Building a data governance framework

Today’s enterprises are generating more data than ever before, and business leaders are faced with the challenge of effectively managing that data. An estimated 181 zettabytes of data is created and consumed each year, much of which resides within enterprises.  

It’s critical to have a data governance framework to drive greater productivity, effectively power applications and workflows and capture the full monetary value of that data-. Let’s explore how to build a data governance framework that meets your unique organizational needs and offers the elements needed to standardize data management.

A data governance framework is a set of processes and rules that clarify how an organization will collect, store, categorize and manage its data. By implementing a data governance framework, it’s possible to ensure data is treated consistently across the organization and that individual stakeholders can access trusted data as needed. Clear data governance guidelines also allow organizations to introduce self-service tools that empower individuals to easily find and manage data to enhance productivity.

To establish a data governance framework, organizations need to have a baseline understanding of the current state of their data. This includes an understanding of what data is being collected, where it is collected from, how it is stored, how it will be used and what communication is needed around data management to different groups. It’s also important to understand best practices, industry requirements and regulatory guidance that may impact specific types of organizations (such as banks or health care) and specific classes of data.

With an effective data governance strategy in place, it’s easier to standardize data management across various channels. Ultimately, data governance frameworks verify that the standard processes apply to the entire management life cycle, including data quality, security, effective integration, technical management and data architecture. Establishing a shared set of best practices allows anyone throughout the organization who interacts with data to manage it to the same set of standards for consistency. McKinsey notes that data governance helps organizations capitalize on data-driven opportunities and reduce resource waste.

Five types of data governance frameworks are most commonly referenced and provide a starting point for determining which model best fits an organization’s unique use cases. Typically, the different types of data governance strategies are understood through the lens of how they’re created and who makes the final decisions within the organization. 

• Top-down: In a top-down model, data governance policies are determined at the corporate level in a centralized way. Those policies and practices are then disseminated and executed at all levels and throughout different business units.

• Bottom-up: Bottom-up data governance occurs when more junior employees implement best practices that are eventually  adopted throughout the organization, including at higher levels. Examples of this might be standardizing metadata or naming conventions.

• Silo-in: With a silo-in approach, different groups define their governance needs and then develop a strategy that considers the needs of various groups when creating final standards.

• Center-out: In a center-out model, a single individual or group owns data governance and develops the standards, policies and procedures. The larger organization then adopts these standards.

• Hybrid: A hybrid approach to data governance framework creation occurs when decisions include different organizational levels. For example, the C-suite may request a framework be developed, ask different business units to work together in a center-out model and recommend an approach that executives approve.

When deciding how to approach this type of initiative, it can also be helpful to reference some commonly cited data governance framework examples.

• The PWC enterprise governance framework, for example, is designed to help enterprise organizations navigate the challenges of sprawling, multilayered data management. 

• The Data Governance Institute offers a template to help organizations determine how they classify, organize and manage their data. 

• Deloitte has created a set of guidelines specifically for organizations that want to future-proof their data governance with next-generation applications and growth in mind.

These are just a few examples; others exist depending on an organization’s size, use cases, existing data frameworks and industry requirements.

An organization’s data is one of its most important assets. With the explosion of growth in data generation, it’s critical to have a governance framework in place to effectively manage it across the life cycle. At a practical level, a data governance framework offers everything an organization needs to streamline operations, make better decisions and access the insights to drive innovation. 

Today, organizations are investing in governance frameworks to ensure:

• Internal approaches to data comply with relevant regulations, such as GDPR or HIPAA

• Teams have the information needed to manage data effectively and reduce or eliminate errors

• There's standardization across the organization to prevent inconsistencies or gaps in how different parts of the organization handle data

Ultimately, organizations can establish the norms so their employees treat data like a critical business asset by taking a systematic approach. Standardized policies and procedures provide the guidance for how key data activities and questions should be handled. 

Establishing ownership and accountability creates a pathway to escalate new challenges, keep the framework evolving with changing needs and address questions that may come up in important contexts, such as audits or regulatory inquiries. Centralizing critical concerns, such as data quality or how an organization approaches privacy and security, creates a baseline that establishes confidence in the process.

There are four essential pillars of an effective data governance framework.

The value of data directly relates to its quality. Data that’s vetted and error-free can be used for activities such as reporting, training automation and informing critical business decisions. A governance framework provides the scaffolding for the processes that are used to ensure the quality of data.

An organization developing a governance framework for the first time may not be aware of its current data health. Gathering information on the state of current data quality and addressing errors is often part of the process. Once a healthy baseline exists, the framework outlines approaches to ensure quality on an ongoing basis and surfaces and fixes errors when they occur.

Stewardship highlights the moral, and often legal, responsibility organizations hold for the people whose data they collect and retain. A stewardship strategy ensures data across the organization meets the same standards.

In particular, this includes complying with regulatory requirements, policy and accuracy thresholds. When your data governance framework includes a stewardship lens, it helps ensure continuity and quality across business units, geographic locations and diverse projects. Defining ownership within the organization, including who makes decisions over data governance, is also a key element of the stewardship process.

IBM found the cost to address a data breach rose as high as $4.45 million in 2023. As a result, data protection and governance are critical aspects of a governance structure, including:

• Security: What best practices and technologies will be used to protect data from hackers and other threats?

• Access control: Who will have access to what data, and how will those policies be used to manage access to different classes and types of data?

• Privacy: What steps will organizations take to protect individual’s information, including important processes such as anonymizing data? 

Data management or architecture explains how data systems are designed and managed to meet the organization’s needs. This includes data hierarchy, labeling, access policies, system selection and overall structural choices.

In addition, data management extends into selecting the hardware and software needed to put data governance frameworks into action. During this phase of the process, attention is also paid to how architecture is designed, as well as database and warehouse selection and management. 

While modern data governance frameworks vary depending on the organization’s needs, they often share key components in terms of best practices.

Implementing a data governance program is a significant undertaking. Determining how that program will be managed is a critical  element to its long-term success. Program management involves determining factors such as:

• What are the goals and objectives that will determine where resources are invested?

• What executive support and insight are needed to make the program successful?

• What role will own the program or different aspects of the program, and what’s the escalation path for questions or concerns?

• What technical, analytical or data resources will be required to implement the program?

• What software and hardware will be needed to bring the program to fruition?

• What training and communications will be provided to disseminate the program as the different aspects are finalized?

Securing data quality is a key outcome of an effective governance framework. Data quality standards are key performance indicators or data quality metrics the organization needs to attain. It also includes the policies and procedures needed to make these a reality. Ultimately, data quality standards often address the following:

• Data accuracy

• Data integrity

• Data access 

• Data security and privacy

• Data availability

• Data integration

• Data usability

Analytics management is a complementary component of any governance framework. As governance frameworks seek to improve the quality and usability of data, analytics can help lay the foundation to make that vision a reality. For example, analytics can help determine the health of an organization’s data at the start of a program. Analytics also plays a critical role in the ongoing program to ensure the standards drive the expected data quality outcomes and assess the effectiveness of any interactive improvements.

Metadata is a critical component of data management. Data by itself is just that: information. However, data put into the proper context has tremendous value. That’s precisely what metadata does. Metadata highlights how data was created, defined and used throughout the organization. When metadata is aligned to key business objectives, it creates a deeper sense of order within a governance framework and makes it easier to work with data in various ways.

As previously highlighted, data security and privacy are critical concerns. Operationalizing these as part of the framework often involves establishing standards for security and privacy. How will the data that’s being carefully managed be protected? Organizations considering their data security and privacy often answers questions such as:

• What are the different classifications of data, and do they have unique security or privacy needs?

• What regulatory factors must be considered with regard to security and privacy?

• What threats must the enterprise protect data against, and what steps can be taken in terms of technology, education and data protection?

• What access management and identity verification can be used to manage specific bodies of data?

• How does the need for data security and privacy impact key technical decisions, such as on-premises and cloud storage?

Building an effective data governance framework is a massive undertaking. By following best practices, it’s possible to get the best outcomes, energize staff and align the efforts to the most critical business goals.

While many important reasons exist for creating a data governance strategy, each organization has its unique objectives. For example, the goal may be to harness the power of unstructured data to find lucrative opportunities for innovation or to ensure adherence with strict privacy laws that impact an organization. 

Defining the end goal helps determine how resources should be allocated and, ultimately, how success will be defined. The business outcomes the governance strategy is designed to support will also determine the scope of the data impacted. Examples of data that may be within scope include financial data, customer data and operational data.

It’s impossible to govern data you're unaware of, so the first step is often creating a data inventory. This provides a lens through which the organization can view its data assets and understand the scale of data it’s working with. A data governance strategy should encompass all data, so successfully identifying assets helps establish a holistic foundation.

From there, the next step is to classify the data. Data can be classified based on its function or contents. In addition, it’s important to look at whether the data is sensitive, how critical it is to operations, how frequently it’s used and any regulatory requirements that impact how data is treated. With this information in hand, data streams can be segmented, prioritized and managed in a strategic way.

Defining the roles and responsibilities of individuals participating in the program will increase effectiveness. In terms of best practices, many organizations use three classifications.

• Data stewards: Stewards are subject matter experts who deeply understand a specific dataset and can share input regarding how it’s used and collected to inform the best governance plan.

• Data owners: Owners are responsible for classification, management and quality assurance related to specific datasets.

• Data custodians: Custodians oversee critical elements of the data governance framework, such as security and data protection.

Standardization is one of the critical benefits of a data governance strategy. Establishing policies and procedures that outline how data should be managed, stored, accessed and protected throughout its life cycle provides the foundation for implementing the ideas captured in the broader framework. 

Documenting and making these available to all stakeholders is critical to this process. By codifying the expectations and clearly laying out the procedures for staff to follow, the governance framework establishes the guidelines needed to implement plans at a practical level.

Data security and protection require the correct elements to be in place. Often, custodians are in charge of these areas and look at elements of security and governance over the long term. Key aspects of enforcing data security measures include access controls, encryption and real-time monitoring for threats.

An effective strategy can best be implemented with the right technology and tools. As part of the framework process, define the solutions that best support your efforts. This might involve a platform designed to automate metadata or systems that let you query data usage and assess that it complies with the framework. Elements to consider include:

• Technology solutions already in place and interoperability with new solutions

• Budget needed for hardware, software and training

• IT workloads and support

• The functionality and benefits needed to support the governance initiative

A governance framework is only as successful as your team’s ability to implement it. As part of your framework design, think about what type of training and communication will be required. Often, employees will be split into different groups in terms of the data governance framework, depending on their role and how they interact with data. In some cases, it’s critical that there’s awareness across the organization that the framework exists and who to consult if a question arises. In other situations, key employees may need in-depth training and ongoing support to implement the plan fully.

Each individual should be able to speak to the importance of data governance and understand how their roles are responsible for key factors, such as data quality, security and governance. By investing in this area, organizations empower their teams to capture the full potential of a governance framework and apply it strategically to all aspects of the business.

An effective governance strategy is an iterative one that looks at the performance of past initiatives and identifies changes required to adapt to future needs. Build periodic review cycles and audits that assess the effectiveness of the data performance framework. Key metrics should be established that can be tracked and used as benchmarks as part of the initiative. In addition, have candid discussions with stakeholders to understand how the program has impacted their ability to use data at a practical level. 

By proactively monitoring program performance, it’s possible to identify gaps and create plans to improve its impact continuously. At a minimum, assessments should occur on a quarterly basis, with deeper dives and annual planning.

Capital One Slingshot supports well-managed data governance with pre-configured warehouse templates that use centrally defined policies to standardize usage across the organization. Teams are empowered to set up warehouses, which reduces bottlenecks, while Slingshot automates governance and streamlines approvals. 

Learn more about how Capital One Slingshot can support your data governance initiatives today.