A data governance policy is a set of documented guidelines designed to ensure that an organization's data and information are managed consistently and used correctly. The policy usually includes individual guidelines on data quality, access, security, confidentiality, and use, as well as roles and responsibilities for implementing these guidelines and monitoring compliance.
The data governance policy should define principles, practices and standards to ensure that data is of high quality and is appropriately protected. It is defined by a data governance committee, which is made up of senior managers and data owners. A data governance policy is usually part of a broader governance, risk and compliance (GRC) intiative.
In this article, you will learn:
Recognizing the necessity of data governance, organizations should form a data governance committee or governance group to create a company data plan, which details how to collect, store, use, and protect data.
Governance committees should include compliance professionals, lawyers, IT and security professionals, line of business (LOB) leaders, and the company's chief data officer (CDO), or if this function does not exist, the senior executive in charge of data, such as a CIO.
The committee should determine:
After completing these assessments, the committee should use the results to develop practical organizational guidelines, and oversee their implementation.
When determining compliance requirements for your organization, see these guides about major compliance standards:
For data governance to work effectively, several policies are essential. Below are several foundational policies that every organization should use.
Data governance involves making strategic, effective decisions about a company's data and information assets. It defines laws, policies and restrictions that affect all members of the business community—including employees, subcontractors, and external partners—directing them how to use and manage data correctly.
A structure policy defines how data governance will be practiced at the organization. The organization should adopt formal guidelines to manage company data and information resources and require employees to follow them. It also defines who should manage data governance at the organization—primarily a data governance leader position, and the enterprise data management (EDM) team, assisted by senior managers, administrators, data stewards who help to organize and maintain datasetdss, and end-users of the data.
A data access strategy ensures employees can access the organization's data and information. The measures taken to protect data should not interfere too much with day-to-day processes that rely on that data. This strategy applies to data usage across the company and all business units, regardless of the location or format of the data.
Another aspect of this policy is to protect data assets through security measures, to ensure data is only accessed by authorized individuals, and is used correctly. Each data point is classified by a data steward, and data users should be given the appropriate level of access according to their role.
A data usage policy ensures that data will be used in an ethical manner, and in accordance with all applicable laws and standards. Data usage depends on the security level assigned by each data steward.
Employees should only access and use data for business purposes, and they cannot use it for personal or other inappropriate purposes. They must also access and use the data according to their assigned security level. Data usage activity is divided into several categories: reading data, creating data, updating it, and distributing it.
The data integrity policy ensures the consistency of organizational data. It integrates key data elements into organizational units and computing systems, enabling employees and contractors to rely on data for information and decision support.
Data integrity also relates to the validity, reliability and accuracy of data. It is based on a clear understanding of the business process on which the data is based and consistent identification of individual data points, to ensure their validity.
The ability to integrate or absorb data between information systems depends on the integrity of the data and the design of the data model, its structure, and the data domain.
Here is a brief template you can use to start building a data governance policy at your organization. Each of the points below should be developed into an entire section or chapter in the full data governance policy.
NetApp Cloud Data Sense automatically discovers, maps, and classifies your data wherever it may be. Data availability, ownership and quality are crucial for business efficiency and cost optimization. With Cloud Data Sense, you can automatically label and act on information stored in files and database entries on premise and in the cloud. Make smart data decisions and automate your data optimization and compliance plans.