage it April 21, 2010 13
  • Data Management and Project Success • Data is fundamental to the effective and efficient operation of any solution − Right data − Right time − Right tools and facilities • Without data the solution has no purpose • Data is too often overlooked in projects • Project managers frequently do not appreciate the complexity of data issues April 21, 2010 14
  • Generalised Information Management Lifecycle Enter, Create, Acquire, • Generalised lifecycle that Derive, Update, Capture differs for specific information types Store, Manage, M an Replicate and Distribute ag e, Co nt ro la nd Ad Protect and Recover mi n is t er • Design, define and implement framework to manage Archive and Recall information through this lifecycle Delete/Remove April 21, 2010 15
  • Generalised Information Management Lifecycle • Need to implement management frameworks and associated solutions to automate the information lifecycle Data Governance Framework Data Architecture to Implement Data Governance Data Infrastructure to Implement Data Architecture Data Operations to Manage Data Infrastructure April 21, 2010 16
  • Expanded Generalised Information Management Lifecycle Plan, Design and Specify De Implement sig Underlying n, Im Infrastructure ple m en Enter, Create, t, M Acquire, Derive, an ag Update, Capture e, Co nt Store, Manage, ro la Replicate and nd Distribute Ad mi ni ste r • Include phases for information Protect and Recover management lifecycle design and implementation of Archive and Recall appropriate hardware and software to actualise lifecycle Delete/Remove April 21, 2010 17
  • Objectives of Implementing Solutions to Deliver Generalised Information Management Lifecycle • Establish effective policies for lifecycle enterprise information management to control data growth and lower information management costs • Meet service level goals to ensure the timely completion of key business processes for mission-critical applications • Support appropriate data retention compliance initiatives and mitigate risk for compliance, audits and legal discovery requests • Support appropriate data retention compliance requirements and mitigate risk for compliance, audits and legal discovery requests that keep historical transaction records accessible until legal retention periods expire • Implement scalable archiving strategies that easily adapt to ongoing business requirements • Improve application portfolio management to decommission redundant applications and simplify the IT infrastructure • Manage application information growth and its impact on service levels, operational costs and risks as well as storage requirements • Manage data quality, consistency, security, privacy and accuracy April 21, 2010 18
  • Data and Information Management • Data and information management is a business process consisting of the planning and execution of policies, practices, and projects that acquire, control, protect, deliver, and enhance the value of data and information assets April 21, 2010 19
  • Data and Information Management To manage and utilise information as a strategic asset To implement processes, policies, infrastructure and solutions to govern, protect, maintain and use information To make relevant and correct information available in all business processes and IT systems for the right people in the right context at the right time with the appropriate security and with the right quality To exploit information in business decisions, processes and relations April 21, 2010 20
  • Data Management Goals • Primary goals − To understand the information needs of the enterprise and all its stakeholders − To capture, store, protect, and ensure the integrity of data assets − To continually improve the quality of data and information, including accuracy, integrity, integration, relevance and usefulness of data − To ensure privacy and confidentiality, and to prevent unauthorised inappropriate use of data and information − To maximise the effective use and value of data and information assets April 21, 2010 21
  • Data Management Goals • Secondary goals − To control the cost of data management − To promote a wider and deeper understanding of the value of data assets − To manage information consistently across the enterprise − To align data management efforts and technology with business needs April 21, 2010 22
  • Triggers for Data Management Initiative • When an enterprise is about to undertake architectural transformation, data management issues need to be understood and addressed • Structured and comprehensive approach to data management enables the effective use of data to take advantage of its competitive advantages April 21, 2010 23
  • Data Management Principles • Data and information are valuable enterprise assets • Manage data and information carefully, like any other asset, by ensuring adequate quality, security, integrity, protection, availability, understanding and effective use • Share responsibility for data management between business data owners and IT data management professionals • Data management is a business function and a set of related disciplines April 21, 2010 24
  • Organisation Data Management Function • Business function of planning for, controlling and delivering data and information assets • Development, execution, and supervision of plans, policies, programs, projects, processes, practices and procedures that control, protect, deliver, and enhance the value of data and information assets • Scope of the data management function and the scale of its implementation vary widely with the size, means, and experience of organisations • Role of data management remains the same across organisations even though implementation differs widely April 21, 2010 25
  • Scope of Complete Data Management Function Metadata Data Data Management Governance Warehousing and Business Intelligence Data Management Development Data Data Security Quality Management Management Data Reference and Operations Master Data Management Management Data Document and Architecture Content Management Management April 21, 2010 26
  • Data Governance • Capstone of Data Management Data Governance initiatives Database Architecture Management Data Warehousing and Business Intelligence Management Data Quality Management Metadata Management Data Security Management Data Development Data Operations Reference and Master Document and Content Management Data Management Management April 21, 2010 27
  • Objectives of Data Governance • Guide information management decision-making • Ensure information is consistently defined and well understood • Increase the use and trust of data as an organisation asset • Improve consistency of projects across the organisation • Ensure regulatory compliance • Eliminate data risks April 21, 2010 28
  • Shared Role Between Business and IT • Data management is a shared responsibility between data management professionals within IT and the business data owners representing the interests of data producers and information consumers • Business data ownership is the concerned with accountability for business responsibilities in data management • Business data owners are data subject matter experts • Represent the data interests of the business and take responsibility for the quality and use of data April 21, 2010 29
  • Why Develop and Implement a Data Management Framework? • Improve organisation data management efficiency • Deliver better service to business • Improve cost-effectiveness of data management • Match the requirements of the business to the management of the data • Embed handling of compliance and regulatory rules into data management framework • Achieve consistency in data management across systems and applications • Enable growth and change more easily • Reduce data management and administration effort and cost • Assist in the selection and implementation of appropriate data management solutions • Implement a technology-independent data architecture April 21, 2010 30
  • Data Governance and Data Management Frameworks April 21, 2010 31
  • Data Governance and Data Management Frameworks • DMBOK - Data Management Book of Knowledge • TOGAF - The Open Group Architecture Framework • COBIT - Control Objectives for Information and related Technology April 21, 2010 32
  • DMBOK, TOGAF and COBIT Can be a DMBOK Is a Specific and Precursor to Comprehensive Data Implementing Oriented Framework Data Management DMBOK Provides Detailed for Definition, Implementation and TOGAF Defines the Process Operation of Data for Creating a Data Management and Utilisation Architecture as Part of an Overall Enterprise Architecture Can Provide a Maturity Model for Assessing Data Management COBIT Provides Data Governance as Part of Overall IT Governance April 21, 2010 33
  • DMBOK, TOGAF and COBIT – Scope and Overlap DMBOK Data Development Data Operations Management Reference and Master Data Management Data Warehousing and Business Intelligence Management TOGAF Document and Content Management Metadata Management Data Quality Management Data Architecture Management Data Management Data Migration Data Governance Data Security COBIT Management April 21, 2010 34
  • Data Management Book of Knowledge (DMBOK) • DMBOK is a generalised and comprehensive framework for managing data across the entire lifecycle • Developed by DAMA (Data Management Association) • DMBOK provides a detailed framework to assist development and implementation of data management processes and procedures and ensures all requirements are addressed • Enables effective and appropriate data management across the organisation • Provides awareness and visibility of data management issues and requirements April 21, 2010 35
  • Data Management Book of Knowledge (DMBOK) • Not a solution to your data management needs • Framework and methodology for developing and implementing an appropriate solution • Generalised framework to be customised to meet specific needs • Provide a work breakdown structure for a data management project to allow the effort to be assessed • No magic bullet April 21, 2010 36
  • Data Management-Related Frameworks • TOGAF (and other enterprise architecture standards) define a process for arriving an at enterprise architecture definition, including data • TOGAF has a phase relating to data architecture • TOGAF deals with high level • DMBOK translates high level into specific details • COBIT is concerned with IT governance and controls: − IT must implement internal controls around how it operates − The systems IT delivers to the business and the underlying business processes these systems actualise must be controlled – these are controls external to IT − To govern IT effectively, COBIT defines the activities and risks within IT that need to be managed • COBIT has a process relating to data management • Neither TOGAF nor COBIT are concerned with detailed data management design and implementation April 21, 2010 37
  • TOGAF and Data Management • Phase C1 (subset of Phase C) relates to Phase A: Architecture defining a data Vision Phase H: Phase B: architecture Architecture Business Change Architecture Management Phase C1: Data Architecture Phase G: Phase C: Requirements Information Implementation Management Systems Governance Architecture Phase C2: Solutions and Application Phase F: Phase D: Architecture Migration Technology Planning Architecture Phase E: Opportunities and Solutions April 21, 2010 38
  • TOGAF Phase C1: Information Systems Architectures - Data Architecture - Objectives • Purpose is to define the major types and sources of data necessary to support the business, in a way that is: − Understandable by stakeholders − Complete and consistent − Stable • Define the data entities relevant to the enterprise • Not concerned with design of logical or physical storage systems or databases April 21, 2010 39
  • TOGAF Phase C1: Information Systems Architectures - Data Architecture - Overview Phase C1: Information Systems Architectures - Data Architecture Approach Elements Inputs Steps Outputs Key Considerations for Data Reference Materials External to the Select Reference Models, Architecture Enterprise Viewpoints, and Tools Develop Baseline Data Architecture Architecture Repository Non-Architectural Inputs Description Develop Target Data Architecture Architectural Inputs Description Perform Gap Analysis Define Roadmap Components Resolve Impacts Across the Architecture Landscape Conduct Formal Stakeholder Review Finalise the Data Architecture Create Architecture Definition Document April 21, 2010 40
  • TOGAF Phase C1: Information Systems Architectures - Data Architecture - Approach - Key Considerations for Data Architecture • Data Management − Important to understand and address data management issues − Structured and comprehensive approach to data management enables the effective use of data to capitalise on its competitive advantages − Clear definition of which application components in the landscape will serve as the system of record or reference for enterprise master data − Will there be an enterprise-wide standard that all application components, including software packages, need to adopt − Understand how data entities are utilised by business functions, processes, and services − Understand how and where enterprise data entities are created, stored, transported, and reported − Level and complexity of data transformations required to support the information exchange needs between applications − Requirement for software in supporting data integration with external organisations April 21, 2010 41
  • TOGAF Phase C1: Information Systems Architectures - Data Architecture - Approach - Key Considerations for Data Architecture • Data Migration − Identify data migration requirements and also provide indicators as to the level of transformation for new/changed applications − Ensure target application has quality data when it is populated − Ensure enterprise-wide common data definition is established to support the transformation April 21, 2010 42
  • TOGAF Phase C1: Information Systems Architectures - Data Architecture - Approach - Key Considerations for Data Architecture • Data Governance − Ensures that the organisation has the necessary dimensions in place to enable the data transformation − Structure – ensures the organisation has the necessary structure and the standards bodies to manage data entity aspects of the transformation − Management System - ensures the organisation has the necessary management system and data-related programs to manage the governance aspects of data entities throughout its lifecycle − People - addresses what data-related skills and roles the organisation requires for the transformation April 21, 2010 43
  • TOGAF Phase C1: Information Systems Architectures - Data Architecture - Outputs • Refined and updated versions of the Architecture Vision phase deliverables − Statement of Architecture Work − Validated data principles, business goals, and business drivers • Draft Architecture Definition Document − Baseline Data Architecture − Target Data Architecture • Business data model • Logical data model • Data management process models • Data Entity/Business Function matrix • Views corresponding to the selected viewpoints addressing key stakeholder concerns − Draft Architecture Requirements Specification • Gap analysis results • Data interoperability requirements • Relevant technical requirements • Constraints on the Technology Architecture about to be designed • Updated business requirements • Updated application requirements − Data Architecture components of an Architecture Roadmap April 21, 2010 44
  • COBIT Structure COBIT Plan and Organise (PO) Acquire and Implement (AI) Deliver and Support (DS) Monitor and Evaluate (ME) DS1 Define and manage service ME1 Monitor and evaluate IT PO1 Define a strategic IT plan AI1 Identify automated solutions levels performance PO2 Define the information AI2 Acquire and maintain ME2 Monitor and evaluate DS2 Manage third-party services architecture application software internal control PO3 Determine technological AI3 Acquire and maintain DS3 Manage performance and ME3 Ensure regulatory direction technology infrastructure capacity compliance PO4 Define the IT processes, AI4 Enable operation and use DS4 Ensure continuous service ME4 Provide IT governance organisation and relationships PO5 Manage the IT investment AI5 Procure IT resources DS5 Ensure systems security PO6 Communicate management AI6 Manage changes DS6 Identify and allocate costs aims and direction AI7 Install and accredit solutions PO7 Manage IT human resources DS7 Educate and train users and changes DS8 Manage service desk and PO8 Manage quality incidents PO9 Assess and manage IT risks DS9 Manage the configuration PO10 Manage projects DS10 Manage problems DS11 Manage data DS12 Manage the physical environment DS13 Manage operations April 21, 2010 45
  • COBIT and Data Management • COBIT objective DS11 Manage Data within the Deliver and Support (DS) domain • Effective data management requires identification of data requirements • Data management process includes establishing effective procedures to manage the media library, backup and recovery of data and proper disposal of media • Effective data management helps ensure the quality, timeliness and availability of business data April 21, 2010 46
  • COBIT and Data Management • Objective is the control over the IT process of managing data that meets the business requirement for IT of optimising the use of information and ensuring information is available as required • Focuses on maintaining the completeness, accuracy, availability and protection of data • Involves taking actions − Backing up data and testing restoration − Managing onsite and offsite storage of data − Securely disposing of data and equipment • Measured by − User satisfaction with availability of data − Percent of successful data restorations − Number of incidents where sensitive data were retrieved after media were disposed of April 21, 2010 47
  • COBIT Process DS11 Manage Data • DS11.1 Business Requirements for Data Management − Establish arrangements to ensure that source documents expected from the business are received, all data received from the business are processed, all output required by the business is prepared and delivered, and restart and reprocessing needs are supported • DS11.2 Storage and Retention Arrangements − Define and implement procedures for data storage and archival, so data remain accessible and usable − Procedures should consider retrieval requirements, cost-effectiveness, continued integrity and security requirements − Establish storage and retention arrangements to satisfy legal, regulatory and business requirements for documents, data, archives, programmes, reports and messages (incoming and outgoing) as well as the data (keys, certificates) used for their encryption and authentication • DS11.3 Media Library Management System − Define and implement procedures to maintain an inventory of onsite media and ensure their usability and integrity − Procedures should provide for timely review and follow-up on any discrepancies noted • DS11.4 Disposal − Define and implement procedures to prevent access to sensitive data and software from equipment or media when they are disposed of or transferred to another use − Procedures should ensure that data marked as deleted or to be disposed cannot be retrieved. • DS11.5 Backup and Restoration − Define and implement procedures for backup and restoration of systems, data and documentation in line with business requirements and the continuity plan − Verify compliance with the backup procedures, and verify the ability to and time required for successful and complete restoration − Test backup media and the restoration process • DS11.6 Security Requirements for Data Management − Establish arrangements to identify and apply security requirements applicable to the receipt, processing, physical storage and output of data and sensitive messages − Includes physical records, data transmissions and any data stored offsite April 21, 2010 48
  • COBIT Data Management Goals and Metrics Activity Goals Process Goals Activity Goals •Backing up data and testing •Maintain the completeness, •Backing up data and testing restoration accuracy, validity and restoration •Managing onsite and offsite accessibility of stored data •Managing onsite and offsite storage of data •Secure data during disposal storage of data •Securely disposing of data of media •Securely disposing of data and equipment •Effectively manage storage and equipment media Are Measured Are Measured Are Measured By Drive By Drive By Key Performance Process Key Goal IT Key Goal Indicators Indicators Indicators •% of successful data •Occurrences of inability to restorations recover data critical to •Frequency of testing of •# of incidents where business process backup media sensitive data were retrieved •User satisfaction with •Average time for data after media were disposed of availability of data restoration •# of down time or data •Incidents of noncompliance integrity incidents caused by with laws due to storage insufficient storage capacity management issues April 21, 2010 49
  • Approach to Data Governance April 21, 2010 50
  • Data Governance • Core function of Data Management • Interacts with and influences each of the surrounding ten data management functions • Data governance is the exercise of authority and control (planning, monitoring, and enforcement) over the management of data assets • Data governance function guides how all other data management functions are performed • High-level, executive data stewardship • Data governance is not the same thing as IT governance • Data governance is focused exclusively on the management of data assets April 21, 2010 51
  • Data Governance • Shared decision making is the hallmark of data governance • Requires working across organisational and system boundaries • Some decisions are primarily business decisions made with input and guidance from IT • Other decisions are primarily technical decisions made with input and guidance from business data stewards at all levels Decisions Made Decisions Made by Business by IT Management Management Business Operating Enterprise Information Information Management Database Architecture Model Model Strategy IT Leadership Information Needs Information Management Data Integration Policies Architecture Capital Investments Information Information Management Data Warehousing Specifications Standards Architecture Research and Quality Requirements Information Management Metadata Architecture Development Funding Metrics Data Governance Model Issue Resolution Information Management Technical Metadata Services April 21, 2010 52
  • Data Governance • Data governance is accomplished most effectively as an on-going program and a continual improvement process • Every effective data governance program is unique, taking into account distinctive organisational and cultural issues, and the immediate data management challenges and opportunities • Data governance is not the same thing as IT governance April 21, 2010 53
  • Data Governance and IT Governance • IT Governance makes decisions about • Data Governance is focused − IT investments exclusively on the management of − IT application portfolio data assets − IT project portfolio • Data Governance is at the heart of • IT Governance aligns the IT strategies managing data assets and investments with enterprise goals and strategies • COBIT (Control Objectives for Information and related Technology) provides standards for IT governance − Only a small portion of the COBIT framework addresses managing information • Some critical issues, such as Sarbanes- Oxley compliance, span the concerns of corporate governance, IT governance, and data governance April 21, 2010 54
  • Data Governance – Definition and Goals • Definition − The exercise of authority and control (planning, monitoring, and enforcement) over the management of data assets • Goals − To define, approve, and communicate data strategies, policies, standards, architecture, procedures, and metrics − To track and enforce regulatory compliance and conformance to data policies, standards, architecture, and procedures − To sponsor, track, and oversee the delivery of data management projects and services − To manage and resolve data related issues − To understand and promote the value of data assets April 21, 2010 55
  • Data Governance - Overview Inputs Primary Deliverables •Business Goals •Data Policies •Business Strategies •Data Standards •IT Objectives •Resolved Issues •IT Strategies •Data Management Projects and •Data Needs Services •Data Issues •Quality Data and Information •Regulatory Requirements •Recognised Data Value Suppliers Data Governance Consumers •Business Executives •Data Producers •IT Executives •Knowledge Workers •Data Stewards •Managers and Executives •Regulatory Bodies •Data Professionals •Customers Participants Tools Metrics •Executive Data Stewards •Intranet Website •Data Value •Coordinating Data Stewards •E-Mail •Data Management Cost •Business Data Stewards •Metadata Tools •Achievement of Objectives •Data Professionals •Metadata Repository •# of Decisions Made •DM Executive •Issue Management Tools •Steward Representation / Coverage •CIO •Data Governance KPI •Data Professional Headcount •Dashboard •Data Management Process Maturity April 21, 2010 56
  • Data Governance Function, Activities and Sub- Activities Data Governance Data Management Planning Data Management Control Understand Strategic Enterprise Data Supervise Data Professional Organisations Needs and Staff Develop and Maintain the Data Strategy Coordinate Data Governance Activities Establish Data Professional Roles and Manage and Resolve Data Related Issues Organisations Identify and Appoint Data Stewards Monitor and Ensure Regulatory Compliance Establish Data Governance and Monitor and Enforce Conformance with Stewardship Organisations Data Policies, Standards and Architecture Develop and Approve Data Policies, Oversee Data Management Projects and Standards, and Procedures Services Communicate and Promote the Value of Review and Approve Data Architecture Data Assets Plan and Sponsor Data Management Projects and Services Estimate Data Asset Value and Associated Costs April 21, 2010 57
  • Data Governance • Data governance is accomplished most effectively as an on-going program and a continual improvement process • Every data governance programme is unique, taking into account distinctive organisational and cultural issues, and the immediate data management challenges and opportunities • Data governance is at the core of managing data assets April 21, 2010 58
  • Data Governance - Possible Organisation Structure Data Governance Structure Organisation Data Governance CIO Council Data Governance Office Data Management Executive Business Unit Data Governance Data Technologists Councils Data Stewardship Committees Data Stewardship Teams April 21, 2010 59
  • Data Governance Shared Decision Making Business Decisions Shared Decision Making IT Decisions Enterprise Business Operating Enterprise Information Database Model Information Model Management Architecture Strategy Enterprise Information Needs Information Data Integration IT Leadership Management Architecture Policies Enterprise Data Warehousing Information Information and Business Capital Investments Specifications Management Intelligence Standards Architecture Research and Enterprise Quality Information Metadata Development Requirements Management Architecture Funding Metrics Enterprise Data Governance Issue Resolution Information Technical Metadata Model Management Services April 21, 2010 60
  • Data Stewardship • Formal accountability for business responsibilities ensuring effective control and use of data assets • Data steward is a business leader and/or recognised subject matter expert designated as accountable for these responsibilities • Manage data assets on behalf of others and in the best interests of the organisation • Represent the data interests of all stakeholders, including but not limited to, the interests of their own functional departments and divisions • Protects, manages, and leverages the data resources • Must take an enterprise perspective to ensure the quality and effective use of enterprise data April 21, 2010 61
  • Data Stewardship - Roles • Executive Data Stewards – provide data governance and make of high-level data stewardship decisions • Coordinating Data Stewards - lead and represent teams of business data stewards in discussions across teams and with executive data stewards • Business Data Stewards - subject matter experts work with data management professionals on an ongoing basis to define and control data April 21, 2010 62
  • Data Stewardship Roles Across Data Management Functions - 1 All Data Stewards Executive Data Stewards Coordinating Data Business Data Stewards Stewards Data Architecture Review, validate, approve, Review and approve the Integrate specifications, Define data requirements Management maintain and refine data enterprise data resolving differences specifications architecture architecture Data Development Validate physical data Define data requirements models and database and specifications designs, participate in database testing and conversion Data Operations Define requirements for Management data recovery, retention and performance Help identify, acquire, and control externally sourced data Data Security Management Provide security, privacy and confidentiality requirements, identify and resolve data security issues, assist in data security audits, and classify information confidentiality Reference and Master Data Control the creation, Management update, and retirement of code values and other reference data, define master data management requirements, identify and help resolve issues April 21, 2010 63
  • Data Stewardship Roles Across Data Management Functions - 2 All Data Stewards Executive Data Stewards Coordinating Data Business Data Stewards Stewards Data Warehousing and Provide business Business Intelligence intelligence requirements Management and management metrics, and they identify and help resolve business intelligence issues Document and Content Define enterprise Management taxonomies and resolve content management issues Metadata Management Create and maintain business metadata (names, meanings, business rules), define metadata access and integration needs and use metadata to make effective data stewardship and governance decisions Data Quality Management Define data quality requirements and business rules, test application edits and validations, assist in the analysis, certification, and auditing of data quality, lead clean-up efforts, identify ways to solve causes of poor data quality, promote data quality awareness April 21, 2010 64
  • Data Strategy • High-level course of action to achieve high-level goals • Data strategy is a data management program strategy a plan for maintaining and improving data quality, integrity, security and access • Address all data management functions relevant to the organisation April 21, 2010 65
  • Elements of Data Strategy • Vision for data management • Summary business case for data management • Guiding principles, values, and management perspectives • Mission and long-term directional goals of data management • Management measures of data management success • Short-term data management programme objectives • Descriptions of data management roles and business units along with a summary of their responsibilities and decision rights • Descriptions of data management programme components and initiatives • Outline of the data management implementation roadmap • Scope boundaries April 21, 2010 66
  • Data Strategy Data Management Programme Charter Data Management Data Management Scope Statement Overall vision, business case, goals, guiding principles, Implementation measures of success, critical Roadmap Goals and objectives for a success factors, recognised risks defined planning horizon and the Identifying specific programs, roles, organisations, and projects, task assignments, and individual leaders accountable delivery milestones for achieving these objectives April 21, 2010 67
  • Data Policies • Statements of intent and fundamental rules governing the creation, acquisition, integrity, security, quality, and use of data and information • More fundamental, global, and business critical than data standards • Describe what to do and what not to do • Should be few data policies stated briefly and directly April 21, 2010 68
  • Data Policies • Possible topics for data policies − Data modeling and other data development activities − Development and use of data architecture − Data quality expectations, roles, and responsibilities − Data security, including confidentiality classification policies, intellectual property policies, personal data privacy policies, general data access and usage policies, and data access by external parties − Database recovery and data retention − Access and use of externally sourced data − Sharing data internally and externally − Data warehousing and business intelligence − Unstructured data - electronic files and physical records April 21, 2010 69
  • Data Architecture • Enterprise data model and other aspects of data architecture sponsored at the data governance level • Need to pay particular attention to the alignment of the enterprise data model with key business strategies, processes, business units and systems • Includes − Data technology architecture − Data integration architecture − Data warehousing and business intelligence architecture − Metadata architecture April 21, 2010 70
  • Data Standards and Procedures • Include naming standards, requirement specification standards, data modeling standards, database design standards, architecture standards and procedural standards for each data management function • Must be effectively communicated, monitored, enforced and periodically re-evaluated • Data management procedures are the methods, techniques, and steps followed to accomplish a specific activity or task April 21, 2010 71
  • Data Standards and Procedures • Possible topics for data standards and procedures − Data modeling and architecture standards, including data naming conventions, definition standards, standard domains, and standard abbreviations − Standard business and technical metadata to be captured, maintained, and integrated − Data model management guidelines and procedures − Metadata integration and usage procedures − Standards for database recovery and business continuity, database performance, data retention, and external data acquisition − Data security standards and procedures − Reference data management control procedures − Match / merge and data cleansing standards and procedures − Business intelligence standards and procedures − Enterprise content management standards and procedures, including use of enterprise taxonomies, support for legal discovery and document and e-mail retention, electronic signatures, report formatting standards and report distribution approaches April 21, 2010 72
  • Regulatory Compliance • Most organisations are is impacted by government and industry regulations • Many of these regulations dictate how data and information is to be managed • Compliance is generally mandatory • Data governance guides the implementation of adequate controls to ensure, document, and monitor compliance with data-related regulations. April 21, 2010 73
  • Regulatory Compliance • Data governance needs to work the business to find the best answers to the following regulatory compliance questions − How relevant is a regulation? − Why is it important for us? − How do we interpret it? − What policies and procedures does it require? − Do we comply now? − How do we comply now? − How should we comply in the future? − What will it take? − When will we comply? − How do we demonstrate and prove compliance? − How do we monitor compliance? − How often do we review compliance? − How do we identify and report non-compliance? − How do we manage and rectify non-compliance? April 21, 2010 74
  • Issue Management • Data governance assists in identifying, managing, and resolving data related issues − Data quality issues − Data naming and definition conflicts − Business rule conflicts and clarifications − Data security, privacy, and confidentiality issues − Regulatory non-compliance issues − Non-conformance issues (policies, standards, architecture, and procedures) − Conflicting policies, standards, architecture, and procedures − Conflicting stakeholder interests in data and information − Organisational and cultural change management issues − Issues regarding data governance procedures and decision rights − Negotiation and review of data sharing agreements April 21, 2010 75
  • Issue Management, Control and Escalation • Data governance implements issue controls and procedures − Identifying, capturing, logging and updating issues − Tracking the status of issues − Documenting stakeholder viewpoints and resolution alternatives − Objective, neutral discussions where all viewpoints are heard − Escalating issues to higher levels of authority − Determining, documenting and communicating issue resolutions. April 21, 2010 76
  • Data Management Projects • Data management roadmap sets out a course of action for initiating and/or improving data management functions • Consists of an assessment of current functions, definition of a target environment and target objectives and a transition plan outlining the steps required to reach these targets including an approach to organisational change management • Every data management project should follow the project management standards of the organisation April 21, 2010 77
  • Data Asset Valuation • Data and information are truly assets because they have business value, tangible or intangible • Different approaches to estimating the value of data assets • Identify the direct and indirect business benefits derived from use of the data • Identify the cost of data loss, identifying the impacts of not having the current amount and quality level of data April 21, 2010 78
  • State of Information and Data Governance • Information and Data Governance Report, April 2008 − International Association for Information and Data Quality (IAIDQ) − University of Arkansas at Little Rock, Information Quality Program (UALR-IQ) • Ponemon Institute 2009 Annual Study Cost of a Data Breach April 21, 2010 79
  • Terms Used by Organisations to Describe the Activities Associated with Governing Data Data Management 62.7% Data Governance 55.4% Data Stewardship 46.6% Information Management 43.6% Information Governance 17.2% Data Resource 10.8% Management Information Stew ardship 10.3% Information Resource 10.3% Management Other 13.7% 0% 10% 20% 30% 40% 50% 60% 70% April 21, 2010 80
  • Your Organisation Recognises and Values Information as a Strategic Asset and Manages it Accordingly Strongly Disagree 3.4% Disagree 21.5% Neutral 17.1% Agree 39.5% Strongly Agree 18.5% 0% 10% 20% 30% 40% 50% April 21, 2010 81
  • Direction of Change in the Results and Effectiveness of the Organisation's Formal or Informal Information/Data Governance Processes Over the Past Two Years Results and Effectiveness Have Significantly 8.8% Improved Results and Effectiveness Have Improved 50.0% Results and Effectiveness Have Remained 31.9% Essentially the Same Results and Effectiveness Have Worsened 3.9% Results and Effectiveness Have Significantly 0.0% Worsened Don’t Know 5.4% 0% 10% 20% 30% 40% 50% 60% 70% April 21, 2010 82
  • Perceived Effectiveness of the Organisation's Current Formal or Informal Information/Data Governance Processes Excellent (All Goals are 2.5% Met) Good (Most Goals are 21.1% Met) OK (Some Goals are Met) 51.5% Poor (Few Goals are Met) 19.1% Very Poor (No Goals are 3.9% Met) Don’t Know 2.0% 0% 10% 20% 30% 40% 50% 60% 70% April 21, 2010 83
  • Actual Information/Data Governance Effectiveness vs. Organisation's Perception It is Better Than Most 20.1% People Think It is the Same as Most 32.4% People Think It is Worse Than Most 35.8% People Think Don’t Know 11.8% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% April 21, 2010 84
  • Current Status of Organisation's Information/Data Governance Initiatives Started an Information/Data Governance Initiative, but 1.5% Discontinued the Effort Considered a Focused Information/Data Governance 0.5% Effort but Abandoned the Idea None Being Considered - Keeping the Status Quo 7.4% Exploring, Still Seeking to Learn More 20.1% Evaluating Alternative Frameworks and Information 23.0% Governance Structures Now Planning an Implementation 13.2% First Iteration Implemented the Past 2 Years 19.1% First Interation"in Place for More Than 2 Years 8.8% Don’t Know 6.4% 0% 5% 10% 15% 20% 25% 30% April 21, 2010 85
  • Expected Changes in Organisation's Information/Data Governance Efforts Over the Next Two Years Will Increase Significantly 46.6% Will Increase Somewhat 39.2% Will Remain the Same 10.8% Will Decrease Somewhat 1.0% Will Decrease Significantly 0.5% Don’t Know 2.0% 0% 10% 20% 30% 40% 50% 60% April 21, 2010 86
  • Focus of Information / Data Governance Efforts Customers 70.2% Financials 57.6% Products and Production 46.6% Services 41.9% Sales 35.6% Employees 31.4% Supply Chain, Vendors, Suppliers 25.1% Items / Materials 20.4% Equipment and Facilities 16.2% Maintenance 13.1% Environment, Health and Safety 10.5% Other 9.5% 0% 10% 20% 30% 40% 50% 60% 70% 80% April 21, 2010 87
  • Overall Objectives of Information / Data Governance Efforts Improve Data Quality 80.2% Establish Clear Decision Rules and Decisionmaking 65.6% Processes for Shared Data Increase the Value of Data Assets 59.4% Provide Mechanism to Resolve Data Issues 56.8% Involve Non-IT Personnel in Data Decisions IT Should 55.7% not Make by Itself Promote Interdependencies and Synergies Between 49.6% Departments or Business Units Enable Joint Accountability for Shared Data 45.3% Involve IT in Data Decisions non-IT Personnel Should 35.4% not Make by Themselves Other 5.2% None Applicable 1.0% Don't Know 2.6% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100 % April 21, 2010 88
  • Primary Activities of Organisation's Information / Data Governance Efforts Standardise Data Definitions Across The Organisation 70.5% Provide Common Information Strategies, Processes, Policies, And Standards On Behalf Of The Organisation 61.6% Support Data Warehouse And Business Intelligence Initiatives 58.4% Define And Standardise Common Business Rules Across The Organisation 53.7% Select And Charter Specific Data Quality Improvement Projects 49.5% Provide Oversight And Enforcement Of Data Standards On Every Project That Involves Information Systems And Technology 47.9% Establish A Common Vocabulary And Culture Around The Deployment Of Data That Ensures Its 46.8% Privacy, Compliance, And Security Support The Access And Use Of Common Corporate Data Through A Focus On Architecture And Integration 45.8% Support The Development Of An Enterprise Logical Data Model 43.7% Guide The Management Of Master Or Reference Data 42.6% Support Information Management Problem-Solving And Decision-Making And Providing Processes For Strategic Alignment. 40.0% Manage Information Products 27.9% Measure The Costs Of Low Quality Data 25.3% Measure The Value Of High Quality Data 23.2% Implement Internal Information Chain Management 13.2% Implement External Data Supplier Management 10.0% Implement Information Product Management 10.0% Other 10.0% 0% 10% 20% 30% 40% 50% 60% 70% 80% April 21, 2010 89
  • Primary Drivers for Organisation's Information / Data Governance Efforts General Desire To Improve The Quality Of Our Data 65.6% Data Warehousing / Business Intelligence 57.7% Compliance / Risk 46.6% Enterprise Architecture 33.3% Information Security / Privacy 32.3% Master Data Management (MDM) Project 31.2% Applications / Systems Integration 30.2% Customer Data Integration (CDI) Project 25.9% Suffered Major Negative Impact From Bad Data Quality 22.2% Service-Oriented Architecture (SOA) Project 18.0% Enterprise Resource Planning (ERP) Project 16.4% Merger And Acquisition Planning Or Implementation 12.7% Product Information Management (PIM) Project 10.1% Reaction To Competitors' Activity 3.7% Other 8.5% 0% 10% 20% 30% 40% 50% 60% 70% 80% April 21, 2010 90
  • Category of Tools Currently Used in Organisation Data Quality Analysis, Assessment Or 66.3% Profiling Extract-Transform-Load (ETL) And Other 57.2% Data Integration Tools Data Modeling (Computer-Aided Software 48.7% Engineering) Data Matching And Reconciliation (Data 48.7% De-Duplication) Data Quality Monitoring 45.5% Metadata Repository 44.4% Data Remediation / Cleansing Tools 39.0% Data Relationship Discovery And Mappings 28.9% Workflow Tools 25.7% Business Rules Engines 20.3% Master Data Management (MDM) Tools 18.7% Customer Data Integration (CDI) Tools 13.4% Product Information Management (PIM) 5.9% Tools Rules Discovery Tools 4.3% Other 5.9% 0% 10% 20% 30% 40% 50% 60% 70% 80% April 21, 2010 91
  • Functional Area to Which the Leader of the Organisation's Information / Data Governance Effort Reports Information Technology 43.1% Senior / Executive Management Team 31.0% Finance 17.2% Compliance / Risk 8.6% Operations / Manufacturing 8.6% Marketing 5.2% Purchasing 1.7% Legal 1.7% Other 8.6% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% April 21, 2010 92
  • Number of Levels Between the Organisation's Most Senior Leader and the Person Most Directly in Charge of the Information / Data Governance Effort 5 Levels or More 12.3% 4 Levels 14.0% 3 Levels 26.3% 2 Levels 22.8% 1 Level 14.0% They are the Same Person 3.5% Don't Know 7.0% 0% 5% 10% 15% 20% 25% 30% April 21, 2010 93
  • Membership of Senior Information / Data Governance Body within an Organisation The Senior / Executive Management Team is the Top 21.4% Information / Data Governance Body C-Level non-IT Executives 26.8% C-Level IT Executives 26.8% Middle-Level non-IT Managers 51.8% Middle-Level IT Managers 33.9% Junior-Level non-IT Supervisors/Managers 7.1% Junior-Level IT Supervisors / Managers 14.3% My Organisation Does Not Have any Governance Body for 7.1% Information and Data Assets 0% 10% 20% 30% 40% 50% 60% April 21, 2010 94
  • Relationship Between Information / Data Governance and Data Quality Leadership Information Governance and Data Quality Are Led by the Same 36.8% Person Information Governance and Data Quality Are Led by Different 17.5% People Who Report to the Same Manager Information Governance and Data Quality Are Led by Different 19.3% People Who Report to Different Managers There is No Specific Individual in Charge of Our Data Quality 17.5% Program Other 8.8% 0% 10% 20% 30% 40% 50% 60% April 21, 2010 95
  • Change In Organisation's Information / Data Quality Over the Past Two Years Information / Data Quality 10.5% Has Significantly Improved Information / Data Quality 68.4% Has Improved Information / Data Quality Has Remained Essentially 15.8% the Same Information / Data Quality 3.5% Has Worsened Information / Data Quality 0.0% Has Significantly Worsened Don’t Know 1.8% 0% 10% 20% 30% 40% 50% 60% 70% 80% April 21, 2010 96
  • Maturity Of Information / Data Governance Goal Setting And Measurement In Your Organisation 5 - Optimised 3.7% 4 - Managed 11.8% 3 - Defined 26.7% 2 - Repeatable 28.9% 1 - Ad-hoc 28.9% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% April 21, 2010 97
  • Maturity Of Information / Data Governance Processes And Policies In Your Organisation 5 - Optimised 1.6% 4 - Managed 4.8% 3 - Defined 24.5% 2 - Repeatable 46.3% 1 - Ad-hoc 22.9% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% April 21, 2010 98
  • Maturity Of Responsibility And Accountability For Information / Data Governance Among Employees In Your Organisation 5 - Optimised 6.9% 4 - Managed 3.2% 3 - Defined 31.7% 2 - Repeatable 25.4% 1 - Ad-hoc 32.8% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% April 21, 2010 99
  • Average Per Record Cost of a Data Breach 2005 – 2009 USD $250 $197 $202 $204 $200 $182 $150 $138 $100 $50 $0 2005 2006 2007 2008 2009 April 21, 2010 100
  • Average Organisational Cost of a Data Breach 2005 – 2009 USD $8,000,000 $6,655,758 $6,751,451 $7,000,000 $6,355,132 $6,000,000 $4,787,637 $5,000,000 $4,514,429 $4,000,000 $3,000,000 $2,000,000 $1,000,000 $0 2005 2006 2007 2008 2009 April 21, 2010 101
  • More Information Alan McSweeney alan@alanmcsweeney.com April 21, 2010 102