Article

Data governance framework: Guide and examples

Data Access Governance
Time to read: 11 minutes

What is a data governance framework?

A data governance framework is the documentation of rules, processes, and roles in place to govern how an organization’s data is collected, stored, managed, and used. The policies and procedures set forth in a data governance framework ensure that availability, quality, privacy, and compliance standards are met.

Benefits a data governance framework provides are that it:

  1. Allows organizations to be more agile
  2. Assures data security and privacy
  3. Delivers operational efficiencies
  4. Democratizes data
  5. Directs the implementation of best practices for data assets and data management
  6. Enforces data quality, accuracy, completeness, and consistency
  7. Ensures a consistent view of data
  8. Establishes transparent processes and policies for data strategy and management
  9. Facilitates data analysis to enable informed decision making
  10. Improves scalability
  11. Instills confidence in data
  12. Keeps data easily accessible
  13. Maintains consistent and high-quality data across the enterprise
  14. Makes data assets discoverable, usable, and easier to connect with business outcomes
  15. Minimizes risk
  16. Provides flexibility to meet the unique needs of users and systems
  17. Reduces costs associated with fragmented or siloed data
  18. Streamlines workflows
  19. Supports adherence to regulatory compliance requirements

The following are key elements to consider when developing or evaluating a data governance framework. Each of these plays an important part in a comprehensive, effective framework that ensures compliance with laws and regulations and that data is stored and managed in a way that best suits the needs of the organization as a whole and of individual users.

Data architecture and technology infrastructure

Data architecture and technology infrastructure are at the foundation of data governance frameworks. The data architecture element defines the design and structure of data, including how it is classified and inventoried, to ensure they meet the requirements. The technology infrastructure includes the hardware and software systems used to collect, store, and manage data, such as databases, data lakes, data warehouses, and enterprise resource planning (ERP) systems. It also includes the network connections that are needed to support the exchange of data.

Data discovery

A data governance framework includes details about how data discovery should be handled to create a unified view of all information. Data discovery includes data as well as other elements, such as:

  1. Collaboration
  2. Data certification
  3. Data classification
  4. Data engineering
  5. Data lineage
  6. Data profiling
  7. Data relationships
  8. Metadata

Data integration

Data governance frameworks help ensure the efficacy of data integration, the combination of data from different sources, to provide unified views and ensure compatibility for optimal usability.

The data integration component of data governance frameworks ensures that data from across the enterprise as well as third-party sources can be easily merged, used to power applications, and analyzed and used to inform decision-making.

Data lifecycle management

Data lifecycle management is the aspect of a data governance framework that directs the oversight of data from creation and collection through use and end of life. It includes setting policies and procedures for:

  1. Data archiving
  2. Data disposal
  3. Data retention
  4. What is acceptable media for archiving?
  5. What security is required for the archived data?
  6. How long should it be archived?
  7. When should data be destroyed?
  8. What are approved methods for data destruction?
  9. What proof is required for data destruction?
  10. How long should data be kept?
  11. What happens at its end of life (e.g., destroyed or permanently archived)?

Data literacy

Data literacy is sometimes included in data governance frameworks. It refers to the skills required to understand the data that an organization creates, collects, stores, and processes. It also includes understanding how elements of the data governance framework should be applied to the data.

Data management

Data management is the section of the data governance framework that specifies the processes and rules that define how an organization’s data assets are created, stored, and accessed. It sets forth rules about how data can be used and shared internally and externally. It also includes details about what metadata (e.g., data source, creation date, last update, and owner) is required and how it is formatted to ensure that data can be easily found.

Data quality

The data quality component of a data governance framework focuses on establishing and maintaining the accuracy, completeness, consistency, and reliability of data. This includes identifying and putting into place the processes, tools, and automation needed to minimize error, identify inaccuracies, and direct corrections throughout the data lifecycle. Elements of the data quality component of a data governance framework include:

  1. Data collection
  2. Data entry
  3. Data cleaning
  4. Data profiling
  5. Data validation
  6. Data monitoring
  7. Data auditing

Data security and privacy

Data security and privacy are a part of the data governance framework that influences most other parts. This includes all measures taken to protect data from unauthorized access, ensure the privacy of all sensitive and personal data, and maintain compliance with the many laws and regulations related to data privacy and security.

In this part of a data governance framework, specific data privacy and security processes and procedures and guidelines for their implementation are detailed, such as access controls, data anonymization techniques, data encryption, and data loss prevention systems.

Data stewardship

Data stewardship supports data governance efforts by working with groups, departments, and external users to ensure that the policies and procedures detailed in the data governance framework are implemented correctly. Data stewards also help with:

  1. Addressing data issues (e.g., access, quality, and security)
  2. Defining data elements
  3. Ensuring compliance
  4. Establishing and maintaining data quality standards

Regulatory compliance

Data governance frameworks help organizations with processes for identifying and staying on top of changes to compliance requirements related to data. It also includes guidance on specific data management practices necessary to ensure compliance.

The purpose of a data governance framework

The purpose of a data governance framework is to provide an agreed-upon set of guidelines for managing an organization’s data assets. Having a data governance framework in place delivers a wide range of benefits that demonstrate its purpose, such as the following.

Data management

Data governance frameworks define key elements required for effective data management, such as:

  1. Accountability
  2. Data risk and privacy metrics
  3. Data-related vocabulary and semantics
  4. Key data elements (KDEs)
  5. Naming conventions
  6. Ownership
  7. Standards and norms

Procedures, processes, and rules

Data governance frameworks define key procedures, processes, and rules for a data governance program and support data governance for the organization by directing actions that:

  1. Address data issues
  2. Build data catalogs
  3. Define rules for making changes to data
  4. Drive data literacy
  5. Eliminate duplication of effort
  6. Enforce data policies
  7. Facilitate communications and data sharing
  8. Highlight data quality issues
  9. Identify data owners
  10. Improve data quality
  11. Monitor data usage
  12. Protect data privacy
  13. Provision and deliver data
  14. Reinforce best practices
  15. Streamline workflows
  16. Support compliance efforts

Metrics

Data governance frameworks identify data-related metrics that should be tracked and reported on, including:

  1. Data growth
  2. Key performance indicators (KPIs)
  3. Key quality indicators (KQIs)
  4. Process efficacy and efficiency

Monitoring

Data governance frameworks provide guidance on data monitoring, such as:

  1. Data proliferation
  2. Data quality
  3. Data usage
  4. Risk exposure

Data governance vs data management

Data governance frameworks and compliance

Regulatory compliance and data governance frameworks go hand in hand. Ensuring that data practices conform to regulatory compliance requirements is one of the main functions of data governance frameworks.

A robust data governance framework provides guidance in key areas, including:

  1. Access controls
  2. Data privacy
  3. Data quality management
  4. Data retention and disposal policies
  5. Security

Data governance frameworks and the GDPR

In 2016, the European Union adopted the General Data Protection Regulation (GDPR), a privacy regulation with strict rules about how personal data can be used and measures that must be taken to protect it. The GDPR brought into high relief the importance of and need for data governance frameworks.

Among the GDPR requirements that drive the need for organizations to employ a data governance framework is the mandate that any organization that handles an EU citizen’s personal data must be able to answer specific questions about how it handles data ownership. These questions include:

  1. How is data ownership assigned within the organization?
  2. Is the ownership of data single-point or collaborative?
  3. What measures are in place to protect EU citizens’ personal data?
  4. What processes are in place to handle data at the end of its lifecycle?
  5. Where does EU citizens’ personal data exist across the organization?

Data governance framework examples

Two examples of vendor-neutral data governance frameworks include:

  1. DGI Data Governance Framework
  2. DAMA-DMBOK

Five examples of data governance frameworks include:

  1. Bottom-up data governance frameworks
    Data governance practices initiated and implemented at lower levels of an organization spread to higher levels and become standards, such as creating templates for naming conventions.
  2. Centralized data governance frameworks
    Data governance is led by an individual in the organization who has been designated the lead or a dedicated team. This person or team takes responsibility for implementing a data governance framework.
  3. Decentralized data governance frameworks
    Data governance is handled by a committee that develops and manages the organization’s data governance strategy, with functional areas of the organization creating and managing their data sets and controlling the distribution of their information.
  4. Top-down data governance frameworks
    Data governance is driven by the organization’s leadership team, which takes responsibility for implementing data governance policies and passing them down throughout the organization.
  5. Hybrid data governance frameworks
    Data governance decisions are made at different levels of the organization that follow a centralized data governance framework, with groups operating semi-autonomously, developing standards, policies, and procedures that best fit their requirements.

What is a data governance maturity model?

A data governance maturity model is used to guide the rollout of a data governance framework. It consists of stages that help organizations establish objectives for implementing a framework and set a course to achieve them. It also provides a standard for measuring the organization’s progress toward its goals.

There are many versions of data governance maturity models. Following are the stages that are common to most of the models.

Unaware of data governance frameworks

The organization is unaware of the importance of a data governance framework, so no actions are being taken regarding one. Any data governance processes are ad hoc and not standardized.

Aware of data governance frameworks

The organization has become aware of the importance of a data governance framework. Having implemented and documented data processes and created an inventory of data sources, the need for a framework has become clear, stakeholders and decision-makers are informed, and goals are being established.

Reactive use of elements of a data governance framework

The organization has begun to lay the groundwork for a formal data governance framework. Systems are in place for information management, but adoption is not universal or formalized.

Proactive use of elements of a data governance framework

A data governance framework has been created with rules and policies defined and documented. Data owners and data stewards have been identified, and a data governance committee has been established. The framework is being applied across most areas of the organization.

Implementation of a data governance framework

A data governance framework has been fully implemented, with its policies and rules enforced across the enterprise. Formal training around the framework has been rolled out. Data is being measured for quality and depended on to inform strategic decisions. With the performance data being collected, deficiencies and areas for optimization are being identified.

Optimization of a data governance framework

The data governance framework is continuously monitored and optimized to improve efficacy and efficiency. Redundant workflows are eliminated or redesigned. Data is being tagged to increase discoverability. Data is viewed as a strategic asset, and the data governance framework is deemed critical to the success of the organization.

Data governance frameworks deliver value

A data governance framework makes data quality achievable by any organization willing to put in the effort. Using a framework ensures that data is properly managed, quality controls are adhered to, and organizations meet their compliance obligations.

Smart, scalable, seamless identity security

Trusted by 48% of the Fortune 500

Mark and Sumit

S1 : E2

Identity Matters with Sumit Dhawan, Proofpoint CEO

Join Mark McClain and Sumit Dhawan to understand the future of cybersecurity and how security teams can support CISO customers in the midst of uncertainty.

Play podcast
Mark and Ron

S1 : E1

Identity Matters with Ron Green, cybersecurity fellow at Mastercard

Join Mark McClain and Ron Green to understand the future of cybersecurity and the critical role identity security plays in safeguarding our digital world.

Play podcast
Dynamic Access Roles

Dynamic Access Roles

Build the next generation role and access model with dramatically fewer role and flexibility

View the solution brief