To provide an overview of the importance and relevance of data governance as part of an information management initiativ...
Data Governance: Keystone of Information Management Initiatives
Alan McSweeney
Objectives •
To provide an overview of the importance and relevance of data governance as part of an information management initiative
April 21, 2010
2
Agenda •
Data Management Issues
•
Data Governance and Data Management Frameworks
•
Approach to Data Governance
•
State of Information and Data Governance
April 21, 2010
3
Data Governance • • •
Provides an operating discipline for managing data and information as a key enterprise asset Includes organisation, processes and tools for establishing and exercising decision rights regarding valuation and management of data Elements of data governance − − − − − − − − − − − − −
Decision making authority Compliance Policies and standards Data inventories Full lifecycle management Content management Records management, Preservation and disposal Data quality Data classification Data security and access Data risk management Data valuation
April 21, 2010
4
Data Management Issues •
Discovery - cannot find the right information
•
Integration - cannot manipulate and combine information
•
Insight - cannot extract value and knowledge from information
•
Dissemination - cannot consume information
•
Management – cannot manage and control information volumes and growth
April 21, 2010
5
Data Management Problems – User View • • • • • • • • • • • • • • •
Managing Storage Equipment Application Recoveries / Backup Retention Vendor Management Power Management Regulatory Compliance Lack of Integrated Tools Dealing with Performance Problems Data Mobility Archiving and Archive Management Storage Provisioning Managing Complexity Managing Costs Backup Administration and Management Proper Capacity Forecasting and Storage Reporting Managing Storage Growth April 21, 2010
6
Information Management Challenges •
Explosive Data Growth − Value and volume of data is overwhelming − More data is see as critical − Annual rate of 50+% percent
•
Compliance Requirements − Compliance with stringent regulatory requirements and audit procedures
•
Fragmented Storage Environment − Lack of enterprise-wide hardware and software data storage strategy and discipline
•
Budgets − Frozen or being cut April 21, 2010
7
Information Management Issues •
52% of users don’t have confidence in their information
•
59% of managers miss information they should have used
•
42% of managers use wrong information at least once a week
•
75% of CIOs believe they can strengthen their competitive advantage by better using and managing enterprise data
•
78% of CIOs want to improve the way they use and manage their data
•
Only 15% of CIOs believe that their data is currently comprehensively well managed April 21, 2010
8
Data Quality •
Poor data quality costs real money
•
Process efficiency is negatively impacted by poor data quality
•
Full potential benefits of new systems not be realised because of poor data quality
•
Decision making is negatively affected by poor data quality
April 21, 2010
9
Information •
Applications •
Processes
Information IT Systems
• •
•
People
April 21, 2010
Infrastructure
•
Information in all its forms – input, processed, outputs – is a core component of any IT system Applications exist to process data supplied by users and other applications Data breathes life into applications Data is stored and managed by infrastructure – hardware and software Data is a key organisation asset with a substantial value Significant responsibilities are imposed on organisations in managing data 10
Data, Information and Knowledge • • • • • •
• •
Data is the representation of facts as text, numbers, graphics, images, sound or video Data is the raw material used to create information Facts are captured, stored, and expressed as data Information is data in context Without context, data is meaningless - we create meaningful information by interpreting the context around data Knowledge is information in perspective, integrated into a viewpoint based on the recognition and interpretation of patterns, such as trends, formed with other information and experience Knowledge is about understanding the significance of information Knowledge enables effective action April 21, 2010
11
Data, Information, Knowledge and Action
Knowledge
Information
April 21, 2010
Action
Data
12
Information is an Organisation Asset •
Tangible organisation assets are seen as having a value and are managed and controlled using inventory and asset management systems and procedures
•
Data, because it is less tangible, is less widely perceived as a real asset, assigned a real value and managed as if it had a value
•
High quality, accurate and available information is a pre-requisite to effective operation of any organisation
•
Information is a high-value asset of any enterprise
•
What do you do when you have something valuable − Retain it − Protect it − Manage it April 21, 2010
13
Data Management and Project Success •
Data is fundamental to the effective and efficient operation of any solution − Right data − Right time − Right tools and facilities
•
Without data the solution has no purpose
•
Data is too often overlooked in projects
•
Project managers frequently do not appreciate the complexity of data issues
April 21, 2010
14
Generalised Information Management Lifecycle Enter, Create, Acquire, Derive, Update, Capture
•
Store, Manage, Replicate and Distribute
M an ag
Protect and Recover
•
Design, define and implement framework to manage information through this lifecycle
Generalised lifecycle that differs for specific information types e,
Co nt ro
la
nd
Ad mi
n is t er
Archive and Recall
Delete/Remove
April 21, 2010
15
Generalised Information Management Lifecycle •
Need to implement management frameworks and associated solutions to automate the information lifecycle Data Governance Framework Data Architecture to Implement Data Governance Data Infrastructure to Implement Data Architecture
Data Operations to Manage Data Infrastructure April 21, 2010
16
Expanded Generalised Information Management Lifecycle Plan, Design and Specify
De
Implement Underlying Infrastructure
sig n, Im
ple m
Enter, Create, Acquire, Derive, Update, Capture Store, Manage, Replicate and Distribute
•
Include phases for information management lifecycle design and implementation of appropriate hardware and software to actualise lifecycle April 21, 2010
en
t, M an ag e,
Co nt ro
la
nd
Ad
mi ni
ste
r
Protect and Recover
Archive and Recall
Delete/Remove 17
Objectives of Implementing Solutions to Deliver Generalised Information Management Lifecycle • • • •
• • • •
Establish effective policies for lifecycle enterprise information management to control data growth and lower information management costs Meet service level goals to ensure the timely completion of key business processes for mission-critical applications Support appropriate data retention compliance initiatives and mitigate risk for compliance, audits and legal discovery requests Support appropriate data retention compliance requirements and mitigate risk for compliance, audits and legal discovery requests that keep historical transaction records accessible until legal retention periods expire Implement scalable archiving strategies that easily adapt to ongoing business requirements Improve application portfolio management to decommission redundant applications and simplify the IT infrastructure Manage application information growth and its impact on service levels, operational costs and risks as well as storage requirements Manage data quality, consistency, security, privacy and accuracy April 21, 2010
18
Data and Information Management •
Data and information management is a business process consisting of the planning and execution of policies, practices, and projects that acquire, control, protect, deliver, and enhance the value of data and information assets
April 21, 2010
19
Data and Information Management To manage and utilise information as a strategic asset
To implement processes, policies, infrastructure and solutions to govern, protect, maintain and use information To make relevant and correct information available in all business processes and IT systems for the right people in the right context at the right time with the appropriate security and with the right quality To exploit information in business decisions, processes and relations April 21, 2010
20
Data Management Goals •
Primary goals − To understand the information needs of the enterprise and all its stakeholders − To capture, store, protect, and ensure the integrity of data assets − To continually improve the quality of data and information, including accuracy, integrity, integration, relevance and usefulness of data − To ensure privacy and confidentiality, and to prevent unauthorised inappropriate use of data and information − To maximise the effective use and value of data and information assets
April 21, 2010
21
Data Management Goals •
Secondary goals − To control the cost of data management − To promote a wider and deeper understanding of the value of data assets − To manage information consistently across the enterprise − To align data management efforts and technology with business needs
April 21, 2010
22
Triggers for Data Management Initiative •
When an enterprise is about to undertake architectural transformation, data management issues need to be understood and addressed
•
Structured and comprehensive approach to data management enables the effective use of data to take advantage of its competitive advantages
April 21, 2010
23
Data Management Principles •
Data and information are valuable enterprise assets
•
Manage data and information carefully, like any other asset, by ensuring adequate quality, security, integrity, protection, availability, understanding and effective use
•
Share responsibility for data management between business data owners and IT data management professionals
•
Data management is a business function and a set of related disciplines
April 21, 2010
24
Organisation Data Management Function •
Business function of planning for, controlling and delivering data and information assets
•
Development, execution, and supervision of plans, policies, programs, projects, processes, practices and procedures that control, protect, deliver, and enhance the value of data and information assets
•
Scope of the data management function and the scale of its implementation vary widely with the size, means, and experience of organisations
•
Role of data management remains the same across organisations even though implementation differs widely April 21, 2010
25
Scope of Complete Data Management Function Data Warehousing and Business Intelligence Management
Metadata Management
Data Governance
Data Development
Data Security Management
Data Quality Management
Data Operations Management
Reference and Master Data Management Data Architecture Management
April 21, 2010
Document and Content Management 26
Data Governance •
Capstone of Data Management initiatives
Data Governance Database Architecture Management
Data Warehousing and Business Intelligence Management
Data Quality Management
Metadata Management
Data Security Management
Data Development
Data Operations Management
April 21, 2010
Reference and Master Data Management
Document and Content Management
27
Objectives of Data Governance •
Guide information management decision-making
•
Ensure information is consistently defined and well understood
•
Increase the use and trust of data as an organisation asset
•
Improve consistency of projects across the organisation
•
Ensure regulatory compliance
•
Eliminate data risks
April 21, 2010
28
Shared Role Between Business and IT •
Data management is a shared responsibility between data management professionals within IT and the business data owners representing the interests of data producers and information consumers
•
Business data ownership is the concerned with accountability for business responsibilities in data management
•
Business data owners are data subject matter experts
•
Represent the data interests of the business and take responsibility for the quality and use of data April 21, 2010
29
Why Develop and Implement a Data Management Framework? • • • • • • • • • •
Improve organisation data management efficiency Deliver better service to business Improve cost-effectiveness of data management Match the requirements of the business to the management of the data Embed handling of compliance and regulatory rules into data management framework Achieve consistency in data management across systems and applications Enable growth and change more easily Reduce data management and administration effort and cost Assist in the selection and implementation of appropriate data management solutions Implement a technology-independent data architecture April 21, 2010
30
Data Governance and Data Management Frameworks
April 21, 2010
31
Data Governance and Data Management Frameworks •
DMBOK - Data Management Book of Knowledge
•
TOGAF - The Open Group Architecture Framework
•
COBIT - Control Objectives for Information and related Technology
April 21, 2010
32
DMBOK, TOGAF and COBIT Can be a Precursor to Implementing Data Management
TOGAF Defines the Process for Creating a Data Architecture as Part of an Overall Enterprise Architecture
DMBOK Is a Specific and Comprehensive Data Oriented Framework
DMBOK Provides Detailed for Definition, Implementation and Operation of Data Management and Utilisation
Can Provide a Maturity Model for Assessing Data Management
COBIT Provides Data Governance as Part of Overall IT Governance
April 21, 2010
33
DMBOK, TOGAF and COBIT – Scope and Overlap DMBOK
TOGAF
Data Development Data Operations Management Reference and Master Data Management Data Warehousing and Business Intelligence Management Document and Content Management Metadata Management Data Quality Management
Data Architecture Management Data Management Data Migration
Data Governance
April 21, 2010
Data Security Management
COBIT
34
Data Management Book of Knowledge (DMBOK) •
DMBOK is a generalised and comprehensive framework for managing data across the entire lifecycle
•
Developed by DAMA (Data Management Association)
•
DMBOK provides a detailed framework to assist development and implementation of data management processes and procedures and ensures all requirements are addressed
•
Enables effective and appropriate data management across the organisation
•
Provides awareness and visibility of data management issues and requirements April 21, 2010
35
Data Management Book of Knowledge (DMBOK) •
Not a solution to your data management needs
•
Framework and methodology for developing and implementing an appropriate solution
•
Generalised framework to be customised to meet specific needs
•
Provide a work breakdown structure for a data management project to allow the effort to be assessed
•
No magic bullet
April 21, 2010
36
Data Management-Related Frameworks •
• • • •
TOGAF (and other enterprise architecture standards) define a process for arriving an at enterprise architecture definition, including data TOGAF has a phase relating to data architecture TOGAF deals with high level DMBOK translates high level into specific details COBIT is concerned with IT governance and controls: − IT must implement internal controls around how it operates − The systems IT delivers to the business and the underlying business processes these systems actualise must be controlled – these are controls external to IT − To govern IT effectively, COBIT defines the activities and risks within IT that need to be managed
• •
COBIT has a process relating to data management Neither TOGAF nor COBIT are concerned with detailed data management design and implementation April 21, 2010
37
TOGAF and Data Management •
Phase H: Architecture Change Management
Phase G: Implementation Governance
Phase A: Architecture Vision Phase B: Business Architecture
Phase C1 (subset of Phase C) relates to defining a data architecture Phase C1: Data Architecture
Requirements Management
Phase C: Information Systems Architecture
Phase D: Technology Architecture
Phase F: Migration Planning
Phase C2: Solutions and Application Architecture
Phase E: Opportunities and Solutions
April 21, 2010
38
TOGAF Phase C1: Information Systems Architectures - Data Architecture - Objectives •
Purpose is to define the major types and sources of data necessary to support the business, in a way that is: − Understandable by stakeholders − Complete and consistent − Stable
•
Define the data entities relevant to the enterprise
•
Not concerned with design of logical or physical storage systems or databases
April 21, 2010
39
TOGAF Phase C1: Information Systems Architectures - Data Architecture - Overview Phase C1: Information Systems Architectures - Data Architecture
Approach Elements
Inputs
Steps
Outputs
Key Considerations for Data Architecture
Reference Materials External to the Enterprise
Select Reference Models, Viewpoints, and Tools
Architecture Repository
Non-Architectural Inputs
Develop Baseline Data Architecture Description
Architectural Inputs
Develop Target Data Architecture Description
Perform Gap Analysis
Define Roadmap Components
Resolve Impacts Across the Architecture Landscape Conduct Formal Stakeholder Review
Finalise the Data Architecture
Create Architecture Definition Document April 21, 2010
40
TOGAF Phase C1: Information Systems Architectures - Data Architecture - Approach - Key Considerations for Data Architecture •
Data Management − Important to understand and address data management issues − Structured and comprehensive approach to data management enables the effective use of data to capitalise on its competitive advantages − Clear definition of which application components in the landscape will serve as the system of record or reference for enterprise master data − Will there be an enterprise-wide standard that all application components, including software packages, need to adopt − Understand how data entities are utilised by business functions, processes, and services − Understand how and where enterprise data entities are created, stored, transported, and reported − Level and complexity of data transformations required to support the information exchange needs between applications − Requirement for software in supporting data integration with external organisations
April 21, 2010
41
TOGAF Phase C1: Information Systems Architectures - Data Architecture - Approach - Key Considerations for Data Architecture •
Data Migration − Identify data migration requirements and also provide indicators as to the level of transformation for new/changed applications − Ensure target application has quality data when it is populated − Ensure enterprise-wide common data definition is established to support the transformation
April 21, 2010
42
TOGAF Phase C1: Information Systems Architectures - Data Architecture - Approach - Key Considerations for Data Architecture •
Data Governance − Ensures that the organisation has the necessary dimensions in place to enable the data transformation − Structure – ensures the organisation has the necessary structure and the standards bodies to manage data entity aspects of the transformation − Management System - ensures the organisation has the necessary management system and data-related programs to manage the governance aspects of data entities throughout its lifecycle − People - addresses what data-related skills and roles the organisation requires for the transformation
April 21, 2010
43
TOGAF Phase C1: Information Systems Architectures - Data Architecture - Outputs •
Refined and updated versions of the Architecture Vision phase deliverables − Statement of Architecture Work − Validated data principles, business goals, and business drivers
•
Draft Architecture Definition Document − Baseline Data Architecture − Target Data Architecture • • • • •
Business data model Logical data model Data management process models Data Entity/Business Function matrix Views corresponding to the selected viewpoints addressing key stakeholder concerns
− Draft Architecture Requirements Specification • • • • • •
Gap analysis results Data interoperability requirements Relevant technical requirements Constraints on the Technology Architecture about to be designed Updated business requirements Updated application requirements
− Data Architecture components of an Architecture Roadmap April 21, 2010
44
COBIT Structure COBIT Plan and Organise (PO)
Acquire and Implement (AI)
Deliver and Support (DS)
Monitor and Evaluate (ME)
PO1 Define a strategic IT plan
AI1 Identify automated solutions
DS1 Define and manage service levels
ME1 Monitor and evaluate IT performance
PO2 Define the information architecture
AI2 Acquire and maintain application software
DS2 Manage third-party services
ME2 Monitor and evaluate internal control
PO3 Determine technological direction
AI3 Acquire and maintain technology infrastructure
DS3 Manage performance and capacity
ME3 Ensure regulatory compliance
PO4 Define the IT processes, organisation and relationships
AI4 Enable operation and use
DS4 Ensure continuous service
ME4 Provide IT governance
PO5 Manage the IT investment
AI5 Procure IT resources
DS5 Ensure systems security
PO6 Communicate management aims and direction
AI6 Manage changes
DS6 Identify and allocate costs
PO7 Manage IT human resources
AI7 Install and accredit solutions and changes
DS7 Educate and train users
PO8 Manage quality
DS8 Manage service desk and incidents
PO9 Assess and manage IT risks
DS9 Manage the configuration
PO10 Manage projects
DS10 Manage problems
DS11 Manage data DS12 Manage the physical environment DS13 Manage operations April 21, 2010
45
COBIT and Data Management •
COBIT objective DS11 Manage Data within the Deliver and Support (DS) domain
•
Effective data management requires identification of data requirements
•
Data management process includes establishing effective procedures to manage the media library, backup and recovery of data and proper disposal of media
•
Effective data management helps ensure the quality, timeliness and availability of business data
April 21, 2010
46
COBIT and Data Management •
• •
Objective is the control over the IT process of managing data that meets the business requirement for IT of optimising the use of information and ensuring information is available as required Focuses on maintaining the completeness, accuracy, availability and protection of data Involves taking actions − Backing up data and testing restoration − Managing onsite and offsite storage of data − Securely disposing of data and equipment
•
Measured by − User satisfaction with availability of data − Percent of successful data restorations − Number of incidents where sensitive data were retrieved after media were disposed of
April 21, 2010
47
COBIT Process DS11 Manage Data •
DS11.1 Business Requirements for Data Management − Establish arrangements to ensure that source documents expected from the business are received, all data received from the business are processed, all output required by the business is prepared and delivered, and restart and reprocessing needs are supported
•
DS11.2 Storage and Retention Arrangements − Define and implement procedures for data storage and archival, so data remain accessible and usable − Procedures should consider retrieval requirements, cost-effectiveness, continued integrity and security requirements − Establish storage and retention arrangements to satisfy legal, regulatory and business requirements for documents, data, archives, programmes, reports and messages (incoming and outgoing) as well as the data (keys, certificates) used for their encryption and authentication
•
DS11.3 Media Library Management System − Define and implement procedures to maintain an inventory of onsite media and ensure their usability and integrity − Procedures should provide for timely review and follow-up on any discrepancies noted
•
DS11.4 Disposal − Define and implement procedures to prevent access to sensitive data and software from equipment or media when they are disposed of or transferred to another use − Procedures should ensure that data marked as deleted or to be disposed cannot be retrieved.
•
DS11.5 Backup and Restoration − Define and implement procedures for backup and restoration of systems, data and documentation in line with business requirements and the continuity plan − Verify compliance with the backup procedures, and verify the ability to and time required for successful and complete restoration − Test backup media and the restoration process
•
DS11.6 Security Requirements for Data Management − Establish arrangements to identify and apply security requirements applicable to the receipt, processing, physical storage and output of data and sensitive messages − Includes physical records, data transmissions and any data stored offsite
April 21, 2010
48
COBIT Data Management Goals and Metrics Activity Goals
Process Goals
Activity Goals
•Backing up data and testing restoration •Managing onsite and offsite storage of data •Securely disposing of data and equipment
•Maintain the completeness, accuracy, validity and accessibility of stored data •Secure data during disposal of media •Effectively manage storage media
•Backing up data and testing restoration •Managing onsite and offsite storage of data •Securely disposing of data and equipment
Are Measured By Key Performance Indicators •Frequency of testing of backup media •Average time for data restoration
April 21, 2010
Drive
Are Measured By
Drive
Are Measured By
Process Key Goal Indicators
IT Key Goal Indicators
•% of successful data restorations •# of incidents where sensitive data were retrieved after media were disposed of •# of down time or data integrity incidents caused by insufficient storage capacity
•Occurrences of inability to recover data critical to business process •User satisfaction with availability of data •Incidents of noncompliance with laws due to storage management issues 49
Approach to Data Governance
April 21, 2010
50
Data Governance •
Core function of Data Management
•
Interacts with and influences each of the surrounding ten data management functions
•
Data governance is the exercise of authority and control (planning, monitoring, and enforcement) over the management of data assets
•
Data governance function guides how all other data management functions are performed
•
High-level, executive data stewardship
•
Data governance is not the same thing as IT governance
•
Data governance is focused exclusively on the management of data assets April 21, 2010
51
Data Governance • • • •
Shared decision making is the hallmark of data governance Requires working across organisational and system boundaries Some decisions are primarily business decisions made with input and guidance from IT Other decisions are primarily technical decisions made with input and guidance from business data stewards at all levels Decisions Made Decisions Made by Business by IT Management Management
Business Operating Model
Enterprise Information Model
Information Management Strategy
Database Architecture
IT Leadership
Information Needs
Information Management Policies
Data Integration Architecture
Capital Investments
Information Specifications
Information Management Standards
Data Warehousing Architecture
Research and Development Funding
Quality Requirements
Information Management Metrics
Metadata Architecture
Data Governance Model
Issue Resolution
Information Management Services
Technical Metadata
April 21, 2010
52
Data Governance •
Data governance is accomplished most effectively as an on-going program and a continual improvement process
•
Every effective data governance program is unique, taking into account distinctive organisational and cultural issues, and the immediate data management challenges and opportunities
•
Data governance is not the same thing as IT governance
April 21, 2010
53
Data Governance and IT Governance •
IT Governance makes decisions about − IT investments − IT application portfolio − IT project portfolio
•
•
IT Governance aligns the IT strategies and investments with enterprise goals and strategies COBIT (Control Objectives for Information and related Technology) provides standards for IT governance
•
•
Data Governance is focused exclusively on the management of data assets Data Governance is at the heart of managing data assets
− Only a small portion of the COBIT framework addresses managing information •
Some critical issues, such as SarbanesOxley compliance, span the concerns of corporate governance, IT governance, and data governance April 21, 2010
54
Data Governance – Definition and Goals •
Definition − The exercise of authority and control (planning, monitoring, and enforcement) over the management of data assets
•
Goals − To define, approve, and communicate data strategies, policies, standards, architecture, procedures, and metrics − To track and enforce regulatory compliance and conformance to data policies, standards, architecture, and procedures − To sponsor, track, and oversee the delivery of data management projects and services − To manage and resolve data related issues − To understand and promote the value of data assets April 21, 2010
55
Data Governance - Overview Inputs
Primary Deliverables
•Business Goals •Business Strategies •IT Objectives •IT Strategies •Data Needs •Data Issues •Regulatory Requirements
Suppliers
•Data Policies •Data Standards •Resolved Issues •Data Management Projects and Services •Quality Data and Information •Recognised Data Value
Data Governance
•Data Producers •Knowledge Workers •Managers and Executives •Data Professionals •Customers
•Business Executives •IT Executives •Data Stewards •Regulatory Bodies
Participants •Executive Data Stewards •Coordinating Data Stewards •Business Data Stewards •Data Professionals •DM Executive •CIO April 21, 2010
Consumers
Tools •Intranet Website •E-Mail •Metadata Tools •Metadata Repository •Issue Management Tools •Data Governance KPI •Dashboard
Metrics •Data Value •Data Management Cost •Achievement of Objectives •# of Decisions Made •Steward Representation / Coverage •Data Professional Headcount •Data Management Process Maturity 56
Data Governance Function, Activities and SubActivities Data Governance Data Management Planning
Data Management Control
Understand Strategic Enterprise Data Needs
Supervise Data Professional Organisations and Staff
Develop and Maintain the Data Strategy
Coordinate Data Governance Activities
Establish Data Professional Roles and Organisations
Manage and Resolve Data Related Issues
Identify and Appoint Data Stewards
Monitor and Ensure Regulatory Compliance
Establish Data Governance and Stewardship Organisations
Monitor and Enforce Conformance with Data Policies, Standards and Architecture
Develop and Approve Data Policies, Standards, and Procedures
Oversee Data Management Projects and Services
Review and Approve Data Architecture
Communicate and Promote the Value of Data Assets
Plan and Sponsor Data Management Projects and Services Estimate Data Asset Value and Associated Costs April 21, 2010
57
Data Governance •
Data governance is accomplished most effectively as an on-going program and a continual improvement process
•
Every data governance programme is unique, taking into account distinctive organisational and cultural issues, and the immediate data management challenges and opportunities
•
Data governance is at the core of managing data assets
April 21, 2010
58
Data Governance - Possible Organisation Structure Data Governance Structure
Organisation Data Governance Council
Data Governance Office
CIO
Data Management Executive
Business Unit Data Governance Councils
Data Technologists
Data Stewardship Committees
Data Stewardship Teams April 21, 2010
59
Data Governance Shared Decision Making Business Decisions
Shared Decision Making
IT Decisions
Enterprise Information Model
Enterprise Information Management Strategy
Database Architecture
IT Leadership
Information Needs
Enterprise Information Management Policies
Data Integration Architecture
Capital Investments
Information Specifications
Enterprise Information Management Standards
Data Warehousing and Business Intelligence Architecture
Research and Development Funding
Quality Requirements
Enterprise Information Management Metrics
Metadata Architecture
Issue Resolution
Enterprise Information Management Services
Technical Metadata
Business Operating Model
Data Governance Model
April 21, 2010
60
Data Stewardship •
Formal accountability for business responsibilities ensuring effective control and use of data assets
•
Data steward is a business leader and/or recognised subject matter expert designated as accountable for these responsibilities
•
Manage data assets on behalf of others and in the best interests of the organisation
•
Represent the data interests of all stakeholders, including but not limited to, the interests of their own functional departments and divisions
•
Protects, manages, and leverages the data resources
•
Must take an enterprise perspective to ensure the quality and effective use of enterprise data April 21, 2010
61
Data Stewardship - Roles •
Executive Data Stewards – provide data governance and make of high-level data stewardship decisions
•
Coordinating Data Stewards - lead and represent teams of business data stewards in discussions across teams and with executive data stewards
•
Business Data Stewards - subject matter experts work with data management professionals on an ongoing basis to define and control data
April 21, 2010
62
Data Stewardship Roles Across Data Management Functions - 1 Data Architecture Management Data Development
Data Operations Management
Data Security Management
Reference and Master Data Management
April 21, 2010
All Data Stewards
Executive Data Stewards
Review, validate, approve, maintain and refine data architecture Validate physical data models and database designs, participate in database testing and conversion
Review and approve the enterprise data architecture
Coordinating Data Stewards Integrate specifications, resolving differences
Business Data Stewards Define data requirements specifications Define data requirements and specifications
Define requirements for data recovery, retention and performance Help identify, acquire, and control externally sourced data Provide security, privacy and confidentiality requirements, identify and resolve data security issues, assist in data security audits, and classify information confidentiality Control the creation, update, and retirement of code values and other reference data, define master data management requirements, identify and help resolve issues 63
Data Stewardship Roles Across Data Management Functions - 2 All Data Stewards Data Warehousing and Business Intelligence Management
Data Quality Management
April 21, 2010
Coordinating Data Stewards
Business Data Stewards Provide business intelligence requirements and management metrics, and they identify and help resolve business intelligence issues Define enterprise taxonomies and resolve content management issues
Document and Content Management Metadata Management
Executive Data Stewards
Create and maintain business metadata (names, meanings, business rules), define metadata access and integration needs and use metadata to make effective data stewardship and governance decisions Define data quality requirements and business rules, test application edits and validations, assist in the analysis, certification, and auditing of data quality, lead clean-up efforts, identify ways to solve causes of poor data quality, promote data quality awareness 64
Data Strategy •
High-level course of action to achieve high-level goals
•
Data strategy is a data management program strategy a plan for maintaining and improving data quality, integrity, security and access
•
Address all data management functions relevant to the organisation
April 21, 2010
65
Elements of Data Strategy • • • • • • • • • •
Vision for data management Summary business case for data management Guiding principles, values, and management perspectives Mission and long-term directional goals of data management Management measures of data management success Short-term data management programme objectives Descriptions of data management roles and business units along with a summary of their responsibilities and decision rights Descriptions of data management programme components and initiatives Outline of the data management implementation roadmap Scope boundaries April 21, 2010
66
Data Strategy
Data Management Programme Charter Data Management Scope Statement Goals and objectives for a defined planning horizon and the roles, organisations, and individual leaders accountable for achieving these objectives
April 21, 2010
Overall vision, business case, goals, guiding principles, measures of success, critical success factors, recognised risks
Data Management Implementation Roadmap Identifying specific programs, projects, task assignments, and delivery milestones
67
Data Policies •
Statements of intent and fundamental rules governing the creation, acquisition, integrity, security, quality, and use of data and information
•
More fundamental, global, and business critical than data standards
•
Describe what to do and what not to do
•
Should be few data policies stated briefly and directly
April 21, 2010
68
Data Policies •
Possible topics for data policies − Data modeling and other data development activities − Development and use of data architecture − Data quality expectations, roles, and responsibilities − Data security, including confidentiality classification policies, intellectual property policies, personal data privacy policies, general data access and usage policies, and data access by external parties − Database recovery and data retention − Access and use of externally sourced data − Sharing data internally and externally − Data warehousing and business intelligence − Unstructured data - electronic files and physical records April 21, 2010
69
Data Architecture •
Enterprise data model and other aspects of data architecture sponsored at the data governance level
•
Need to pay particular attention to the alignment of the enterprise data model with key business strategies, processes, business units and systems
•
Includes − Data technology architecture − Data integration architecture − Data warehousing and business intelligence architecture − Metadata architecture
April 21, 2010
70
Data Standards and Procedures •
Include naming standards, requirement specification standards, data modeling standards, database design standards, architecture standards and procedural standards for each data management function
•
Must be effectively communicated, monitored, enforced and periodically re-evaluated
•
Data management procedures are the methods, techniques, and steps followed to accomplish a specific activity or task
April 21, 2010
71
Data Standards and Procedures •
Possible topics for data standards and procedures − Data modeling and architecture standards, including data naming conventions, definition standards, standard domains, and standard abbreviations − Standard business and technical metadata to be captured, maintained, and integrated − Data model management guidelines and procedures − Metadata integration and usage procedures − Standards for database recovery and business continuity, database performance, data retention, and external data acquisition − Data security standards and procedures − Reference data management control procedures − Match / merge and data cleansing standards and procedures − Business intelligence standards and procedures − Enterprise content management standards and procedures, including use of enterprise taxonomies, support for legal discovery and document and e-mail retention, electronic signatures, report formatting standards and report distribution approaches April 21, 2010
72
Regulatory Compliance •
Most organisations are is impacted by government and industry regulations
•
Many of these regulations dictate how data and information is to be managed
•
Compliance is generally mandatory
•
Data governance guides the implementation of adequate controls to ensure, document, and monitor compliance with data-related regulations.
April 21, 2010
73
Regulatory Compliance •
Data governance needs to work the business to find the best answers to the following regulatory compliance questions − − − − − − − − − − − − − −
How relevant is a regulation? Why is it important for us? How do we interpret it? What policies and procedures does it require? Do we comply now? How do we comply now? How should we comply in the future? What will it take? When will we comply? How do we demonstrate and prove compliance? How do we monitor compliance? How often do we review compliance? How do we identify and report non-compliance? How do we manage and rectify non-compliance?
April 21, 2010
74
Issue Management •
Data governance assists in identifying, managing, and resolving data related issues − − − − − − − − − − −
Data quality issues Data naming and definition conflicts Business rule conflicts and clarifications Data security, privacy, and confidentiality issues Regulatory non-compliance issues Non-conformance issues (policies, standards, architecture, and procedures) Conflicting policies, standards, architecture, and procedures Conflicting stakeholder interests in data and information Organisational and cultural change management issues Issues regarding data governance procedures and decision rights Negotiation and review of data sharing agreements
April 21, 2010
75
Issue Management, Control and Escalation •
Data governance implements issue controls and procedures − Identifying, capturing, logging and updating issues − Tracking the status of issues − Documenting stakeholder viewpoints and resolution alternatives − Objective, neutral discussions where all viewpoints are heard − Escalating issues to higher levels of authority − Determining, documenting and communicating issue resolutions.
April 21, 2010
76
Data Management Projects •
Data management roadmap sets out a course of action for initiating and/or improving data management functions
•
Consists of an assessment of current functions, definition of a target environment and target objectives and a transition plan outlining the steps required to reach these targets including an approach to organisational change management
•
Every data management project should follow the project management standards of the organisation
April 21, 2010
77
Data Asset Valuation •
Data and information are truly assets because they have business value, tangible or intangible
•
Different approaches to estimating the value of data assets
•
Identify the direct and indirect business benefits derived from use of the data
•
Identify the cost of data loss, identifying the impacts of not having the current amount and quality level of data
April 21, 2010
78
State of Information and Data Governance •
Information and Data Governance Report, April 2008 − International Association for Information and Data Quality (IAIDQ) − University of Arkansas at Little Rock, Information Quality Program (UALR-IQ)
•
Ponemon Institute 2009 Annual Study Cost of a Data Breach
April 21, 2010
79
Terms Used by Organisations to Describe the Activities Associated with Governing Data Data Management
62.7%
Data Governance
55.4%
Data Stewardship
46.6%
Information Management
43.6%
Information Governance
17.2%
Data Resource Management
10.8%
Information Stew ardship
10.3%
Information Resource Management
10.3%
Other
13.7% 0%
April 21, 2010
10%
20%
30%
40%
50%
60%
70% 80
Your Organisation Recognises and Values Information as a Strategic Asset and Manages it Accordingly
3.4%
Strongly Disagree
21.5%
Disagree
17.1%
Neutral
39.5%
Agree
18.5%
Strongly Agree
0%
April 21, 2010
10%
20%
30%
40%
50%
81
Direction of Change in the Results and Effectiveness of the Organisation's Formal or Informal Information/Data Governance Processes Over the Past Two Years
Results and Effectiveness Have Significantly Improved
8.8%
50.0%
Results and Effectiveness Have Improved Results and Effectiveness Have Remained Essentially the Same
31.9%
3.9%
Results and Effectiveness Have Worsened Results and Effectiveness Have Significantly Worsened
0.0%
5.4%
Don’t Know 0%
April 21, 2010
10%
20%
30%
40%
50%
60%
70%
82
Perceived Effectiveness of the Organisation's Current Formal or Informal Information/Data Governance Processes
Excellent (All Goals are Met)
2.5%
Good (Most Goals are Met)
21.1%
51.5%
OK (Some Goals are Met)
Poor (Few Goals are Met)
19.1%
Very Poor (No Goals are Met)
3.9%
2.0%
Don’t Know 0%
April 21, 2010
10%
20%
30%
40%
50%
60%
70%
83
Actual Information/Data Governance Effectiveness vs. Organisation's Perception
It is Better Than Most People Think
20.1%
It is the Same as Most People Think
32.4%
It is Worse Than Most People Think
35.8%
11.8%
Don’t Know
0%
April 21, 2010
5%
10%
15%
20%
25%
30%
35%
40%
45%
50%
84
Current Status of Organisation's Information/Data Governance Initiatives Started an Information/Data Governance Initiative, but Discontinued the Effort
1.5%
Considered a Focused Information/Data Governance Effort but Abandoned the Idea
0.5% 7.4%
None Being Considered - Keeping the Status Quo Exploring, Still Seeking to Learn More
20.1%
Evaluating Alternative Frameworks and Information Governance Structures
23.0%
Now Planning an Implementation
13.2%
First Iteration Implemented the Past 2 Years
19.1%
First Interation"in Place for More Than 2 Years
8.8%
Don’t Know
6.4% 0%
April 21, 2010
5%
10%
15%
20%
25%
30% 85
Expected Changes in Organisation's Information/Data Governance Efforts Over the Next Two Years 46.6%
Will Increase Significantly
39.2%
Will Increase Somewhat
10.8%
Will Remain the Same
1.0%
Will Decrease Somewhat
Will Decrease Significantly
0.5%
2.0%
Don’t Know
0% April 21, 2010
10%
20%
30%
40%
50%
60% 86
Focus of Information / Data Governance Efforts 70.2%
Customers 57.6%
Financials 46.6%
Products and Production
41.9%
Services
35.6%
Sales
31.4%
Employees
25.1%
Supply Chain, Vendors, Suppliers
20.4%
Items / Materials
16.2%
Equipment and Facilities
13.1%
Maintenance
10.5%
Environment, Health and Safety
9.5%
Other 0% April 21, 2010
10%
20%
30%
40%
50%
60%
70%
80% 87
Overall Objectives of Information / Data Governance Efforts Improve Data Quality
80.2%
Establish Clear Decision Rules and Decisionmaking Processes for Shared Data
65.6%
Increase the Value of Data Assets
59.4%
Provide Mechanism to Resolve Data Issues
56.8%
Involve Non-IT Personnel in Data Decisions IT Should not Make by Itself
55.7%
Promote Interdependencies and Synergies Between Departments or Business Units
49.6%
Enable Joint Accountability for Shared Data
45.3%
Involve IT in Data Decisions non-IT Personnel Should not Make by Themselves Other None Applicable Don't Know
35.4% 5.2% 1.0% 2.6% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100 %
April 21, 2010
88
Primary Activities of Organisation's Information / Data Governance Efforts 70.5%
Standardise Data Definitions Across The Organisation Provide Common Information Strategies, Processes, Policies, And Standards On Behalf Of The Organisation
61.6% 58.4%
Support Data Warehouse And Business Intelligence Initiatives
53.7%
Define And Standardise Common Business Rules Across The Organisation
49.5%
Select And Charter Specific Data Quality Improvement Projects Provide Oversight And Enforcement Of Data Standards On Every Project That Involves Information Systems And Technology
47.9%
Establish A Common Vocabulary And Culture Around The Deployment Of Data That Ensures Its Privacy, Compliance, And Security
46.8%
Support The Access And Use Of Common Corporate Data Through A Focus On Architecture And Integration
45.8% 43.7%
Support The Development Of An Enterprise Logical Data Model
42.6%
Guide The Management Of Master Or Reference Data Support Information Management Problem-Solving And Decision-Making And Providing Processes For Strategic Alignment.
40.0% 27.9%
Manage Information Products
25.3%
Measure The Costs Of Low Quality Data
23.2%
Measure The Value Of High Quality Data
13.2%
Implement Internal Information Chain Management Implement External Data Supplier Management
10.0%
Implement Information Product Management
10.0%
Other
10.0% 0%
April 21, 2010
10%
20%
30%
40%
50%
60%
70%
80%
89
Primary Drivers for Organisation's Information / Data Governance Efforts General Desire To Improve The Quality Of Our Data
65.6%
Data Warehousing / Business Intelligence
57.7%
Compliance / Risk
46.6%
Enterprise Architecture
33.3%
Information Security / Privacy
32.3%
Master Data Management (MDM) Project
31.2%
Applications / Systems Integration
30.2%
Customer Data Integration (CDI) Project
25.9%
Suffered Major Negative Impact From Bad Data Quality
22.2%
Service-Oriented Architecture (SOA) Project
18.0%
Enterprise Resource Planning (ERP) Project
16.4%
Merger And Acquisition Planning Or Implementation
12.7%
Product Information Management (PIM) Project
10.1%
Reaction To Competitors' Activity
3.7%
Other
8.5% 0%
April 21, 2010
10%
20%
30%
40%
50%
60%
70%
80%
90
Category of Tools Currently Used in Organisation Data Quality Analysis, Assessment Or Profiling
66.3%
Extract-Transform-Load (ETL) And Other Data Integration Tools
57.2%
Data Modeling (Computer-Aided Software Engineering)
48.7%
Data Matching And Reconciliation (Data De-Duplication)
48.7% 45.5%
Data Quality Monitoring
44.4%
Metadata Repository 39.0%
Data Remediation / Cleansing Tools Data Relationship Discovery And Mappings
28.9% 25.7%
Workflow Tools 20.3%
Business Rules Engines
18.7%
Master Data Management (MDM) Tools 13.4%
Customer Data Integration (CDI) Tools Product Information Management (PIM) Tools
5.9% 4.3%
Rules Discovery Tools
5.9%
Other 0%
April 21, 2010
10%
20%
30%
40%
50%
60%
70%
80%
91
Functional Area to Which the Leader of the Organisation's Information / Data Governance Effort Reports Information Technology
43.1%
Senior / Executive Management Team
31.0%
Finance
17.2%
Compliance / Risk
8.6%
Operations / Manufacturing
8.6%
5.2%
Marketing
Purchasing
1.7%
Legal
1.7%
Other
8.6% 0%
April 21, 2010
5%
10%
15%
20%
25%
30%
35%
40%
45%
50%
92
Number of Levels Between the Organisation's Most Senior Leader and the Person Most Directly in Charge of the Information / Data Governance Effort 12.3%
5 Levels or More
14.0%
4 Levels
26.3%
3 Levels
22.8%
2 Levels
14.0%
1 Level
3.5%
They are the Same Person
7.0%
Don't Know
0% April 21, 2010
5%
10%
15%
20%
25%
30% 93
Membership of Senior Information / Data Governance Body within an Organisation The Senior / Executive Management Team is the Top Information / Data Governance Body
21.4%
C-Level non-IT Executives
26.8%
C-Level IT Executives
26.8%
51.8%
Middle-Level non-IT Managers
33.9%
Middle-Level IT Managers
7.1%
Junior-Level non-IT Supervisors/Managers
14.3%
Junior-Level IT Supervisors / Managers My Organisation Does Not Have any Governance Body for Information and Data Assets
7.1% 0%
April 21, 2010
10%
20%
30%
40%
50%
60% 94
Relationship Between Information / Data Governance and Data Quality Leadership Information Governance and Data Quality Are Led by the Same Person
36.8%
Information Governance and Data Quality Are Led by Different People Who Report to the Same Manager
17.5%
Information Governance and Data Quality Are Led by Different People Who Report to Different Managers
19.3%
There is No Specific Individual in Charge of Our Data Quality Program
17.5%
8.8%
Other
0% April 21, 2010
10%
20%
30%
40%
50%
60% 95
Change In Organisation's Information / Data Quality Over the Past Two Years Information / Data Quality Has Significantly Improved
10.5%
Information / Data Quality Has Improved
68.4%
Information / Data Quality Has Remained Essentially the Same
15.8%
Information / Data Quality Has Worsened
Information / Data Quality Has Significantly Worsened
3.5%
0.0%
1.8%
Don’t Know
0%
April 21, 2010
10%
20%
30%
40%
50%
60%
70%
80%
96
Maturity Of Information / Data Governance Goal Setting And Measurement In Your Organisation 3.7%
5 - Optimised
11.8%
4 - Managed
26.7%
3 - Defined
2 - Repeatable
28.9%
1 - Ad-hoc
28.9%
0% April 21, 2010
5%
10%
15%
20%
25%
30%
35%
40%
45%
50% 97
Maturity Of Information / Data Governance Processes And Policies In Your Organisation 1.6%
5 - Optimised
4.8%
4 - Managed
24.5%
3 - Defined
46.3%
2 - Repeatable
22.9%
1 - Ad-hoc
0% April 21, 2010
5%
10%
15%
20%
25%
30%
35%
40%
45%
50% 98
Maturity Of Responsibility And Accountability For Information / Data Governance Among Employees In Your Organisation 6.9%
5 - Optimised
3.2%
4 - Managed
31.7%
3 - Defined
25.4%
2 - Repeatable
32.8%
1 - Ad-hoc
0% April 21, 2010
5%
10%
15%
20%
25%
30%
35%
40%
45%
50% 99
Average Per Record Cost of a Data Breach 2005 – 2009 USD $250
$200
$150
$197
$202
$204
2007
2008
2009
$182 $138
$100
$50
$0 2005
April 21, 2010
2006
100
Average Organisational Cost of a Data Breach 2005 – 2009 USD $8,000,000 $7,000,000
$6,355,132
$6,655,758
$6,751,451
2008
2009
$6,000,000 $5,000,000
$4,514,429
$4,787,637
$4,000,000 $3,000,000 $2,000,000 $1,000,000 $0 2005
April 21, 2010
2006
2007
101
More Information Alan McSweeney
[email protected]
April 21, 2010
102
