The IBM data governance blueprint: Leveraging best practices and proven technologies



Similar documents
The IBM Data Governance Council Maturity Model: Building a roadmap for effective data governance

IBM Master Data Management and data governance November IBM Master Data Management: Effective data governance

Add the compliance and discovery benefits of records management to your business solutions. IBM Information Management software

Industry models for insurance. The IBM Insurance Application Architecture: A blueprint for success

GOVERNANCE DEFINED. Governance is the practice of making enterprise-wide decisions regarding an organization s informational assets and artifacts

Industry Models and Information Server

Industry models for financial markets. The IBM Financial Markets Industry Models: Greater insight for greater value

Agile enterprise content management and the IBM Information Agenda.

How can Identity and Access Management help me to improve compliance and drive business performance?

IBM Enterprise Content Management Product Strategy

Service assurance for communications service providers White paper. Improve service quality and enhance the customer experience.

Provide access control with innovative solutions from IBM.

How To Manage Data

EMC Solutions for the Financial Services Industry

IBM DB2 CommonStore for Lotus Domino, Version 8.3

CA Repository for Distributed. Systems r2.3. Benefits. Overview. The CA Advantage

Use product solutions from IBM Tivoli software to align with the best practices of the Information Technology Infrastructure Library (ITIL).

CA HalvesThe Cost Of Testing IT Controls For Sarbanes-Oxley Compliance With Unified Processes.

Can CA Information Governance help us protect and manage our information throughout its life cycle and reduce our risk exposure?

Tapping the benefits of business analytics and optimization

Integrated archiving: streamlining compliance and discovery through content and business process management

IBM Software A Journey to Adaptive MDM

ILM et Archivage Les solutions IBM

The Eight Dimensions of Customer Experience for Financial Services

Seamless Mobile Security for Network Operators. Build a secure foundation for winning new wireless services revenue.

Enterprise Data Management for SAP. Gaining competitive advantage with holistic enterprise data management across the data lifecycle

Implement security solutions that help protect your IT systems and facilitate your On Demand Business initiatives.

CA Records Manager. Benefits. CA Advantage. Overview

Risk mitigation for business resilience White paper. A comprehensive, best-practices approach to business resilience and risk mitigation.

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

IBM Master Data Management strategy

Security management solutions White paper. IBM Tivoli and Consul: Facilitating security audit and compliance for heterogeneous environments.

IBM Information Management

Leveraging Information For Smarter Business Outcomes With IBM Information Management Software

Symantec Enterprise Vault for Lotus Domino

Realizing business flexibility through integrated SOA policy management.

An RCG White Paper The Data Governance Maturity Model

Five best practices for deploying a successful service-oriented architecture

Fortune 500 Medical Devices Company Addresses Unique Device Identification

Combining the power of content and process with the right content management solution. IBM Information Management software

RSA ARCHER OPERATIONAL RISK MANAGEMENT

Breaking Down the Silos: A 21st Century Approach to Information Governance. May 2015

Addressing IT governance, risk and compliance (GRC) to meet regulatory requirements and reduce operational risk in financial services organizations

Implement a unified approach to service quality management.

How To Change A Business Model

Strategies for assessing cloud security

Cisco SAFE: A Security Reference Architecture

IMPROVING RISK VISIBILITY AND SECURITY POSTURE WITH IDENTITY INTELLIGENCE

Payment Card Industry Data Security Standard

IBM Unstructured Data Identification and Management

Leveraging a Maturity Model to Achieve Proactive Compliance

Cross-Domain Service Management vs. Traditional IT Service Management for Service Providers

CA Configuration Management Database (CMDB)

Blending Corporate Governance with. Information Security

Redefining Infrastructure Management for Today s Application Economy

Adopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services.

DYNAMIC INFRASTRUCTURE Helping build a smarter planet

Achieving business agility and cost optimization by reducing IT complexity. The value of adding ESB enrichment to your existing messaging solution

DATA ARCHIVING. The first Step toward Managing the Information Lifecycle. Best practices for SAP ILM to improve performance, compliance and cost

Enterprise content management solutions Better decisions, faster. Storing, finding and managing content in the digital enterprise.

IBM Tivoli Asset Management for IT

The Benefits of an Integrated Approach to Security in the Cloud

IT service management solutions Executive brief. Making ITIL actionable in an IT service management environment.

For healthcare, change is in the air and in the cloud

Sarbanes-Oxley: Beyond. Using compliance requirements to boost business performance. An RIS White Paper Sponsored by:

Preemptive security solutions for healthcare

IBM Global Small and Medium Business. Keep Your IT Infrastructure and Assets Secure

How can Content Aware Identity and Access Management give me the control I need to confidently move my business forward?

IBM Global Business Services Microsoft Dynamics AX solutions from IBM

An Oracle White Paper November Financial Crime and Compliance Management: Convergence of Compliance Risk and Financial Crime

Best Practices for Protecting Your IBM FileNet P8 Information

5 WAYS STRUCTURED ARCHIVING DELIVERS ENTERPRISE ADVANTAGE

Designing a Modern, Holistic ECM Strategy for Healthcare. How ECM consulting helps healthcare providers thrive in an atmosphere of change.

Business Analysis Standardization & Maturity

IBM BPM powered by Smart SOA White paper. Dynamic business processes for government: Enabling perpetual collaboration with IBM BPM.

IBM Tivoli Storage Manager

A 15-Minute Guide to 15-MINUTE GUIDE

CA Message Manager. Benefits. Overview. CA Advantage

IBM CommonStore Archiving Preload Solution

IT Governance and IT Operations Bizdirect, Mainroad, WeDo, Saphety Lisbon, Portugal October

Data Management Maturity Model. Overview

How a Hybrid Cloud Strategy Can Empower Your IT Department

IBM Solution for Pharmaceutical Track & Trace

An Oracle White Paper January Access Certification: Addressing & Building on a Critical Security Control

building a business case for governance, risk and compliance

IBM Software Master data management vision and value: Part 1

IBM Analytics Make sense of your data

White Paper March Government performance management Set goals, drive accountability and improve outcomes

IBM Information Archive for , Files and ediscovery

How do you manage the growing complexity of software development? Is your software development organization as responsive to your business needs as

Service management White paper. Manage access control effectively across the enterprise with IBM solutions.

Six easy steps for smart governance

Top Ten Keys to Gaining Enterprise Configuration Visibility TM WHITEPAPER

Agile Master Data Management TM : Data Governance in Action. A whitepaper by First San Francisco Partners

Transcription:

May 2007 The IBM data governance blueprint: Leveraging best practices and proven technologies

Page 2 Introduction In the past few years, dozens of high-profile incidents involving process failures and data mismanagement have gained international media attention. Caught off guard by these failures, the organizations impacted by them have struggled with eroded brand confidence, lost business, and in some cases, legal liability. Incidents such as these have catapulted corporate governance to the top of the boardroom agenda and made it one of the most important strategic priorities for companies and governments throughout the world. Embedded in nearly every aspect of an organization, IT plays its own increasingly critical role in governance initiatives. Foremost among these challenges is the need to effectively manage and control the mountains of data that reside within different parts of the organization. Data is at once an organization s greatest source of risk and greatest source of value. Poor data management often means poor business decisions and results, and greater exposure to compliance violations and theft. For example, regulations such as Sarbanes-Oxley in the United States, the equivalent European Sarbanes Oxley and the Japanese Financial Instruments and Exchange Law (J-SOX) dictate a balance between information access and appropriate use as mandated by rules, policies and regulations. On the other hand, the ability to leverage clean, trusted data can help organizations provide better service, drive customer loyalty and spend less effort complying with regulatory policies. Effectively leveraging information also brings with it the promise of increased innovation by optimizing people and processes through creative uses of information.

Page Through the ability to enhance the quality, availability and integrity of data, effective data governance holds the key to both mitigating risk and increasing data value. Often, however, companies don t know how or where to get started. Accustomed to having clearly defined resolutions for organizational challenges, data governance presents new, unique challenges. There is a clear need for common solutions and governance models to protect and share data on different levels. That s why IBM has created the IBM data governance blueprint. Based on Business Partner solutions and research concepts, it is a breakthrough initiative designed to build consistency and quality control in governance, helping your company protect and leverage critical data. It brings together proven business technologies, collaborative methods and best practices to support critical governance issues and ensure that these projects are linked with business requirements. This executive brief explains how IBM can help your company improve data governance practices to help: Safeguard corporate information from exposure and theft. Satisfy auditors and regulators by using technology and processes to ensure specific guidelines are followed. Increase innovation by leveraging information. In addition, it outlines the specific resources IBM has developed, including a comprehensive data governance maturity model that can help stakeholders assess where and how to get started, and a comprehensive list of IBM offerings and solutions.

Page From silos to governance As more and more business-critical operations move online, IT is pressured to manage and control the data that resides within a company, especially as it extends into large data supply chains. The data is often spread across a complex web of legacy silos and disparate systems that have mushroomed over time, a situation that leads to poor collaboration, redundant information, excess costs and an inability to leverage and retrieve critical information when and where it s needed. Take for example a banking environment that operates multiple lines of business such as branch offices, mortgage financing and investment banking. Each line of business may manage a customer independently and maintain a fully separate and independent set of customer information. Due to the differences in data entry standards and data controls implemented by applications in each line of business, the customer information may be recorded differently in each application. As a result, multiple downstream applications that use customer data may end up interpreting the three customer records as three different customers, thereby impacting business decisions made using the data. As another example, consider that the vast majority of the different regulatory initiatives require data to be collected, analyzed and reported in different formats and under different timescales. Yet the data needed to comply with one regulation may also be required for other regulations. Collecting the same data over and over wastes significant time and costs, and poses a greater risk for inconsistencies.

Page According to findings by the IBM Data Governance Council, the top governance challenges today are: Inconsistent data governance, which can cause a disconnect between business goals and IT programs. Governance policies are not linked to structured requirements gathering and reporting. Risks are not addressed from a lifecycle perspective with common data repositories, policies, standards and calculation processes. By breaking down the organizational stovepipes that isolate people and prevent them from sharing expertise and data, you can begin to involve everyone in developing your data as an asset. When you make data everyone s responsibility, you take the first step toward data governance. A quality control discipline for assessing, managing, using, improving, monitoring, maintaining and protecting organizational information, effective data governance can help organizations: Produce more accurate and comprehensive information from and across the enterprise consistently over time. Protect corporate information to keep auditors and regulators satisfied. Improve data quality to retain customers and drive new business opportunities. Control silos of self-interest to benefit the common good of the overall company. Directly impact the three factors any organization most cares about: increasing revenue, lowering costs and reducing risks. Metadata and business glossaries are not used to bridge semantic differences in global enterprises. Few technologies exist today to assess data asset values that link security, privacy and compliance. Controls and architecture are deployed before long-term consequences are modeled.

Page Taking the first step: Six key questions The benefits of a commitment to a comprehensive enterprise data governance initiative are many and varied, and so are the challenges to achieving strong data governance. Transforming current business processes into a mature, responsible data governance model requires using effective rules to control access to information in a way that lets organizations protect critical information assets at every step of a business transaction. But if policies controlling access to information are too stringent, they ll stifle innovation; if they re not adequate, they ll jeopardize data security. Finding a balance that supports both security requirements and innovation needs is fundamental to data governance. The IBM Data Governance Council, which was formed in 2004 as a thought leadership vehicle to help build a data governance marketplace, has identified six key questions every company should use to identify data governance issues: 1. Do you have a governor? The first step in any successful data governance program is to get appoint someone accountable who carries the delegated authority of the CEO to make things happen. There is no substitute for strong leadership. Data governance is a political challenge that requires building consensus among many diverse stakeholders. Political leadership within the organization is the first priority. Once established, the governor can create a governing council of organizational stakeholders to establish stewardship policies and report progress to the CEO and board of directors. 2. Have you surveyed your situation? The first thing a governor does after creating a governing council is to survey the territory. An enterprise data governance assessment is a vital tool for this task. The IBM Data Governance Council has created a maturity model and assessment survey that benchmarks data governance practices against 11 categories of essential data governance disciplines. Developed with input from 47 companies, vendors and universities worldwide, the assessment is designed to help organizations plot where a data governance program is today and map steps to determine where it should go tomorrow.

Page 7 The Data Governance Council Founded in November 2004, the IBM Data Governance Council is a leadership forum for chief data, security, risk, compliance and privacy officers concerned with issues related to how an organization can effectively govern data within an enterprise. The Council focuses on the relationship of data to business processes and the value of data to the organization. The Council straddles two major relationship stress lines in the industry: The business view versus the IT view. The interaction between operational risk and process control mechanisms. The Council today consists of nearly 50 leading companies, institutions and technology solution providers dedicated to developing technologies and methods to help the industry better protect critical data. The insight of the Council members provides an industry-led common assessment benchmark and a new approach to measuring data governance. 3. Do you have a data governance strategy? Following an enterprise data governance assessment, the governing council should create a vision of where it wants the company s data governance to be in the next few years. The council should establish milestones, key performance indicators to track progress and yearly reports to the CEO and board to validate results. The data governance maturity model can help identify the goals of the strategy. 4. Have you calculated the value of your data? If you don t know the value of your data you can t enhance, protect or measure a set of data s contribution to the business bottom line. But data isn t a normal commodity. It s like water out of the tap vital to life, yet often taken for granted. Nevertheless, data is the raw material of the information value creation, and its value to an organization can be calculated with the right tools. 5. Do you know the probability of risk? Data is desirable, and not just to the people who should be using it. Knowing how it has been used and abused in the past is essential to being able to tell how it might be compromised and disclosed in the future. Mature solutions can help organizations capture past events, profile losses and forecast future requirements. 6. Are you monitoring the efficacy of your controls? Data governance is about organizational behavior. Organizations change everyday, and their data, its value and its risks are also changing every day. Unfortunately, most organizations only assess themselves once a year. If a business is unable to change its organizational controls to meet new demands on a daily or weekly basis, that business isn t governing change.

Page Breaking it all down: The IBM Data Governance Maturity Model Data governance is not limited to security departments it touches virtually every area in an organization. Accordingly, effective data security requires broad organizational buy-in, and awareness and support from areas that have never participated in data security before. The IBM Data Governance Maturity Model is an important step forward because it helps to educate other stakeholders on how they can help make the strategy more effective. Developed based on input from Data Governance Council members, the Maturity Model is designed to define the scope of who needs to be involved in governing and measure the way businesses govern data e.g., sensitive customer information or financial details across an organization. It measures data governance competencies of organizations based on 11 disciplines of data governance maturity, such as organizational awareness and risk lifecycle management and provides recommendations based on a unique stage of data governance to match the needs of the businesses. Through this assessment, companies can evaluate the gaps between current company-wide practices and the enterprise s desired position to identify opportunities and specific activities for improving the way data is governed, valued and protected.

Page 11 Disciplines of Data Governance Maturity 1 Organizational Awareness Describes the level of mutual responsibility between Business and IT, and recognition of the fiduciary responsibility to govern data at different levels of management. 2 3 4 5 6 7 8 Stewardship Stewardship is a quality control discipline designed to ensure custodial care of data for both asset enhancement, risk mitigation, and organizational control. Policy Policy is the written articulation of desired organizational behavior. Value Creation The process by which data assets are qualified and quantified to enable the business to maximize the value created by data assets. Data Risk Management The methodology by which data risks are identified, qualified, quantified, avoided, accepted, mitigated, or transferred out. Security / Privacy / Compliance Describes the policies, practices and controls used by an organization to mitigate risk and protect data assets. Data Architecture The architectural design of structured and unstructured data systems and applications that enable data availability and distribution to appropriate users. Data Quality Methods to measure, improve, and certify the quality and integrity of production, test, and archival data. 9 10 11 Business Glossary / Metadata The methods and tools used to create common semantic definitions for business and IT terms, data models, types, and repositories. Metadata that bridge human and computer understanding. Information Lifecycle Management A systemic policy-based approach to information collection, use, retention, and deletion. Audit & Reporting The organizational processes for monitoring and measuring the Data value, risks, and efficacy of Governance.

Page 10 Driving value through end-to-end data governance solutions Defining an effective data governance strategy can help position you for growth and maximize your agility to respond to new challenges. IBM offers end-to-end data governance solutions that span a range of IT processes that support successful data governance objectives. These solutions seamlessly integrate with each other and other IT processes to help you achieve an end-to-end view of your data governance measures. Using a highly modular approach, you can implement the process areas that help generate the greatest value today, and then build out more as your needs change. Core Data Governance Products/Services IBM Information Server, Data Governance Maturity Model Assessment IT Security Tivoli Access Manager, Tivoli Federated Identity Manager, Tivoli Identity Manager, Tivoli Security Compliance Manager, Tivoli Storage Manager, Consul Insight Suite and Consul zsecure Suite; Security & Privacy Services- Governance Service MultiForm MDM SWG: Global Name Recognition, Identity & Relationship Resolution, Anonymous Resolution, WebSphere Customer Center; GBS: Threat & Fraud Intelligence & Asset Recovery Solution, Risk Management Solution ECM Records Compliance SWG: IBM Records Manager, FileNet Records Manager, Federated Records Management, FileNet Records Crawler, CommonStore for Lotus Domino / Exchange Server, email Search for CommonStore, FileNet Email Manager, WebSphere MQ Extended Security Edition

Page 11 Summary Numerous forces have combined to push data governance to the forefront of corporate consciousness. As IT becomes increasingly critical to business operations and data continues to explode, process failures and data mismanagement pose ever greater risks to organizations. At the same time, there is a growing recognition that having clean, trusted data can allow companies to leverage information more effectively to better understand consumer needs, create innovative products and services, and ease the burden of compliance regulations. As a result, there is a growing industry-wide need for services to help companies become more proactive in a bid to gain insight into where important information resides within the organization and appropriately governing its use. That s why IBM offers a data governance blueprint. Through proven business technologies, collaborative methods and best practices, IBM can help organizations of all sizes, across all industries, govern their critical data by assessing value, measuring risk, and mitigating security and operational exposures associated with data access. For more information To learn how IBM can help you get started on the path to data governance, visit http://www-306.ibm.com/software/data/information/trust-governance.html or call a representative at 1 877-426-3774.

Copyright IBM Corporation 2007 IBM Corporation Silicon Valley Laboratory 555 Bailey Avenue San Jose, CA 95141 Produced in the United States of America 05-07 All Rights Reserved Domino, IBM, the IBM logo, Lotus, Tivoli and WebSphere are trademarks of International Business Machines Corporation in the United States, other countries, or both. Other company, product or service names may be trademarks or service marks of others. LIW11871-USEN-00

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information