Establishing Data Governance, Part 2: 10 Universal Components

Rules and Rules of Engagement¹

1) Mission and Vision: At its highest level, Data Governance typically has a three-part mission:

• Proactively define/align rules
• Provide ongoing, boundary-spanning protection and services to data stakeholders
• React to and resolve issues arising from non-compliance with rules

Along with a mission statement it is also vital to develop a clear vision that will portray what your organization could look like with and without a mature Data Governance program. It is important to note that mission statements can be dry. On the other hand, the language you use to paint your vision should be rich, evocative, compelling. Your vision should be able to inspire stakeholders, to help them envision possibilities, to encourage them to set data-related goals.

2) Goals, Governance Metrics and Success Measures, and Funding Strategies: As with most things, goals and metrics for data governance should be SMART (Specific, Measurable, Actionable, Relevant, and Timely). It can be difficult to determine which goals your organization should purse. The DGI recommends starting by anticipating the effect of governance efforts on the “4 Ps”: Programs, Projects, Professional Disciplines, and People as individuals. A useful equation is: “If we do A, then we should expect B, with a result of C; otherwise, we should expect D, with a result of E.”

Revolutionize Your Business With Generative AI

From product design and software development to virtual agents, content creation, and reporting, GenAI is transforming business. Our AI experts help you unlock GenAI’s full potential and drive growth.

Let’s Get Started

3) Data Rules and Definitions: This component refers to data-related policies, standards, compliance requirements, business rules, and data definitions. Depending on the organization’s focus they may strive to:

• Create new rules/definitions
• Gather existing rules/definitions
• Address gaps and overlaps
• Align and prioritize conflicting rules/definitions
• Establish or formalize rules for when certain definitions apply

4) Decision Rights: Who gets to make the decision, and when, and using what process? These answers need to be determined before any rule is created or any data-related decision is made. It is the responsibility of the Data Governance program to facilitate, document and store the collection of decision rights that are the “metadata” of data-related decisions. This may not always be an easy task and may require ongoing negotiations.

5) Accountabilities: Once a rule is created or a data-related decision is made, the organization will be ready to act on it. Who should do what, and when? Most governance efforts involve cross-functional teams. Your governance coordinators will need to understand and follow your organization’s protocols for engaging staff, assigning tasks, and providing the status to management.

6) Controls: Data is constantly at risk. Controls can be preventative or detective/corrective. They can be automated, manual, or technology-enabled manual processes. Often the Data Governance program is asked to recommend: data-related controls that could be applied at multiple levels of the controls stack (network / operating system; database; application; user processes), ways that existing general controls (Change Management, policies, training, SDLCs and Project Management, etc.) could be modified to support governance goals or enterprise goals and/or assist with internal or external audits by explaining how different data-related controls build upon each other.

People and Organizational Bodies¹

7) Data Stakeholders: A data stakeholder is an individual or group that could affect or be affected by the data under discussion and they come from across the organization. They include groups who create data, those who use data, and those who set rules and requirements for data. Because Data Stakeholders affect and are affected by data-related decisions, they usually have expectations that must be addressed by the Data Governance program.

8) Data Governance Office: The Data Governance Office (DGO) facilitates and supports Data Governance and Data Stewardship activities. It runs the program; keeps track of Data Stakeholders and Stewards; provides liaisons to other disciplines and programs, such as Data Quality, Compliance, Privacy, Security, Architecture, and IT Governance: collects and aligns policies, standards, and guidelines from these stakeholder groups; arranges for the providing of information and analysis to IT projects as requested: facilitates and coordinates data analysis and issue analysis projects ; facilitates and coordinates meetings of Data Stewards; collects metrics and success measures and reports on them to data stakeholders ; provides ongoing Stakeholder Care in the form of communication, access to information, record-keeping, and education/support; articulates the value of Data Governance and Stewardship activities; provides centralized communications for governance-led and data-related matters; maintains governance records.

9) Data Stewards: Most Data Governance programs have a Data Stewardship Council that is made up of a set of Data Stakeholders who come together to make data-related decisions. They may set policy and specify standards, or they may craft recommendations that are acted on by a higher-level Data Governance Board. Data Governance programs with a focus on Data Quality, such as those in healthcare, may also include Data Quality Stewards. These roles typically report to a business function or Data Quality team, with dotted-line accountabilities to Data Governance. These stewards examine sets of data against criteria for completeness, correctness, and integrity. They make corrections as appropriate and refer other issues to the DGO

Processes¹

10) Proactive, Reactive, and Ongoing Data Governance Processes: This component describes the processes to govern data. Ideally, these processes should be standardized, documented, and repeatable. These processes can include: Aligning Policies, Requirements, and Controls; Establishing Decision Rights; Establishing Accountability; Performing Stewardship; Managing Change; Defining Data; Resolving Issues; Specifying Data Quality Requirements; Building Governance Into Technology; Stakeholder Care; Communications and Measuring and Reporting Value.

Challenges to Implementation:

There are very few organization wide initiatives that come without challenges and data governance is no exception. Based on an Exeros survey conducted of 130 IT executives from Fortune 1,000 companies, the following were the most commonly cited challenges organizations must overcome to implement data governance are²:

1. Determining the rules and requirements; interpreting and understanding the rules concerning data sources
2. Gaining agreement of all parties regarding policies
3. Developing new tools and software to enable data governance
4. Cost of implementing policies
5. Incompatible systems
6. Competing priorities within the organization
7. Getting management to understand what is necessary
8. Building the project process

Establishing data governance in any industry is not without challenge. However, given the nature of the healthcare industry and its various forms of data from multiple systems and organizations, the challenges seem to be amplified. Regardless of the difficulty and/or challenges, it is imperative that data governance not only be established but effectively sustained in healthcare organizations. As mentioned prior, data governance’s primary goal is to allow for data across the organization to be consistent, accurate, available and timely in order to help drive improved and effective clinical, operational and financial decision making, hence the increase in criticality for healthcare organizations to establish data governance. As demands and expectations for improved care coordination continue, healthcare organizations are going to not only have to understand the importance of data governance, but more importantly learn how to optimize and leverage its true benefits.

Resources cited in this blog:

1. http://www.datagovernance.com/fwk_dgi_data_governance_framework_components.html
2. http://www.nascio.org/publications/documents/NASCIO-DataGovernance-Part1.pdf