Data Governance: Establishing and Maintaining Trust in Information

How best to keep all the moving parts in the digital enterprise from running off the rails

Published: Monday, January 30, 2023 - 13:02

In our ongoing series of CIMdata articles on engineering.com, we’ve focused primarily on the digital (aka “virtual”) and physical aspects of digital transformation. Our discussion of these digital and physical elements has centered on what needs to be done with (and to) information as competitive and innovative new products, systems, services, and assets are developed, produced, and supported.

In the past two years, these articles have addressed almost everything being done to create and manage data and information throughout product life cycles within business units, and by suppliers and contractors who keep the extended enterprise profitable. In this article on data governance, however, I’m changing gears to address management, policies, procedures, and even “people” issues related to information handling to ensure it’s always right for use.

I want to shift attention away from computer monitors, apps, systems, and solutions to instead look at how best to keep all the moving parts in the digital enterprise from running off the rails. I’ll address the need for:

• Data governance amid the rapid expansion of information in models
• Strict online privacy rules
• Data governance implementation with viable frameworks and roadmaps

Finally, I’ll discuss why these are “people issues” critical to digital transformations.

What’s data governance?

Data governance is “the definition, implementation, and management of policies, procedures, structures, roles, and responsibilities that outline and enforce the rules of engagement, decision rights, and accountabilities for the effective management of information assets.”

Effective data governance means oversight of solution implementations that ensure the promised capabilities are working as required (that is, approved, available, and usable). The same is true for upgrades and new systems.

A good illustration is in my recent engineering.com posting on model-based structures. Even if model-based structures are packed with information and illustrated with attractive and helpful engineering graphics, they are still incomplete and may be awkward for others to use. The model’s information must be structured so all of its data is accessible and understandable to all potential users. In turn, this structure requires a consistent and readily accessible explanation and exposition built into the model.

In other words, a model-based structure tells users how and why it was built, by whom, what is shown, and the model builder’s intent. Intent includes analysis, validation and verification, test and inspection, connectivity and/or the support of design alternatives or manufacturing, field service, and more. Data governance is the most effective way for builders of model-based structures and other information constructions to ensure this.

Effective data governance makes a crisp distinction between the oversight roles of people implementing it and the get-the-job-done focus of the enterprise’s information users—including everyone who creates information intended for others to understand and use.

This makes the data governance issue about how much control to assert over the structure of the model and its content; it doesn’t permit information meddling.

Data governance is the oversight of information, specifically the solutions, systems, uses, and the enterprise’s policies on handling information. Data governance’s sole aim is to ensure that what was promised to users of information is being provided in usable forms. Its oversight starts with determining responsibility and accountability for the information, plus all the solutions and computing systems that permit access or change to the data/information.

Simply put, as part of digital transformation, data governance is about information stewardship—essentially a watchdog role—rather than creating another layer of information management.

Why: The effects of models and privacy

Data governance goals include sustainability and change management for data/information, guidance for in-house software development and analytics, as well as how to measure improvements. This is why the initial establishment of data governance should be presented as oversight only. While ensuring that data is what it is supposed to be, data governance is not about configuration management or master data management, although it does support both. As a result, it’s essential to maintain a single logical version of the truth, regardless of how it’s defined.

Well-implemented data governance leaves day-to-day (and overall) information management in the hands of process managers, department/business unit leaders, experienced users, and IT departments. It’s not merely a feel-good exercise; oversight provides straightforward ways to verify that information security and privacy constraints are in place—and remain uncompromised—which can simplify verification and audits.

A growing justification for data governance is information privacy. The European Union’s General Data Protection Regulation (GDPR), for example, establishes far-reaching rights for individual privacy, including:

• The right to access personal information wherever and whenever it’s stored or reused
• The right to be informed about the contents of one’s information
• The right to be “forgotten”—having one’s information permanently erased

As far as enforcement of the quality of information goes, these are huge steps. And under GDPR, violations carry big penalties.

Data governance experts foresee demands to enforce these rights growing in the next few years. California has enacted similar constraints, and other states are enacting or considering them. Presumably, agencies in the U.S. government and elsewhere will follow, and GDPR’s data rights could become universal.

As this broad form of information protection takes hold, all sorts of sensitive information may become subject to similar constraints. Financial and confidential business information could be next; personal medical information is already highly protected. Moving information to the cloud adds to data governance challenges. So does the endless proliferation of information in new formats and structures scattered throughout organizations, computer systems, and storage devices.

Therefore, data governance is a vital response to GDPR and similar demands for assessments, audits, verifications, and enforcement of data rights. These demands will eventually affect the extended enterprise, which makes product life-cycle management (PLM) and end-to-end connectivity another essential element of the Critical Dozen.

How: Start with a framework and a roadmap

There is no standard structure for an organization’s data governance team. It can be an ad hoc committee, a small department with a few staff, or a formalized unit in large organizations. The need for oversight should be determined by size and reach. Similarly, there are no standard starting points. Start where the pain is most acute.

Data governance isn’t intended to control every informational model and data element, or even manage their creation. I think any such hands-on approach is overkill. Instead, data governance monitors usage, addresses complaints, and steps in when problems occur. Its oversight ensures that information guidelines and established policies aren’t violated—as opposed to trying to foresee and prevent problems. Oversight should be limited to making sure, as noted at the outset, that what was promised is still being delivered with no unpleasant surprises.

Once data governance is in place, its overseers should look for lax implementations—incorrect or incomplete data structures in any information construction, no matter who created it. In addition to user complaints about corrupted data, data governance staff must be alerted when:

• Evolving information needs are inconsistently satisfied
• Implementation promises are not being met
• Hidden workarounds and shortcuts are performed

More generally, data governance implementations should be rolled out incrementally. Major considerations should include prioritizing components based on their focus, business unit, economic effects, alignment with enterprise goals, and scalability. Data governance implementations in some enterprises try to cover too much information too quickly, and big-bang debuts rarely succeed.

I have found a modified Zachman framework to be a proven way to enable a valid and trustworthy data governance practice. This framework provides detailed approaches to establishing a fundamental enterprise architecture to ensure data governance is timely, measurable, compliant, repeatable, and consistent.

Also useful are the Mike2.0 Framework, the data governance Institute Framework, the IBM Data Governance Council Framework and Maturity Model, Quality Function Deployment (QFD), and a scaled-down QFD. Frameworks differ, so choosing one that best fits your enterprise is important. In addition, there are data governance approaches tailored to specific industries. Most important, each data governance framework separates the responsibility for management from the execution of policies.

Because data governance is complex, I urge organizations to develop a road map and detailed implementation plan that spells out the vision, strategy, and objectives. Every implementation has to prioritize key elements of the project for the timing and costs to be in budget. As part of data governance frameworks, roadmaps also coordinate the necessary people, stakeholders, and resources while simplifying the tracking of progress.

Final thoughts: Safeguarding the enterprise’s information

The long and short of data governance is that it safeguards the value of the enterprise’s ever-changing information, including how it’s handled in processes and enabling constantly evolving systems. Unfortunately, the value to the enterprise of that information is sometimes overlooked—largely because most collected data is never used—making it easy to assume that the enterprise’s data is trustworthy.

As I noted in a webinar on Nov. 10, 2022, “CIMdata’s Critical Dozen: The Top 12 Trends & Enablers for Digital Transformation,” the right set of data governance policies, procedures, structures, roles, and responsibilities is essential. Without them, digital transformation will be hollowed out. Its effectiveness will be undermined, and its hopes of profitability will be at risk.

Enabled with PLM and end-to-end life cycle connectivity, effectively implemented data governance is part of the essential underpinning of collaboration that spans business units, suppliers, customers, geography, time zones, new technologies, and constant change.

Fundamentally, a data governance framework ensures the information comprehension necessary for collaboration and innovation—without which the enterprise struggles. By cleanly separating the responsibility for data governance management from the execution of data governance policies and practices, users are assured that the enterprise’s information they need is available and of maximum value—with a minimum of interference and oversight.

In a successful digital transformation, no one should have to struggle with information; struggling with information is, of course, the ultimate “people issue.”

This article was first published Jan. 2, 2023, on engineering.com.

About The Author

Peter Bilello

Peter Bilello is the CEO and president of CIMdata. He has expertise in product life-cycle management, general data management, and software engineering. He has written numerous articles on these topics, particularly focusing on PLM.