Click to learn more about author Steve Zagoudis.
In the last blog, we defined how to determine the target audience for a Data Governance policy. In this blog, we will begin to define the actual Data Governance policy.
There are at least two primary documents that govern most working groups or committees. The first is the policy, which states the rules or guiding principles to which the company should adhere based on their regulatory or executive requirements. The second is the charter, which defines how a group will function, including membership, reporting relationships, voting rights, etc. The degree to how formal or informal these documents are is a function of your regulatory oversight, overall maturity in governance, and culture. We will explore the Data Governance charter in subsequent blogs. For now, let us turn to the policy, in this case, for Data Governance.
We have found that when defining a Data Governance policy, it is more productive to start with a working draft for review. Below are the initial sections of a Data Governance policy for consideration:
I. INTRODUCTION
Data Governance establishes a defined methodology for determining and capturing ownership and definitions for MetaGovernance Inc. (“MetaGovernance”) structured data assets (“data”). Data Governance is an integral component of a Governance, Risk Management, and Compliance (GRC) framework. The application of Data Governance provides risk mitigation against operational and regulatory issues that are caused by inaccurate, misinterpreted, or inconsistent data. Data Governance practices applied uniformly maintain and increase the value, availability, and integrity of data and increase profitability while promoting appropriate use and control.
II. PURPOSE
The purpose of this Policy is to define the risk management, operational controls, business objectives, and protocols guiding MetaGovernance data to maximize profitability while also simultaneously ensuring conformity with applicable laws as well as regulatory and compliance requirements.
III. SCOPE
This Policy applies to the definition, usage, and control framework of MetaGovernance data, regardless of the location or format of the data. This Policy applies to all MetaGovernance employees and other business partners that manage MetaGovernance data, including but not limited to contractors, subcontractors, and vendors. This Policy applies to storage locations at MetaGovernance, within a cloud, or with a third-party services provider.
IV. OBJECTIVES
Data Governance at MetaGovernance is a strategic enterprise-wide program with the following objectives:
- To be the focal point for all Risk Management aspects of data across MetaGovernance.
- To provide clear awareness of data ownership, data accountability, data consumers, and correct data source for any MetaGovernance data.
- To minimize compliance and regulatory exposure and operational risk associated with using inconsistent or inaccurate data for internal MetaGovernance operations.
- To contribute to MetaGovernance’s optimal operational and financial performance through the delivery of accurate, consistent, and timely data.
- To deliver operational efficiency through the automation of data reconciliation controls.
- To provide transparency and evidence that data is accurate and timely.
- To provide the business and technical oversight around any definitional changes to data or information that could impact MetaGovernance operations.
- To provide oversight of the Governance Architecture for MetaGovernance.
The above sections are the beginning of a Data Governance policy. We will continue to define the remainder of the Data Governance policy in subsequent blogs.
Several clients have asked us to expand the scope of their policy to include unstructured data, records, records retention, and the overall crown jewel Data Management. This work moves the focus closer to legal, information security, and records management. For example, awareness of the location of confidential, PII, and HIPAA data is of growing interest among our clients. We have had considerable success in merging the Data Governance and Information Governance disciplines together under an overarching risk management policy.