Data Governance. Unlocking Value and Controlling Risk. Data Governance. www.mindyourprivacy.com



Similar documents
The following is intended to outline our general product direction. It is intended for informational purposes only, and may not be incorporated into

The DGI Data Governance Framework

Gwen Thomas, The Data Governance Institute. Abstract

Expanding Data Governance Into EIM Governance The Data Governance Institute page 1

Presented By: Leah R. Smith, PMP. Ju ly, 2 011

Vermont Enterprise Architecture Framework (VEAF) Master Data Management (MDM) Abridged Strategy Level 0

OPTIMUS SBR. Optimizing Results with Business Intelligence Governance CHOICE TOOLS. PRECISION AIM. BOLD ATTITUDE.

Analytics Strategy Information Architecture Data Management Analytics Value and Governance Realization

Data Governance With a Focus on Information Quality

IRMAC SAS INFORMATION MANAGEMENT, TRANSFORMING AN ANALYTICS CULTURE. Copyright 2012, SAS Institute Inc. All rights reserved.

Explore the Possibilities

Enterprise Data Governance

Creating a Business Intelligence Competency Center to Accelerate Healthcare Performance Improvement

Agile Master Data Management A Better Approach than Trial and Error

Making Data Work. Florida Department of Transportation October 24, 2014

Assessing and implementing a Data Governance program in an organization

Data Governance: A Tale Of Two Approaches

Whitepaper Data Governance Roadmap for IT Executives Valeh Nazemoff

US Department of Education Federal Student Aid Integration Leadership Support Contractor January 25, 2007

ANALYTICS & CHANGE KEYS TO BUILDING BUY-IN

Existing Technologies and Data Governance

Big Data for Higher Education and Research Growth

Welcome to the Data Analytics Toolkit PowerPoint presentation on data governance. The complexity of healthcare delivery, the exploding demand for

Solutions Master Data Governance Model and Mechanism

EIM Strategy & Data Governance

Top 10 Trends In Business Intelligence for 2007

04 Executive Summary. 08 What is a BI Strategy. 10 BI Strategy Overview. 24 Getting Started. 28 How SAP Can Help. 33 More Information

Better Data is Everyone s Job! Using Data Governance to Accelerate the Data Driven Organization

TDWI strives to provide course books that are content-rich and that serve as useful reference documents after a class has ended.

Using SAP Master Data Technologies to Enable Key Business Capabilities in Johnson & Johnson Consumer

Implementing Oracle BI Applications during an ERP Upgrade

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into

Getting Started with Data Governance. Philip Russom TDWI Research Director, Data Management June 14, 2012

Implementing Oracle BI Applications during an ERP Upgrade

BIG DATA WITHIN THE LARGE ENTERPRISE 9/19/2013. Navigating Implementation and Governance

Solutions. Master Data Governance Model and the Mechanism

Operationalizing Data Governance through Data Policy Management

Process-Based Business Transformation. Todd Lohr, Practice Director

Trends In Data Quality And Business Process Alignment

ANALYTICS & CHANGE. Keys to Building Buy-In

Data Governance Best Practice

Challenges and Opportunities in Enterprise Data for P&C Insurers. A Novarica Research Partners Program Report Underwritten by Informatica

Agile Master Data Management TM : Data Governance in Action. A whitepaper by First San Francisco Partners

CAPABILITY MATURITY MODEL & ASSESSMENT

Blending Corporate Governance with. Information Security

Critical Success Factors for Enterprise Architecture Engineering

Information Governance Workshop. David Zanotta, Ph.D. Vice President, Global Data Management & Governance - PMO

From Information Management to Information Governance: The New Paradigm

Data Governance 8 Steps to Success

How To Improve Your Business

DISCIPLINE DATA GOVERNANCE GOVERN PLAN IMPLEMENT

Information Management & Data Governance

Breaking Down the Silos: A 21st Century Approach to Information Governance. May 2015

Knowledge Management and Enterprise Information Management Are Both Disciplines for Exploiting Information Assets

Implementation of Big Data and Analytics Projects with Big Data Discovery and BICS March 2015

Business intelligence (BI) How to build successful BI strategy

How To Manage Data

Real World Strategies for Migrating and Decommissioning Legacy Applications

APPENDIX I. Best Practices: Ten design Principles for Performance Management 1 1) Reflect your company's performance values.

WHITE PAPER: ANALYSIS OF SUCCESSFUL SUPPLY CHAIN ORGANIZATION MODELS

!!!!! White Paper. Understanding The Role of Data Governance To Support A Self-Service Environment. Sponsored by

An RCG White Paper The Data Governance Maturity Model

Page 1. Executive Briefing, January 2013 Sheila Upton. Information Management and Big Data a Framework for Success

IMPROVING RISK VISIBILITY AND SECURITY POSTURE WITH IDENTITY INTELLIGENCE

The ROI of Data Governance: Seven Ways Your Data Governance Program Can Help You Save Money

In control: how project portfolio management can improve strategy deployment. Case study

ISSA Guidelines on Master Data Management in Social Security

Three Fundamental Techniques To Maximize the Value of Your Enterprise Data

Data Governance Primer. A PPDM Workshop. March 2015

Data Governance Overview

Implementing a Data Governance Initiative

Practical Fundamentals for Master Data Management

Cyber Security and the Board of Directors

Certified Information Security Manager (CISM)

Big Data Governance. ISACA Chapter Annual Conference Sarova Whitesands Hotel, Mombasa 29th - 31st July, Prof. Ddembe Williams KCA University

Information Governance

Enterprise Information Management

Best Practices for Planning and Budgeting. A white paper prepared by PROPHIX Software October 2006

WHY DO I NEED A PROGRAM MANAGEMENT OFFICE (AND HOW DO I GET ONE)?

Data Governance Best Practices

Table of contents. Best practices in open source governance. Managing the selection and proliferation of open source software across your enterprise

Analance Data Integration Technical Whitepaper

Best practices for planning and budgeting. A white paper prepared by Prophix

Open Group SOA Governance. San Diego 2009

EMA CMDB Assessment Service

EMC PERSPECTIVE. Information Management Shared Services Framework

C A S E S T UDY The Path Toward Pervasive Business Intelligence at an Asian Telecommunication Services Provider

EMA Service Catalog Assessment Service

SAP Thought Leadership Business Intelligence IMPLEMENTING BUSINESS INTELLIGENCE STANDARDS SAVE MONEY AND IMPROVE BUSINESS INSIGHT

Employing ITSM in Value Added Service Provisioning

Is Your Data Cloud Ready?

The Importance of Data Governance in Healthcare

Driving Your Business Forward with Application Life-cycle Management (ALM)

Business Intelligence

DATA GOVERNANCE AT UPMC. A Summary of UPMC s Data Governance Program Foundation, Roles, and Services

Adopting the DMBOK. Mike Beauchamp Member of the TELUS team Enterprise Data World 16 March 2010

Enterprise Data Management for SAP. Gaining competitive advantage with holistic enterprise data management across the data lifecycle

Information Governance for Healthcare Executives. Lesley Kadlec, MA, RHIA Lydia Mays Washington, MS, RHIA, CPHIMS

US Department of Education Federal Student Aid Integration Leadership Support Contractor June 1, 2007

Transcription:

Data Governance Unlocking Value and Controlling Risk 1

White Paper Data Governance Table of contents Introduction... 3 Data Governance Program Goals in light of Privacy... 4 Data Governance Program Pillars... 5 Data Governance focus areas... 5 Policies, Standards and Strategy... 5 Data Quality... 5 Privacy and Compliance... 5 Security... 6 Architecture and Integration... 6 Data Warehouse and Business Intelligence... 6 Management Support... 7 Getting Started... 8 Best practices... 8 Global vs. local approach... 8 Obtain executive sponsorship... 8 Stages in Data Governance Programs... 9 Current state discovery, full approach through small steps... 9 Data Governance Education Plan... 9 Performance Targets... 10 Defining YOUR Data Governance Program... 10 Guiding Principles for Implementation... 10 Establishing, collecting and reporting on metrics to measure progress... 11 Establishing measurable benefits by building a business case... 11 Link and build incentives to reward and re-enforce appropriation... 11 2

Introduction In our present data driven corporate world, information assets obtained from collected data are essential to support the corporate strategy, enabling decisionmaking of overall activities. Personal and non-personal data is the raw material for the creation of information assets. Data has today become one of the most valued assets: it allows companies to perform their activities efficiently and remain competitive. The surging value of data implies companies need to protect such assets. As they realize the benefits and the challenges they face when unifying - mashing-up - data, Data Governance issues and questions arise. What is Data Governance? A Data Governance Program is a strategy to ensure compliance, security and data quality of your information assets. The program s evolution is monitored through organized and planned performance metrics to ensure data assets are consistent through rules and standards driven from policies executed by people A strategic plan is required to reap the benefits promised by Data Governance, assuring the right decisions are taken, depending upon the type of data used, the activities performed by the company and the different issues surrounding data treatment. Data Governance should not be confused with Information Security. Information Security is the application of several security measures in order to avoid potential data breaches and assure data integrity. Data Governance does not limit itself to providing security to information assets. Its aim is to reap the benefits from the data obtained by the company in order to support its growth strategy. Effectively, it puts data to work. Data Governance is an all-encapsulating strategy followed by a company to encourage desirable behavior in the valuation, creation, storage, use and deletion of data and information assets. It includes decision rights and an accountability framework. It defines the processes, the roles, the standards and the metrics to ensure an effective use of data and information assets, enabling companies to achieve their purpose. 3

Data Governance Program Goals in light of Privacy One of Data Governance s goals is to create Information Security Systems that properly protect data and information assets. Addressing Data Governance in light of increasing Privacy issues revolves around the correct definition, approval and communication of data strategies; their related policies and standards as well as the supporting architecture, procedures, and metrics. Where: Data Policies are the collection of statements describing the rules controlling data integrity, security, quality, and use of data during its lifecycle and state changes; Data Standards are the detailed rules developing procedures of data policies; Data Architecture is composed of models, policies, rules or standards that govern which data is collected, and how it is stored, arranged, integrated, and put to use in data systems and within companies. Additionally, tracking and enforcing compliance for those data policies, standards, architecture and procedures need to be in place. The human resources aspect of true data governance covers understanding and promoting the value of data assets. True commitment is reflected by assuring adequate internal sponsoring, tracking and overseeing the delivery of data management projects and services while managing and solving for data related issues. Obviously, not all Data Governance Programs are created equal. Every company is specific both in terms of needs as obligations. To create an efficient Data Governance Program, a strategy based on the needs of data uses is required. From a Privacy perspective, this means confronting such needs with the risks company s information assets represent today and tomorrow. All undertaken efforts should aim at solving one of the following executive drivers: Increase revenue and the value of the company; Manage costs and complexity; Ensure business continuity attending to the detected risks and vulnerabilities through compliance, security, privacy, etc 4

Data Governance Program Pillars Depending upon the focus, the rules and concerns that participants within the Data Governance Program need to address shall differ. It will impact the mix of involved stakeholders, their actions and the efforts required. Data Governance focus areas Policies, Standards and Strategy The group leading this effort within an organization requires the support of a crossfunctional leadership body in order to assure success and silos are adequately broken down. A charter for this focus should ideally hold Data Governance and Stewardship participants accountable for: Reviewing, approving and monitoring policy; Collecting, selecting, reviewing, approving and monitoring standards; Aligning policy and standard sets; Contributing to the business rules; Contributing to the data strategies; Identifying stakeholders and establishing decision rights. Data Quality This effort addresses issues revolving around data quality, data integrity and the usability of data. Typically companies performing mergers and acquisitions (M&A) or data acquisition exercises implement these types of programs. They often involve data quality software where quality efforts are initially applied through master data management (MDM) programs to begin with, focusing either on a specific project, department to then be rolled out at a company-wide level. The typical charter for this focus holds data governance and stewardship participants accountable for: Setting the direction for Data Quality; Monitoring Data Quality; Reporting on the status for Data Quality focused processes; Identifying stakeholders, clarifying accountabilities and establishing decision rights. Privacy and Compliance Increasing concerns revolving around Data Privacy and compliance with legislation, (international) agreements and internal requirements are pushing Privacy and Compliance programs to the forefront. While often initially sponsored by business and IT departments, it should however be considered as an outgrowth of a Governance, Risk and Compliance (GRC) Program. 5

Such programs often start with a company-wide scope although efforts are usually limited to specific types of data. They include technologies to locate sensitive data within a companies network in order to then protect the data and manage the surroundings policies and control mechanisms. Typically, Data Governance and Stewardship participants are held accountable for: Protecting sensitive data through the support of Access Management and adequate security requirements; Aligning frameworks and initiatives; Supporting risk assessments and defining controls for risk management; Supporting regulatory, contractual, architectural compliance requirements and their adequate enforcements; Identifying stakeholders, clarifying accountabilities and establishing decision rights. Security Concerns are rising related to access permissions (typically login/password), Information Security Measures and Access Management, the internal set-up supporting access credentials. Implementation of a Security Program, undergone on a company-wide scope, includes technologies to support location of sensitive data, access management for sensitive data, data back-ups and deletion and risk assessments of possible threats. Architecture and Integration An Architecture and Integration program is typically taken into consideration and brought to life during major system adaptations, typically new acquisitions; when big new development efforts arise or updates require new levels of cross-functional decisions making and accountabilities. Typically, Data Governance and Stewardship participants are held accountable for: Ensuring consistent data definitions; Supporting architectural policies and standards; Supporting Metadata programs, Service Oriented Architecture (SOA), Master Data Management (MDM), and Enterprise Data Management; Bringing cross-functional attention to integration challenges; Identifying stakeholders, establishing decision rights and clarifying accountabilities. Data Warehouse and Business Intelligence This program is typically set-up in conjunction with any new kind of new storage facility implementation such as increasingly cloud or SaaS today. It can also be called a data warehouse, a data mart or a new business intelligence tool. 6

Such efforts often require strong data-related decisions where organizations implement data governance to ensure that standards, access and rules are correctly enforced once the new system starts to operate. The initial scope is often one where roles and responsibilities as well as rules are defined for the new system. This program can however serve as a prototype for a company wide data Governance/Stewardship program. A charter for this focus typically holds Data Governance and Stewardship participants accountable for: Establishing rules for data definitions and their subsequent uses. Typically, what is a customer and how is this defined? Identifying the lifecycle of sensitive data and the related Data Governance rules to be applied; Clarifying the value of data assets and their data-related projects; Identifying stakeholders, clarifying accountabilities and establishing decision rights. Management Support Managers who find it difficult to deal with data related management decisions, due to their potential effects on operational performance and compliance efforts, implement this type of program. It helps managers make decisions with more confidence. Such programs may consist of councils who analyze interdependencies, take decisions and issue policies. However, sometimes the Data Governance Program focuses on multiple issues, such as supporting management and addressing compliance. A statute for this focus holds Data Governance and Stewardship participants accountable for: Measuring the data value and data related efforts; Aligning frameworks and initiatives; Identifying the lifecycle of sensitive data and the related Data Governance rules to be applied; Monitoring and reporting on data related projects; Promoting data related messages and taken stances; Identifying stakeholders, clarifying accountabilities and establishing decision rights. 7

Getting Started Best practices Assigning respective roles and responsible personnel before developing policy is the common best practice for Data Governance and Data stewardship as it defines organizational bodies before developing the actual policies and related procedures. However, let s be honest, it s more productive if you start by establishing the focus and related value propositions. Defining how each effort contributes to stakeholder needs of increased revenue and value, defining their needs for efficient management of costs within an increasingly complex environment, and insuring continuity through attention to risk and compliance. It is therefore essential to understand the value statement and develop a plan to communicate that value proposition in the clearest possible way. As soon as the description of your company s data related issues is pinned down; as soon as the way to address them is defined and as soon as you define how success can be measured for this initiative, your company will be on its way to reap the benefits of a value-based Data Governance program. Global vs. local approach Each company is different therefore it is not always possible to act globally right from the start. The creation of a local Data Governance Program is sometimes also a good way to start, in pilot mode. Dissecting even further, as a lot of companies still work in unrelated silos or business units, it is also possible to create a Data Governance Program based on a single specific pillar for a company department, before widening the scope to include lessons learnt. Obtain executive sponsorship Data Governance demands inevitable behavioral and cultural changes. It requires revisiting investments in projects and technological tools. It forces your company to analyze major stakeholders. A closer look needs to be taken in order to assure alignment and agreement on key decisions with the responsible of the scope of the Data Governance project, representing the included lines of business and their functional areas. With everyone on the same page, your project has more chances to succeed. 8

Stages in Data Governance Programs Not all Data Governance efforts result in the expected outcomes. Insurmountable obstacles sometimes challenge the value and success of the program. Those obstacles can be cultural, political, and organizational challenges and result in the some needed changes required to move forward might not take place. Points to consider to avoid typical pitfalls: Current state discovery, full approach through small steps Data governance is an iterative process. Start with the people, politics and culture, and then move on to the Data Governance and stewardship processes as well as the underlying technology used. Take the steps to gradually move up the maturity scale. However, start with a limited and attainable focus in mind. Balance out strategic aims and tactical engagements to ensure that the program is moving towards the desired direction. Our approach to instituting a comprehensive Data Governance Program, fitting the company needs, starts with the understanding of where the company is in our COBITbased maturity model. Data Governance Education Plan The most important responsibility of data stewards, members of the Data Governance Council, is to ensure effective control and usage of data assets. Identify and build a data steward team that includes subject matter experts from all business areas of the company. The definition of this role must be included into the job descriptions. Additionally and most importantly, assure that the proper time allocation is attributed to the stewardship work. 9

Performance Targets After performing a study of the current status of the company s business objectives, its needs and the impact of its business processes, Mind Your Privacy is able to draw a picture of your companies current situation. The COBIT model is used as an initial framework, unless otherwise specified by the client. Using this framework, your company will have a clear picture of the current situation regarding the seven pillars mentioned earlier: 1. Policies, Standards and Strategy 2. Data Quality 3. Privacy and Compliance 4. Security 5. Architecture and Data Integrations 6. Storage: DW, BI and cloud 7. Management support and where Data Governance would have the highest impact on your companies use of data maturity, in line with those 7 pillars. Defining YOUR Data Governance Program Each company is a different story, not every company has the available internal resources or needs in our increasingly data driven era. A Data Governance Program has to be tailored to your company needs in order to obtain the best possible results, in line with attainable time construed objectives. Mind Your Privacy s Data Governance service is flexible and can be adjusted to your needs, depending upon your geographical location, sector and internal set-up. Guiding Principles for Implementation The Initial step is getting to know your company s current state with respect to: Business objectives, Functional needs, Impact on business processes, Potential improvements to identified processes, Cost and complexity of current business and technical drivers These findings are drafted to define a preliminary Data Governance Program. It contains preliminary recommendations, guiding principles and suggests metrics to gauge performance in line with defined targets. This initial Mind Your Privacy delivery will be open to adaptation, through an iterative process, following feedback. The third step is a technical assessment, in other to deliver a gap analysis, as the objective is to assure an adequate data architecture for your company. Mind Your Privacy s gap analysis is based upon organizational, functional, process and technology related initiatives as well as architectural imperatives. 10

Prioritization is the next logical step where risks are assessed through a cost benefit analysis for each suggested initiative. Once this is iteratively evaluated, a roadmap emerges, clearly defining company projects and related initiatives as well as underlying processes, focused on required business objectives. Establishing, collecting and reporting on metrics to measure progress Tailored measures and metrics are established at the start of the project. The focus is on clearly defined quantitative metrics that support the project objectives. Metrics need to combine business values and sample metrics including data values, data management costs and data management processes maturity. A Data Governance KPI dashboard is the ideal solution to monitor and automate the progress. Finally, measures of immediate returns for defined quick wins allows for positive feedback and broader project endorsement and appropriation. Establishing measurable benefits by building a business case An effective Data Governance program produces benefits in the long run. Yet as some of the effects might not be visible immediately, Mind Your Privacy suggests focusing on the relationship of key data elements and the business processes they support. Costs for managing these data elements are then calculated in order to quantify the risks of such data elements becoming unavailable or incorrect. Identifying the opportunities for data quality improvements fosters revenue through better customer service and insights is often an ideal initial business case. Link and build incentives to reward and re-enforce appropriation Parting thoughts: adequate participation on an on-going basis is essential to success. Without input and buy-in, your Data Governance effort is nothing more than another stack of written procedures gathering dust. Building an incentive-based reward system, linking performance to participation will re-enforce commitment, obtaining sustained appropriation from involved parties. 11

12

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information