More about Governance Risk and Compliance
What is a Data Governance Policy?
A data governance policy is a set of documented guidelines designed to ensure that an organization's data and information are managed consistently and used correctly. The policy usually includes individual guidelines on data quality, access, security, confidentiality, and use, as well as roles and responsibilities for implementing these guidelines and monitoring compliance.
The data governance policy should define principles, practices and standards to ensure that data is of high quality and is appropriately protected. It is defined by a data governance committee, which is made up of senior managers and data owners. A data governance policy is usually part of a broader governance, risk and compliance (GRC) intiative.
In this article, you will learn:
- Developing a Data Governance Policy
- 4 Foundational Data Governance Policies
- Data Governance Policy Template
- Hybrid Data Discovery, Mapping and Classification with NetApp Cloud Data Sense
Developing a Data Governance Policy
Recognizing the necessity of data governance, organizations should form a data governance committee or governance group to create a company data plan, which details how to collect, store, use, and protect data.
Governance committees should include compliance professionals, lawyers, IT and security professionals, line of business (LOB) leaders, and the company's chief data officer (CDO), or if this function does not exist, the senior executive in charge of data, such as a CIO.
The committee should determine:
- Who is responsible for data, its security, integrity, and usability.
- Compliance requirements that apply to the organization's data, and the procedures and practices needed to comply with those standards.
- Risks associated with the organization's data assets and data processing procedures, and the impact on the business—including loss of productivity, financial losses, and legal liability.
After completing these assessments, the committee should use the results to develop practical organizational guidelines, and oversee their implementation.
When determining compliance requirements for your organization, see these guides about major compliance standards:
4 Foundational Data Governance Policies
For data governance to work effectively, several policies are essential. Below are several foundational policies that every organization should use.
Data Governance Structure Policy
Data governance involves making strategic, effective decisions about a company's data and information assets. It defines laws, policies and restrictions that affect all members of the business community—including employees, subcontractors, and external partners—directing them how to use and manage data correctly.
A structure policy defines how data governance will be practiced at the organization. The organization should adopt formal guidelines to manage company data and information resources and require employees to follow them. It also defines who should manage data governance at the organization—primarily a data governance leader position, and the enterprise data management (EDM) team, assisted by senior managers, administrators, data stewards who help to organize and maintain datasetdss, and end-users of the data.
Data Access Policy
A data access strategy ensures employees can access the organization's data and information. The measures taken to protect data should not interfere too much with day-to-day processes that rely on that data. This strategy applies to data usage across the company and all business units, regardless of the location or format of the data.
Another aspect of this policy is to protect data assets through security measures, to ensure data is only accessed by authorized individuals, and is used correctly. Each data point is classified by a data steward, and data users should be given the appropriate level of access according to their role.
Data Usage Policy
A data usage policy ensures that data will be used in an ethical manner, and in accordance with all applicable laws and standards. Data usage depends on the security level assigned by each data steward.
Employees should only access and use data for business purposes, and they cannot use it for personal or other inappropriate purposes. They must also access and use the data according to their assigned security level. Data usage activity is divided into several categories: reading data, creating data, updating it, and distributing it.
Data Integrity Policy
The data integrity policy ensures the consistency of organizational data. It integrates key data elements into organizational units and computing systems, enabling employees and contractors to rely on data for information and decision support.
Data integrity also relates to the validity, reliability and accuracy of data. It is based on a clear understanding of the business process on which the data is based and consistent identification of individual data points, to ensure their validity.
The ability to integrate or absorb data between information systems depends on the integrity of the data and the design of the data model, its structure, and the data domain.
Data Governance Policy Template
Here is a brief template you can use to start building a data governance policy at your organization. Each of the points below should be developed into an entire section or chapter in the full data governance policy.
- Goals—overall goals for the governance initiative and key performance indicators (KPIs) to measure success.
- Responsibilities—for each data system, define a data steward who will manage data as a business asset, and pay special attention to data quality. Define data owners and grant them decision-making power and responsibility for data quality standards. Designate IT staff who should manage technical aspects and ensure compliance. A RACI chart can be useful in planning this section.
- Data inventory—create a list of all data sources in the organization. Regularly update the list with new resources and delete defunct resources.
- Data collection—define the purpose of data collection, communicate data collection goals to employees and customers, and verify collection procedures.
- Data management—establish and implement strategies to control the creation, management and destruction of data records.
- Data quality—assign data stewards who will be responsible for data quality and conduct regular audits to ensure quality.
- Data access—set permissions for access to datasets and data systems.
- Data security—define security and data sharing policies. Perform a risk assessment, listing risks related to data, their impact on the organization, and steps for mitigating them.
Hybrid Data Discovery, Mapping and Classification with NetApp Cloud Data Sense
NetApp Cloud Data Sense automatically discovers, maps, and classifies your data wherever it may be. Data availability, ownership and quality are crucial for business efficiency and cost optimization. With Cloud Data Sense, you can automatically label and act on information stored in files and database entries on premise and in the cloud. Make smart data decisions and automate your data optimization and compliance plans.