How would you manage your data without rules and direction? How do you know if your efforts are working or are you treading water?
Using definitions from a previous post Data Governance Landscape
Data Governance (DG)
The complete lifecycle of information deemed important to the organisation to mitigate risk.
Example: The packaged (gross) weight of a product 540g the weight of a metal stapler in a cardboard box; used in logistics, marketing text on websites, customer data forms for advising on new products, compliance and legislative reporting: When and where is this information collected? How is it managed; checked, stored, communicated. How long is the data available for, before being archived, will it still need to be accessed after archived?
Master Data Management (MDM)
The journey of achieving consistent, good quality data across the organisation.
- Identifying and managing duplicate records and improving the quality of information. To do this effectively requires a thorough understanding of the information. How and where is it created, and modified. What roles and rules are needed to manage it, how and where is it used and when and where it is archived.
The data and activities used to manage the data are all part of your companies data governance. How do you achieve all of this without policies and procedures?
Ok, you have (hopefully) now agreed you need a data policy. Depending on the size and complexity of the organisation depends on how many and how detailed your policies will be.
What is a Policy a statement of intent, and is implemented as a procedure or protocol
What is a Procedure a document written to support a Policy Directive
The Structure of the Policy
Scope what will the policy cover: systems, parts of the organisations, countries, will it link into other policies?
Definitions explain the different systems and their uses that the policy relates to, any abbreviations or industry terms used
Authorisations who will approve changes to the policy and approve any requests made under the policy needs?
Details of the policy what it covers and to what level of detail. Give examples of the types of activities covered in the policy. Make it clear to avoid misinterpretation. Test the document out on people who will use it.
Communication of changes under the policy activities How will the existence of the policy be communicated and how will updates be reviewed and announced?
Non-compliance of policy What are the penalties or implications for anyone / department whom does not comply with the policy. Outline the impacts of non-compliance and who would be affected.
Additional questions to consider:
- What business requirements need to be managed by a policy or procedure?
- Do any system changes need to be made to support required policies or to make managing a policy more efficient?
- Where will the policies be held?
- How will they be accessed?
- How often will they be reviewed?
- Who will approve / sign off new or amended polices?
Consider the use of the Data Governance Council in the same post for management of policies and procedures. Data Governance Landscape https://wp.me/p3QDdI-l