“Would you tell me please, which way I ought to go from here?” asked Alice.
“That depends a good deal on where you want to get to,” said the Cat.
Truer words were never spoken, especially in the context of embarking on a new organization-wide project. And because it affects all parts of the organization, launching a data governance program requires more stakeholder and executive buy-in than any other internal project. This is why having a data governance roadmap is crucial–roadmaps help the organization as a body keep its eyes on the goal, track pace and progress using milestones and communicate outcomes effectively to the larger team.
Six phases of data governance
1. Getting started
A number of factors impact how the data governance plan will be rolled out in the organization: the size of the company, the nature of the industry, the IT structure or the maturity of current data management practices. The first step is to understand and agree upon the primary goal of the program based on the business’ needs: availability, quality, compliance or security. These goals will directly influence the path your program will take to completion.
Suppose that your primary goal is to make data available to different teams/functions to enable decision making. In this case, data owners will play a big role in the program, granting permissions and controlling data access. Regular backups must be conducted to mitigate the risk of data loss and regular audits to ensure compliance and security. Now suppose the primary goal of the governance program is data security, your approach will be slightly different. The thrust will be on establishing decision rights, assessing risk and developing security frameworks, procuring and implementing tools to safeguard data and implementing tokenization, data masking and data vault solutions.
2. Need analysis and requirements gathering
Your data governance program will be driven largely by the requirements of various teams within the organization. A good way to gather these data pain points is through extensive stakeholder interviews. The information collected could be qualitative or anecdotal, but running root cause and impact analyses will help you understand their significance.
However, interviews aren’t the only way to collect requirements. Conducting an inventory of these factors will also help you understand what the organization needs from a data governance perspective:
- Compliance regulations. For e.g. industry: HIPAA, SEC, BASEL, SOX, etc.; regional: data/records retention laws, tax laws, privacy laws, data sovereignty laws, etc.
- Policies and standards that exist in the organization.
- Processes that currently exist for data governance.
- Any existing charters, such as an IT steering committee charter.
- IT’s strategic plans for the short and long term
- Enterprise architecture frameworks.
- Organizational technology standards.
Do note that sometimes, constraints can also be requirements. For instance, a lack of skills within the organization to analyze data quality or apply compliance knowledge indicates a training need.
3. Doing a gap analysis
A gap analysis helps you understand the distance between your current and future states of data governance. Sit down with all the relevant stakeholders and do a line item review of a documented list of current and future states of every aspect of the organization that handles or uses data. Identifying the largest activity gaps helps you decide where efforts should be focused.
Consider the implications of every gap identified and determine the actions to be taken. Remember, not all gaps need to be closed. For example, if you have a gap in the data security section, but your data is relatively insensitive to security issues, don’t spend time working on this.
For gaps that need to be bridged, brainstorm what effort and activities will be needed to build the necessary capabilities and reach the target level. Asking questions like ‘What activities must occur to enable this capability?’ and ‘What changes/additions must be made to resources, process, technology, business involvement, and communication?’ will help you arrive at answers.
4. The need for Effort/Transition Mapping
Hardly any organization will have unlimited resources or bandwidth to dedicate to data governance initiatives. Thus, prioritizing initiatives based on feasibility and benefits becomes imperative. Such prioritization–and sequencing of subsequent initiatives–depends not just on the assessed benefits of each project but also the effort/transition constraints involved. This is where plotting an Effort vs Benefit map will help.
5. Before moving to implementation
Estimate the total cost of the program initiatives and the funding required. Cost heads would include allocating additional roles to existing employees (data owners and data stewards), hiring additional employees (chief data officer, subject matter experts, etc), training stakeholders on new data governance processes (on-the-job, online, external, etc) and communicating the new governance structures and processes to the organization (roadshows, meetings, emails, newsletters, etc.)
Attaining buy-in, but not commitment, remains one of the key reasons data governance initiatives don’t succeed. Those involved in a data governance initiative must actively participate and believe in the program and its end results. If this doesn’t happen, executive and stakeholder buy-in provides no support beyond budget approval and data governance simply becomes a low priority task added to increasingly busy schedules. So set the right expectations with your executive sponsors to ensure the success of your program.