NASCIO: Representing Chief Information Officers of the States

Data Part II: Maturity Models – A Path to Progress

Introduction When government can respond effectively and expeditiously to its constituents, it In the previous report on Data Governance1 gains credibility with citizens. The an overview of data governance was opposite is also true. When government presented describing the foundational can’t respond, or responds incorrectly, or issues that drive the necessity for state too slowly, based on inaccurate informa- government to pursue a deliberate effort tion, or a lack of data consistency across for managing its key information assets. agencies, government’s credibility suffers. Data governance or governance of data, information and knowledge assets resides This research brief will present a number within the greater umbrella of enterprise of data governance maturity models2 architecture and must be an enterprise- which have been developed by widely wide program.There is a significant cost to recognized thought leaders. These models March 2009 state government when data and informa- provide a foundational reference for tion are not properly managed. In an understanding data governance and for NASCIO Staff Contact: emergency situation, conflicts in informa- understanding the journey that must be Eric Sweden anticipated and planned for achieving Enterprise Architect tion can jeopardize the lives of citizens, [email protected] first responders, law enforcement officers, effective governance of data, information fire fighters, and medical personnel. and knowledge assets. This report contin- ues to build on the concepts presented in Redundant sources for data can lead to Data Governance Part I. It presents a conflicting data which can lead to ineffec- portfolio of data governance maturity tive decision making and costly models. Future publications will present investigative research. If data from differ- other important elements that comprise a ent sources conflicts, then the decision full data governance initiative. These other maker must research and analyze the elements include frameworks, organiza- NASCIO represents state chief various data and the sources for that data tion, delivery processes, and tools. information officers and infor- mation technology executives to determine or approximate what is true and managers from state and accurate. That exercise burns time Maturity models provide a means for governments across the United and resources. Accurate, complete, timely, seeing “what are we getting into?” The States. For more information visit www.nascio.org. secure, quality information will empower higher levels of maturity present a vision decision makers to be more effective and or future state toward which state govern- Copyright © 2009 NASCIO ment aspires and corresponds to not only All rights reserved expeditious. More effective decision making leads to higher levels of enterprise a mature data governance discipline, but 201 East Main Street, Suite 1405 also describe a mature enterprise architec- Lexington, KY 40507 performance. The ultimate outcome is Phone: (859) 514-9153 better service to citizens at a lower cost. ture discipline.The case has already been Fax: (859) 514-9166 Email: [email protected]

Data Governance Part II: Maturity Models – A Path to Progress NASCIO: Representing Chief Information Officers of the States

made in Data Governance Part I that state the State CIO” for further discussion of government will never be able to effec- organizational change management.3 tively respond to citizens without properly governing its information and knowledge The growing importance of properly assets. managing information and knowledge assets is demonstrated by a number of In early 2009, the states are under severe predictions regarding data and data economic stress—major revenue short- governance by the IBM Data Governance falls, growing deficits and reduced public Council.4 spending. State governments expect continued expenditure pressures from a variety of sources including Medicaid, IBM Data Governance Council employee pensions and infrastructure. Experts predict even more economic Predictions troubles for the states in fiscal year 2010  Data governance will become a regula- and beyond. A key ingredient for estab- tory requirement. lishing strategies for dealing with  Information assets will be treated as an continuing fiscal crisis is the ability to asset and included on the balance sheet. effectively harvest existing knowledge  Risk calculations will become more bases. Those knowledge bases must pervasive and automated. provide reliable, up to date information in  The role of the CIO will include responsi- order to enable judgment, discernment bility for . and intuition. These comprise what might  Individual employees will be required to be termed wisdom. Even with perfect take responsibility for governance. information, wisdom is still required to make the right decisions and to execute on those decisions. State leaders will be As described in the previous issue brief on forced to make tough decisions in the this subject the delivery process must months ahead, certainly requiring wisdom. begin with an understanding of what the This research brief will focus on that first end result will look like, and what value a key ingredient—knowledge. So, state data governance initiative will deliver to government must make the commitment state government. Value is defined by to begin now to manage and govern its executive leadership and depends on the information and knowledge assets. vision, mission, goals and objectives Maturity models assist in helping state executive leadership has established for government prepare for the journey and the state government enterprise. The that is what this report is intended to value delivery process must also provide present. Governance will not happen methods and procedures for monitoring overnight—it will take sustained effort how well state government is currently and commitment from the entire enterprise. performing and the incremental steps for reaching the desired level of performance. As state government moves up the maturi- ty curve presented by these models, there The process for establishing and sustain- will be technological and business process ing an effective data governance program ramifications. However, nothing will will require employing the following compare to the organizational fallout. It enablers: will take commitment and leadership from executive management to bring the enter-  Strategic Intent: describes WHY data prise along in a way so that it will be a governance is of value, the end state positive experience for government that government is trying to reach, and employees and citizens. See NASCIO’s the foundational policies that describe publication “Transforming Government the motivation of executive leadership. through Change Management: The Role of This strategic intent should be described in the enterprise business

2 Data Governance Part II: Maturity Models – A Path to Progress NASCIO: Representing Chief Information Officers of the States

architecture. If state government does framework for data governance will co- not have quality data and information, exist with other frameworks that it will not achieve its objectives. describe other major components of Flawed data and information will lead the state government enterprise archi- to flawed decisions and poor service tecture. delivery to citizens.  Methodology for Navigating the  Data Governance Maturity Model: Framework: describes the methods describes the journey from the AS IS to and procedures for HOW to navigate the SHOULD BE regarding the manage- through the framework, create the ment of data, information and artifacts that describe the enterprise, knowledge assets. In parallel to this and sustain the effort over time. This journey regarding data governance is methodology will co-exist within the the journey that describes a maturing enterprise architecture methodology enterprise architecture operating disci- and touch on business architecture, pline. State government must process architecture, data architecture, understand where it is today and organizational governance, data / where it needs to go. This is an impor- knowledge management processes, tant step in planning the journey in and records management processes. managing information as an enterprise  asset. Data governance maturity Performance Metrics: to measure and models provide the means for gauging evaluate progress and efficacy of the progress. By presenting intermediate initiative. These are traceable back to milestones as well as the desired end strategic intent and related maturity state, maturity models assist in models. These metrics need to be planning HOW state government will continually evaluated for relevancy. reach the next level of effectiveness, as  Valuation and Security of State well as WHEN and WHERE within state Government Information Assets. As government. presented in the previous issue brief on data governance, proper valuation of  Organizational Models, Roles and Responsibility Matrices (RASIC data and information will determine the level of investment to ensure quality and Charts)5: defines WHO should be involved in decision making, imple- appropriate security throughout the menting, monitoring and sustaining. information asset lifecycle. This is where Organizational models are a compo- the data architecture and security archi- nent of the enterprise business tecture domains touch within state architecture. An enterprise wide initia- government enterprise architecture. tive will require the authority of executive leadership and buy in from This research brief will focus on presenting all participants. Proper representation various data maturity models. Future briefs from stakeholders is also necessary for or webinars will treat other foundational managing risk. Collective wisdom can aspects of data and information gover- avoid missteps and false starts. nance. Some common themes presented Stakeholders and decision rights will by the variety of maturity models and their vary depending on the specific issue or associated migrations to the higher levels the nature of the decision. of maturity can be described as follows and also reflect a maturing enterprise  Framework: describes WHAT is architecture. governed including related concepts, components and the interrelationships  From reactive to proactive under- among them. Decomposition of standing of the management of data frameworks will uncover the necessary and information artifacts that comprise the compo- nents of the framework. The

Data Governance Part II: Maturity Models – A Path to Progress 3 NASCIO: Representing Chief Information Officers of the States

 From point solutions to managed GIS and geospatial resource management enterprise solutions initiatives have demonstrated the value of  From “siloed” data to synchronized high level associations and correlations. data and information (i.e., consis- Social networks have demonstrated the tent, quality data) value of group knowledge, and mass  From localized systems with incon- collaboration. sistent levels of data classification and security to consistent data The current issues in information manage- classification and standards based ment began with the way systems were managed security developed. Application teams worked in  From myopic approach to data isolation. Applications were built for management to an enterprise wide immediate return. And project teams were view of information incented and pressured to deliver immedi-  Migration to the capability to build ate results without proper consideration efficient information and knowledge for long term enterprise value and cost. management Point solutions contributed greatly to the current circumstances described in Data Governance Part I. Data governance initia- Strategic Planning Implementing Data Governance – tives must anticipate the necessity of Assumption: Through Maturity Models dealing with the data fragmentation that 2010, more than exists as an aftermath of these circum- 75% of organizations There are a number of data governance stances. will not get beyond maturity models that can assist in the planning and implementation of data Current federal programmatic funding Levels 1 and 2 in guidelines and restrictions have not their data quality governance. Each has strengths and can bring valuable perspectives, present contributed toward creating enterprise maturity (0.8 proba- characteristics, and form the foundation wide initiatives such as data governance. bility). for subsequently planning a data gover- Therefore, funding for enterprise wide nance delivery process. Reviewing and initiatives must come from a state general evaluating maturity models should occur or technology fund. Data governance Strategic Planning including master Assumption: Through early in the process in order to establish an understanding of the end state. This should be factored into every project 2012, less than 10% understanding is necessary to properly including those that are federally funded. of organizations will plan a data governance program. It must Reviews should be conducted to ensure achieve Level 5 data be understood that the delivery process is projects and programs are in compliance with state government principles, quality maturity (0.8 an ongoing enterprise operating discipline which fits under the greater umbrella of standards and methods. Federal funding probability). - Gartner6 enterprise architecture. As with many of the reforms should take into account the level concepts presented by NASCIO, successful of effort associated with such compliance implementation of data governance and provide the latitude and flexibility to requires an enterprise perspective. This invest responsibly at an enterprise level so perspective will be portrayed in the higher state government can do what it needs to stages of the maturity models presented in order to build long term value for the in this report. state. This will require strong partnering and collaboration between state and It should be expected that data gover- federal government. nance maturity models will also “mature” as industry, government and society There is the need for proper governance continue to “learn” how to manage and structures that provide appropriate repre- leverage data, information and knowl- sentation, decision rights, and renewed edge, and most importantly act on that methods and procedures to ensure state learning. Geospatial resources and social government is not simply responding to networks are but two examples of change. federal mandates and restrictive reporting requirements. And that state government

4 Data Governance Part II: Maturity Models – A Path to Progress NASCIO: Representing Chief Information Officers of the States

isn’t forced into “siloed”solutions because when state government is facing severe of funding restrictions. Rather, state and fiscal stress. Nevertheless, even during federal government work together to times of fiscal stress, state government develop funding mechanisms that give must make progress so it can better states the flexibility they need to build manage limited resources in the near long term value, shareable resources and term, and emerge from such times ready increased efficiency. Such an approach to move forward. It will require constancy should also allow or even encourage of purpose8, consistency in executive collaboration between state and local support, and a sustained effort by the government on joint initiatives. entire enterprise. One other aspect to this subject is the need to view data, informa- As state government begins to think of tion and knowledge from the citizens’ data, information and knowledge as one of perspective versus agency specific the most critical enterprise assets, the use perspective. The citizen would like to “see” One of the key drivers of maturity models provides a means for one state government—not a collection of assessing where the organization is today agencies. of EIM [Enterprise and what will be required to migrate to Information the desired end state. Maturity models This research brief will look at a sampling Management] is to also assist in setting expectations. The of data governance maturity models and overcome decades of journey the enterprise must take in devel- draw some conclusions regarding the role “silo-based,” applica- oping the capabilities to properly manage, of maturity models in developing data and harvest value from its knowledge governance within state government. tion-centric assets will not be an easy trip. Maturity development, in models also assist in planning what is which each system feasible in the near term—particularly maintained its own version of data and process rules to suit local performance needs. This resulted in duplication and a lack of agility within the organization.- Gartner7

Data Governance Part II: Maturity Models – A Path to Progress 5 NASCIO: Representing Chief Information Officers of the States

TABLE 1: DataFlux DATA GOVERNANCE MATURITY MODEL

Level of Maturity Characteristics

1 Undisciplined There are few defined rules and policies about data (Think Locally, Act quality and integration. There is much redundant data, Locally) differing sources, formats and records. The existing threat is that bad data and information will lead to bad decisions, and lost opportunities.

2 Reactive This is the beginning of data governance. There is much (Think Globally, Act reconciliation of inconsistent, inaccurate, unreliable Locally) data. Gains are experienced at the department level.

“Process failure and 3 Proactive It is a very difficult step to move to this phase. The information scrap (Think Globally, Act enterprise understands the value of a unified view of and rework caused Collectively) information and knowledge. The enterprise begins by defective thinking about Master Data Management (MDM). The organization is learning and preparing for the next information costs the stage. The culture is preparing to change. United States alone $1.5 trillion or 4 Governed Information is unified across the enterprise. The enter- more.” - Larry (Think Globally, Act prise has a sophisticated data strategy and framework. English, Information Globally) A major culture shift has occurred. People have Impact International, embraced the idea that information is a key enterprise Inc.10 asset.

DataFlux knowledge management, data assets and information assets. DataFlux has recently The DataFlux Data Governance Maturity modified their maturity model to empha- Model is very comprehensive. As the size a business perspective that drives the enterprise moves through the sequence need for managing data as an enterprise from stage one to stage four, the value asset, and the employment of means such harvested increases and the risk associat- as organization, process, and technology ed with “bad data” decreases. to achieve the necessary levels of data quality. The phases in the DataFlux model Tony Fisher, President and General are presented here (Table 1). Manager of DataFlux, presents an excellent overview of DataFlux developed each stage of data maturity on the SAS website.9 Fisher is maturity by describing the characteristics speaking about “Data Maturity” in that of each phase of maturity and how to presentation. The scope of his discussion move to the next phase. These character- is relevant to the subject of this research istics are formulated into four major brief—the broader view of data gover- dimensions that must be addressed as nance maturity models. Again, the terms state government matures its data gover- can get fuzzy in different conversations— nance. The dimensions are: people, policies, data governance, data management, technology and risk. DataFlux has presented

6 Data Governance Part II: Maturity Models – A Path to Progress NASCIO: Representing Chief Information Officers of the States

TABLE 2: DIMENSIONS IN THE DataFlux DATA GOVERNANCE MATURITY MODEL: LEVEL FOUR – “GOVERNED”

People Policies

 Executive sponsorship.  New project framing embraces a  Data consumers actively participate portfolio perspective considering the in strategy and delivery. full impact on existing data infrastruc-  Roles are established such as data ture. steward.  Automated policies are implemented  A data governance expertise center to ensure data consistency, accuracy exists. and reliability across the enterprise.  The organization truly embraces  Service Oriented Architecture (SOA) data quality and adopts a “zero approaches have been employed to defect” policy for data collection manage meta data including data and management. quality, data classification, identity management, and authentication.  Policy perspective is preventative rather than reactive.

Technology Risk

 Data quality and data integration  Enterprise risk management is proac- tools are standardized across the tive providing proper balance across enterprise. the enterprise portfolio.  Data monitoring is continuous,  Master data is tightly controlled across proactive and preventative involv- the enterprise but allows the enter- ing appropriate metrics. prise to be dynamic.  The enterprise has established its  Enterprise data is consistent, reliable, master data model – or The and available to enable effective Enterprise Data Model – data decision making. models are maintained using consistent approaches and standards.  Data models capture semantic business rules that provide the business understanding and techni- cal details of all enterprise data.

that although there is no single path to descriptions are self evident regarding reaching the higher levels of data gover- how to move up the maturity ladder. As nance, whatever path is taken, it will an example, the four dimensions that require careful attention to these four apply to the target maturity level—Level dimensions. Each stage has an associated Four—can be characterized as shown in profile detailing these four dimensions. Table 2.11 Further detail on this model and One of the strengths of this maturity the profiles for the other levels of maturity model is these detailed descriptions. The can be found in the article cited.

Data Governance Part II: Maturity Models – A Path to Progress 7 NASCIO: Representing Chief Information Officers of the States

FIGURE 1: DataFlux DATA GOVERNANCE MATURITY MODEL

The latest version of the DataFlux data governance framework is as shown in Figure 1. This framework also presents the technology adoption that characterizes the various phases. Each level of maturity has associated “business capabilities” or business behaviors, and examples of technologies employed. As the enterprise progresses to the higher levels of data governance maturity, there is greater reward —return on information and knowledge assets—and a parallel reduction in risk.

8 Data Governance Part II: Maturity Models – A Path to Progress NASCIO: Representing Chief Information Officers of the States

TABLE 3: EWSolutions DATA GOVERNANCE MATURITY MODEL

Level of Characteristics Maturity

1 Informal Reactive, dependent on a few skilled individuals, responsibilities assigned across separate IT Processes groups, few defined IT roles, data regarded as a minor by-product of business activity. Redundant, undocumented data, disparate databases without architecture, minimal data integration and cleansing, point solutions.  Little or no business metadata  Diverging semantics  Some commonly used approaches but with no enterprise-wide buy in  Little or no business involvement, no defined business roles  Reactive monitoring and problem solving

2 Emerging Beginning to look at enterprise wide management and stewardship, no standard approaches, early Processes enterprise architecture, growing intuitive executive awareness of the value of information assets.  Initial forays in data stewardship and governance but roles are unclear and not ongoing  Initial efforts to implement enterprise-wide management, but with contention across groups with differing perspectives  Enterprise architecture and master meta data management projects are underway  Some processes are repeatable

3 Engineered Standard processes, enterprise information architecture, active executive sponsorship, central Processes metadata management, periodic audits and proactive monitoring.  Ongoing, clearly-defined business data stewardship  Central enterprise data management organization  Enterprise data architecture guides implementations  Quality service level agreements are defined and monitored regularly  Commitment to continual skills development

4 Controlled Measureable process goals are established for each defined process. Processes  Quantitative measurement and analysis of each process occurs  Beginning to predict future performance  Defects are proactively identified and corrected

5 Optimized Quantitative and qualitative understanding used to continually improve each process. Processes  Value is monitored continuously  Understanding of how each process contributes to the strategic business intent

EWSolutions of this model is presented in EWSolutions course materials.12 EWSolutions present EWSolutions presents a maturity model their maturity model early in their training they title the “EIM Maturity Model” which on data governance and stewardship which presents five phases. EIM refers to demonstrates the value of maturity models Enterprise Information Management. The as a communication and planning tool. phases in the EWSolutions model are presented in Table 3. The full presentation

Data Governance Part II: Maturity Models – A Path to Progress 9 NASCIO: Representing Chief Information Officers of the States

FIGURE 2: Gartner EIM MATURITY MODEL

Gartner serious about managing information assets. It is important to understand this Garter introduced their enterprise infor- maturity model accompanies Gartner’s mation management maturity model in definition of EIM. This maturity model also December of 2008 (Figure 2).13 Gartner presents action items for each level of makes the point that enterprise informa- maturity (Table 4). Gartner’s EIM concept tion management (EIM) is not a single presents an integrated, enterprise wide project. Rather, it is a program that evolves approach to managing information assets over time. and has five major goals that comprise an EIM discipline (Figure 3). Gartner presents that “managing informa- tion as an asset” has gained new attention by top management. Further, over the next five years industry will focus on managing information as a strategic asset. Gartner developed their maturity model to provide guidance to organizations that are

10 Data Governance Part II: Maturity Models – A Path to Progress NASCIO: Representing Chief Information Officers of the States

TABLE 4: Gartner EIM DATA GOVERNANCE MATURITY MODEL

Level of Characteristics Maturity

0 Unaware  Strategic decision made without adequate information  Lack of formal information architecture, principles, or process for sharing infor- mation  Lack of information governance, security and accountability  Lack of understanding of meta data, common taxonomies, vocabularies and data models

Action Item: Architecture staff and strategic planners should informally educate IT and business leaders on the potential value of EIM, and the risks of not having it, especially legal and compliance issues.

1 Aware  Understanding of the value of information  Issues of data ownership  Recognized need for common standards, methods and procedures  Initial attempts at understanding risks associated with not properly managing information

Action Item: Architecture staff needs to develop and communicate EIM strategies and ensure those strategies align with [the state government] strategic intent and enterprise architecture.

2 Reactive  Business understands the value of information  Information is shared on cross-functional projects  Early steps toward cross-departmental data sharing  Information quality addressed in reactive mode  Many point to point interfaces  Beginning to collect metrics that describe current state

Action Item: Top management should promote EIM as a discipline for dealing with cross-functional issues. The value proposition for EIM must be presented through scenarios and business cases.

3 Proactive  Information is viewed as necessary for improving performance  Information sharing viewed as necessary for enabling enterprise wide initiatives.  Enterprise information architecture provides guidance to EIM program  Governance roles and structure becomes formalized  Data governance integrated with systems development methodology

Action Item: Develop a formal business case for EIM and prepare appropriate presentations to explain the business case to management and other stakeholders. Identify EIM opportunities within business units [agencies and divisions].

Data Governance Part II: Maturity Models – A Path to Progress 11 NASCIO: Representing Chief Information Officers of the States

Level of Characteristics Maturity

4 Managed  The enterprise understands information is critical  Policies and standards are developed for achieving consistency. These policies and standards are understood throughout the enterprise  Governance organization is in place to resolve issues related to cross-functional information management  Valuation of information assets and productivity metrics are developed

Action Item: [Agency and division] information management activities should be inventoried and tied to the overall [state government] EIM strategy. EIM must be managed as a program not a series of projects. Chart progress using a balanced scorecard for information management.

5 Effective  Information value is harvested throughout the information supply chain  Service level agreements are established  Top management sees competitive advantage to be gained by properly exploit- ing information assets  EIM strategies link to risk management, productivity targets  EIM organization is formalized using one of several approaches similar to . The EIM organization coordinates activities across the enterprise

Action Item: Implement technical controls and procedures to guard against complacency and to sustain informa- tion excellence even as the [state government] changes.

FIGURE 3: Gartner EIM GOALS

Integrated Master Data Domains Seamless Unified Information Content Flows EIM Goals Data Meta Data Integration Management Across the and Semantic IT Portfolio Reconciliation

12 Data Governance Part II: Maturity Models – A Path to Progress NASCIO: Representing Chief Information Officers of the States

FIGURE 4: IBM Data Governance Council – DATA GOVERNANCE DOMAINS

Elements of Effective Data Governance

Outcomes Data Risk Management & Value Creation Compliance

Enablers

Organizational Structures & Awareness Requires

Policy Stewardship

Enhance Core Disciplines

Data Information Information Quality Life-Cycle Security Management Management and Privacy

Supports Supporting Disciplines

Data Classification & Audit Information Architecture Metadata Logging & Reporting

IBM Business outcomes require enablers. Enablers are supported through core and Data governance has risen to such promi- supporting disciplines. Each of the nence that IBM has created a Data domains or disciplines depicted can be Governance Council.14 One of the initia- further broken down into multiple compo- tives from this council is a data nents. This paper won’t fully explore this governance maturity model based on the model in depth but will present the defini- Software Engineering Institute (SEI) tions of each domain. The maturity of each Capability Maturity Model (CMM).15, 16 The domain is evaluated and assessed individ- Data Governance Council’s Maturity Model ually on a scale from 1 to 5. The intent is defines a set of domains that comprise not to score—rather to determine the AS data governance. Review of these IS and manage progress through the domains is a first step in understanding various maturity levels (Table 5). the IBM maturity model. The 11 domains reside within four major groupings: In concert with this framework, IBM Outcomes, Enablers, Core Disciplines, and developed the maturity model presented Supporting Disciplines. Interactions among in Figure 5. these groupings are depicted in the diagram above (Figure 4). The maturity model is the “yardstick” for assessing and measuring progress within each of the 11 domains. The referenced report that presents this maturity model was published in October of 2007. In July

Data Governance Part II: Maturity Models – A Path to Progress 13 NASCIO: Representing Chief Information Officers of the States

TABLE 5: IBM Data Governance Council – DATA GOVERNANCE DOMAIN DEFINITIONS

Domain Description

Data Risk Management The methodology by which risks are identified, qualified, and quantified, avoided, & Compliance accepted, mitigated or transferred out.

Value Creation The process by which data assets are qualified and quantified to enable the business to maximize the value created by data assets.

Organizational Description of the level of mutual responsibility between the business and IT, and Structures & Awareness the recognition of the fiduciary responsibility to govern data at different levels of management.

Policy A description of the desired organizational behavior(s).

Stewardship A quality control discipline designed to ensure custodial care of data for asset enhancement, risk management, and organizational control.

Data Quality Methods to measure, improve and certify the quality and integrity of production, Management test and archival data.

Information Lifecycle A systematic policy-based approach to information collection, use, retention, and Management deletion.

Information Security & The policies, practices and controls used by the organization to mitigate risk and Privacy protect data assets.

Data Architecture The architectural design of structured and unstructured data systems and applica- tions that enable data availability and distribution to appropriate users.

Classification & The methods and tools used to create common semantic definitions for business Metadata and IT terms, data models, data types, and repositories. Metadata that bridge human and computer understanding.

Audit Information, The organizational processes for monitoring and measuring the data value, risks, Logging & Reporting and efficacy of governance.

14 Data Governance Part II: Maturity Models – A Path to Progress NASCIO: Representing Chief Information Officers of the States

FIGURE 5: IBM Data Governance Council MATURITY MODEL

 Up to 75% of information workers have made decisions that turned out to be wrong due to flawed data.

 As much as 30% of the work week is spent verifying of 2008, the Council announced its plans various domains of enterprise architecture to develop a data governance framework will naturally, and most likely be at differ- the accuracy and based on this maturity model. ent levels of maturity. That brings up a quality of data. differentiating property of the IBM maturi- As described earlier, maturity models and ty model. It is used to assess the individual  Only 10% of frameworks are necessary members of the maturity of 11 separate domains. knowledge data governance toolbox. The maturity model describes the milestones in the workers believe journey. The framework presents concepts Knowledge Logistics they always have and the most prominent of the relation- all the information ships among the concepts. A methodology The Commonwealth of Kentucky has initi- needed to confi- will describe how to navigate the frame- ated a data governance initiative using a dently make work in order to travel up the maturity maturity model designed by Knowledge effective business model. Logistics (Table 6). This model also follows 17 closely with the CMM levels of maturity. As decisions. One of the values of maturity models is with the other maturity models presented, that in describing the characteristics of characteristics change or evolve from each stage, they describe enterprise reactive, independent activities to very characteristics sought, independent of any sophisticated leverage of information maturity model. State government does assets not only for historical analysis but not have to follow a linear path through predictive activities. these stages. A foundational concept that was used in the NASCIO Enterprise Architecture Maturity Model was that the

Data Governance Part II: Maturity Models – A Path to Progress 15 NASCIO: Representing Chief Information Officers of the States

TABLE 6: Knowledge Logistics DATA GOVERNANCE MATURITY LEVELS

Level of Maturity Characteristics

1 Initial  Entrepreneurial  Few Users  Individual  Rules Unknown  Fragmented  Variable Quality  Chaotic  Costly  Idiosyncratic

2 Repeatable  Departmental  Local Standards  Consolidation  Internal Data Quality  Reconciliation  Specialist Users  Internally Defined  Local Process  Reactive  Costly

3 Defined  Integration  Centralized Data Quality  Enterprise View  Planned & Tracked  Data Accountability  Wide Data Usage  Strategic Alignment  Metadata Management  Standards  Common Technology  Sharing & Reuse  Efficient

4 Managed  Quantitative Control  Process Efficiency &  Closed Loop Effectiveness  Low Latency  Built-in Quality  Interactive  Extended Value Chains  Unstructured Data  High Availability  Collaborative

5 Optimized  Improvement &  Competitive Intelligence Innovation  Data Assets Valued  Real-time  Self-managing  Extensive Data Mining  Knowledgeable

16 Data Governance Part II: Maturity Models – A Path to Progress NASCIO: Representing Chief Information Officers of the States

TABLE 7: MDM Institute DATA GOVERNANCE MATURITY LEVELS

Level of Maturity Characteristics

1 Basic Application-centric approach; meets business needs (“anarchy”) only on project-specific basis.

2 Foundational Policy-driven standardization on technology and (“IT monarchy”) methods; common usage of tools and procedures across projects.

3 Advanced Rationalized data, with data and metadata actively (“business monar- shared in production across sources. chy”) When organizations articulate a desire to 4 Distinctive Based on service-oriented architecture (SOA) with “manage information (“Federalist”) modular components, integrated view of compliance as an enterprise requirements, formalized organization with defined asset,” they often roles and responsibilities, clearly defined metrics, and an iterative learning cycle. don’t know how to begin. - Gartner19

MDM Institute “The formal orchestration of people, processes, and technology to enable an The MDM Institute (formerly known as the organization to leverage data as an CDI Institute) presents the data gover- enterprise asset.” nance maturity model18 shown in Table 7. —The MDM Institute definition of data governance This model provides an excellent starting point for initiating the conversation about This model is phased with fewer steps, but data governance. The essence of this is based on the same concept of an evolv- model is a migration from the initial state ing maturity. At the higher levels the which is described as reactive, no control, business side of the organization is playing application and project driven to a formal- an active role. ized approach. The MDM Institute emphasizes leveraging service oriented architecture (SOA) as a foundational approach for planning, designing and implementing enterprise services includ- ing data and information services. The MDM Institute’s definition of data gover- nance also has a Master Data Management (MDM) focus in level 3 and an SOA flavor to distribute the governed master data across the enterprise in step 4.

Data Governance Part II: Maturity Models – A Path to Progress 17 NASCIO: Representing Chief Information Officers of the States

FIGURE 6: Oracle DATA GOVERNANCE MATURITY MODEL

TRANSFORMATIONAL BEST PRACTICE Stage IV STABLE Stage III Data Governance is quantitatively MARGINAL Stage II Process automation managed, and is and improvement. integrated with Stage I Tactical Business Intelligence, implementations, Enterprise business SOA, and BPM. Manually maintain limited in scope and solution, which trusted sources. target a specific provides single version Data Governance is division. of the truth, with leveraged in business Inconsistent siloed closed -loop data process orchestration. structures with limited Limited scope and quality capabilities. integration. stewardship capabilities. Driven by an Gaps in automation. enterprise architecture Typically done to gain group. experience.

Oracle Corporation be used to determine what steps an enter- prise will need to make to improve its data Oracle is well known for its emphasis on a governance capabilities. That intention is well designed underlying data architec- in direct support of the rationale and ture. Oracle Corporation maintains an intended outcome of this research brief expertise in data governance consistent and provides validation of our approach. with the definitions for data governance presented in NASCIO’s Data Governance As described in the introduction, Oracle Part I issue brief. Effective data gover- Corporation also believes that a data nance must correctly align people, governance maturity model will assist the processes, and technology to convert data enterprise in determining where they are into strategic information and knowledge in the evolution of their data governance assets for the state government enterprise. discipline and identifies the short-term steps necessary to get to the next level It is important to understand that the data (Figure 6 & Table 8). Each step on the that needs governing resides across a journey has associated measurable key wide variety of heterogeneous applica- performance indicators with real return on tions and business intelligence systems. investment that justifies the cost. Most data quality problems begin in these fragmented applications. The very nature of this data makes it difficult to manage A Survey of Progress in Data and creates challenges for data gover- Governance nance. So where do organizations stand in their Becoming an organization that fully progress? A survey was conducted by controls and leverages its key data assets Aiken, Allen, Parker, and Mattia that is an evolutionary process. Oracle’s Data explored the current standing of data Governance Maturity Model is intended to management practice maturity.20

18 Data Governance Part II: Maturity Models – A Path to Progress NASCIO: Representing Chief Information Officers of the States

TABLE 8: Oracle DATA GOVERNANCE MATURITY LEVELS

Level of Maturity Characteristics

1 Marginal Stage I reflects an organization that has started to understand the need for data governance. They will need to expand the scope of ongoing data quality initiatives, and add data stewardship capabilities.

2 Stable Stage II is characterized by division wide data gover- nance initiatives with data governance teams in place. Socializing the successes achieved at this level helps drive increased demand for further progress. Enterprise wide teams need to be formed and cross divisional conflicts around data ownership and access rights need to be resolved. Master Data Management solutions need to be deployed.

3 Best Practice Stage III organizations are running best data gover- nance practices across their enterprise. Data governance policies are executed automatically by Master Data Management execution engines, and feedback loops that report results directly back to the governance committees.

4 Transformational Stage IV integrates the proven quality data in the appli- cations and business intelligence tools directly into all business processes to achieve transformational status for the organization.

Although this research brief is focused on harvested for value. This study also data governance, the research from Aiken provides state government with assistance et al. is very relevant to our discussion in determining how it stacks up against because of the consistency in the the rest of the “world” regarding its outcomes sought. This research brief, the management of information assets—is research by Aiken et al., and the summary state government ahead, behind, or on par of each of the maturity models are all with industry, federal government, etc. directed at the same outcome: managing data, information and knowledge as enter- The results are consistent with where prise assets in order to achieve enterprise states currently reside on any maturity intent. scale. However, the point made by Aiken et al., is that armed with this information 175 organizations were assessed during many organizations will see the opportu- the period 2000 to 2006 with the intent of nity for competitive advantage by determining the maturity of data manage- deliberately directing resources and incen- ment practices. Such a study provides a tives to pursue higher levels of maturity in general understanding of progress made managing enterprise information assets. in truly managing information as an enter- State government isn’t necessarily subject prise asset and how carefully it is to competitive forces that characterize

Data Governance Part II: Maturity Models – A Path to Progress 19 NASCIO: Representing Chief Information Officers of the States

FIGURE 7: ORGANIZATIONS IN SURVEY

most markets. However, state government ratings of 1, 2, 2, 3, and 2; the overall rating is involved in an unprecedented pressure for that organization would be 1. to make gains in effectiveness while facing Assessments scores adjusted for self ongoing fiscal crisis. In this way, competi- reporting inflation present that the partici- tive forces are turned inward—state pants were somewhere between “Initial” agencies may eventually be evaluated for and “Repeatable” on the maturity model effectiveness and may in future compete used. As stated by the researchers, the for limited internal resources. Therefore, results may be a motivator for organiza- the pressure is still on government and tions to actively pursue the higher levels of even non-profit organizations to effective- maturity. State government is very early in ly manage enterprise information assets. terms of data governance maturity. However, this study by Aiken et al., Figure 7 presents a profile of the organiza- presents that state government isn’t tions that participated in this survey. necessarily in “catch up” mode. However, it can be anticipated that organizations will The maturity model used is based primari- become more prudent in their manage- ly on the Carnegie Mellon University ment of information assets. Software Engineering Institute’s Capability Maturity Model Integration (CMMI)21 and resembles maturity models presented The Value of Maturity Models earlier in this report. The rationale presented by Aiken et al. is the adaptation Better data leads to better information and prevalent usage of CMMI maturity which will lead to better informed decision levels to other areas of software engineer- makers. Better decisions will necessarily ing. The data maturity levels are lead to better service to citizens. Proper presented in Table 9. This approach data governance leads to state govern- provides the ability to compare the ment becoming less reactive and more maturity of data management with other predictive in its activities toward serving domains within enterprise architecture. citizens. Proper data governance leads to state government acting as “one govern- The assessment evaluated 5 predefined ment” rather than a collection of data management processes (adapted independent agencies. Proper manage- from Parker22). (See appendix for defini- ment of data, information and knowledge tions of these processes and the statistical assets provides economic gains, and results from this survey.) Per CMMI compliance with security and privacy practice, overall ratings for participants in requirements. An important tool state the self-assessment were based on the government can use to chart and evaluate lowest rating achieved on the 5 data its progress in improving the quality of its management processes. In other words, if data and information are data governance an organization achieved individual maturity models.

20 Data Governance Part II: Maturity Models – A Path to Progress NASCIO: Representing Chief Information Officers of the States

TABLE 9: Aiken et al. – DATA GOVERNANCE MATURITY LEVELS

Level Name Practice Quality and Results Predictability

1 Initial The organization lacks the neces- The organization depends on entirely sary processes for sustaining data on individuals, with little or no corpo- management practices. Data rate visibility into cost or management is characterized as ad performance, or even awareness of hoc or chaotic. data management practices. There is variable quality, low results predictability, and little to no repeata- bility.

2 Repeatable The organization might know The organization exhibits variable where data management expertise quality with some predictability. The exists internally and has some abili- best individuals are assigned to criti- ty to duplicate good practices and cal projects to reduce risk and successes. improve results.

3 Defined The organization uses a set of Good quality results within expected defined processes, which are tolerances most of the time. The published for recommended use. poorest individual performers improve toward the best performers, and the best performers achieve more leverage.

4 Managed The organization statistically Reliability and predictability of forecasts and directs data manage- results, such as the ability to deter- ment, based on defined processes, mine progress or six sigma versus selected cost, schedule, and three sigma measurability, is signifi- customer satisfaction levels. The cantly improved. use of defined data management processes within the organization is required and monitored.

5 Optimizing The organization analyzes existing The organization achieves high levels data management processes to of results certainty. determine whether they can be improved, makes changes in a controlled fashion, and reduces operating costs by improving current process performance or by introducing innovative services to maintain their competitive edge.

Data Governance Part II: Maturity Models – A Path to Progress 21 NASCIO: Representing Chief Information Officers of the States

A number of maturity models have been and levels of government. The citizen presented. Much value is brought to the eventually sees “one government.” All of enterprise by examining these structures. these behaviors and characteristics are The organization will understand the founded on proper management of state complexities of data governance, and government data, information and knowl- begin to explore what it will take to devel- edge assets with the ultimate op a sustained, successful data governance outcome—benefiting the citizen. effort. Management and technical staff will gain an appreciation of the compo- The language and progressive dynamic nents, scope and depth, and level of effort used in maturity models facilitate conver- required to initiate a data governance sation and understanding among program and that it will take time to technical staff, business staff and upper achieve the higher levels of maturity. The management, and strategic partners. state government enterprise can adapt its Seeing the relationships among the own maturity model and framework from various components of data governance this mix of ideas. helps develop the necessary understand- ing and prepares the organization to Common across these maturity models is begin development of a delivery process the progressive maturing from strictly to launch and sustain a data governance reactive to predictive. It is the predictive initiative. Frameworks and maturity nature that is the intended long term models can also be used in conversation capability sought—not only to manage with partners to compare and contrast risk, but to anticipate, uncover and prepare various approaches and sequencing in for opportunities and threats. This predic- data governance. tive capability will include identifying potential opportunities and threats and The elements in the data governance the impact of these vectors on state framework and maturity model will government. Understanding of impact depend most on what the enterprise is then leads to proactive development of trying to accomplish and how information effective response. Because the future can assets can enable that intent. State not be predicted with certainty, stochastic government will be most interested in modeling, or probability analysis, can be data quality, properly managing citizen employed to present multiple outcome information, and using business intelli- scenarios. The enterprise architect would gence and analytics to predict trends, the create these scenarios based on the analy- impact of those trends and determining sis of information assets from inside the state government response. enterprise and leveraging the information assets of its partners. The outcome sought It is expected that state government will is government that is no longer simply not have the resources to necessarily reacting, but is prepared for any foresee- create a separate governance structure for able circumstance. At this point the managing data and information. However, enterprise is truly dynamic, agile, fluid, some state governments have established adaptive and spontaneous. the roles of data stewards, data architects, data analysts, and data base administra- Managing data, information and knowl- tors. State government may also have edge assets in this way is not strictly an IT existing enterprise IT governance and initiative—this is an enterprise initiative would be best served by incorporating demonstrating strong collaboration across data governance into this existing gover- business and technology, strategists and nance structure. implementers, policy makers and citizens, career government employees and elect- ed officials. This also demonstrates government that has created successful collaboration across multiple jurisdictions

22 Data Governance Part II: Maturity Models – A Path to Progress NASCIO: Representing Chief Information Officers of the States

Conclusions and Observations  The states must face the challenge of stove-piped federal program funding  In an effort to better serve the citizen which creates “islands of data.” through increased efficiencies and a Solutions developed under this common viewpoint, data must be funding will also be stove-piped. State managed. government must continue to reach out to federal agencies through  Some of the rationale for data gover- NASCIO, NGA, and NCSL to move the nance is to gain the capability to federal government toward reforma- respond strategically and tactically to tion of current federal funding business challenges; respond immedi- restrictions and reporting to actually ately in an emergency; and ensure encourage enterprise-wide solutions government responses are orchestrat- that touch multiple government lines ed through collaborative information of business. State government must sharing. Without enterprise data have the ability to access, share, and governance, state government is analyze information from across state crippled in its ability to respond to agencies and programs in order to opportunities and challenges— effectively deliver services, identify response will be inconsistent, arbitrary fraud, avoid redundant investment and and ineffective across agencies. service delivery, and provide a “one state government” view to citizens.  Data governance encourages the measurement of successes and failures.  Data governance will not happen Goals, objectives and strategies cannot without the support of government be defined, understood, communicat- leadership. The state CIO is in the best ed, or measured without quality data. position organizationally and techni- cally to initiate and champion data  Maturity models provide a measure for governance. Understand the impor- the state enterprise to gauge its tance of data, information and success in managing data and informa- knowledge assets in achieving a vision tion as an enterprise asset. for eDemocracy and 21st Century government.  Data governance maturity models can be used as references in communica- tion, awareness building, and the marketing of data governance.

Data Governance Part II: Maturity Models – A Path to Progress 23 NASCIO: Representing Chief Information Officers of the States

Calls to Action for the State CIO and State Government

1. Begin now to develop expertise and governance for managing data, information and knowledge assets.  Given current economic stresses, focus on those areas of data governance most relevant to enabling effec- tive tactical and strategic response.  Begin to develop a library of case studies that present the economics of data governance and, real outcomes and illustrative consequences that resonate with policy makers. Examples include: fraud detection and prevention; avoidance of redundant or duplicative citizen assistance; improved business processes and decision making; consequences of poor or conflicting information for decision making during a crisis; poten- tial and real outcomes when first responders, including firefighters, law enforcement officers, and paramedics, don’t have complete information when entering an emergency situation; the cost of research that becomes necessary when information from various sources is in conflict.

2. Begin to build awareness through communications and marketing initiatives.  The intent of these initiatives is to move the culture and organization of state government toward under- standing the necessity of managing information as a state government enterprise asset.  Consider the cost of unreliable information or conflicting information from different sources and how that hampers state government’s ability to gather and analyze state data particularly in responding to the current economic crisis.

3. Understand the scope of data governance.  Identify opportunity areas for early initiatives.  Scope management will be critical – targeted initiatives must be carefully selected.  Begin to identify strategic partnerships that are necessary for implementing an effective, sustained effort (e.g., private industry and public entities; intergovernmental agencies; counties, cities and states).

4. Ensure that data governance has appropriate representation from business stakeholders, i.e., the real owners of the information.  Data and information only has value to the extent that it enables the business units within state government and their partners.  Any efforts to develop effective data governance must involve close collaboration between the business unit partners and IT that recognizes the decision rights associated with the various roles in state government.

5. Implement data governance within existing enterprise and data architecture practice.  Data governance is not a separate activity. Rather, it is an important mechanism for managing enterprise information and knowledge assets within the scope of enterprise architecture.

24 Data Governance Part II: Maturity Models – A Path to Progress NASCIO: Representing Chief Information Officers of the States

Appendix A

Data Management Processes defined by B. Parker.23 The five data management processes evaluated by Aiken et al., were as follows and are further described in the article cited. 24 Research Results Research Maturity Level Range / Average Unadjusted for Self- Reporting Inflation 3.31 / 2.71 2.06 to 2.66 / 2.44 2.18 to 2.40 / 2.18 1.96 to 2.46 / 2.12 1.57 to 2.66 / 2.38 2.04 to (no data) Program data: Descriptive proposi- Descriptive data: Program tions or observations needed to control, sustain, document, establish, data- organizational and improve activitiesoriented such as vision, policies and metrics. goals, facts, Descriptive data: Development or observations used to propositions, and document the struc- develop of data – and interrelationships tures database data models, example, for and specifications. designs, facts Descriptive data: Stewardship about data documenting semantics defini- and syntax – such as name, tion, and format. Data Type Data and their Facts Business data: enter- constructs accomplish used to prise business activities – such as and files. records data elements, Focus Implementation Implementation Direction Direction Direction and Implementation Implementation Leverage data in Leverage business activities. Description data Achieve sharing within a business area. reliable Provide data. to access Provide appropri- Provide data ate management and processes technological infrastructure. business- Achieve entity subject area data integration. Achieve organiza- Achieve tional sharing of data. appropriate Organizational Data Integration Data Stewardship Data Development Data Support Operations Data Asset Use Data Asset Process Data Program Coordination

Data Governance Part II: Maturity Models – A Path to Progress 25 NASCIO: Representing Chief Information Officers of the States

Appendix B: Acknowledgements Jeanne Owings, Partner, Program Management, Crowe Horwath LLP

Tom Baden, Enterprise Architect, The State Doug Robinson, Executive Director, of Minnesota NASCIO

Scott Batchelor, Marketing Bill Roth, Chief Technology Architect, The Communications Director, DataFlux | A SAS State of Kansas Company Jim Salb, Enterprise Architect, The State of Dr. Jim Bryant, Chief Engineer and Delaware Scientist, Joint Medical Information Systems Lockheed Martin Information Tricia Anne Saunders, Data Architect, The Systems and Global Services State of Delaware

Dave Butler, Master Data Management Dr. Anne Marie Smith, Principal Consultant, Initiative, Oracle Corporation Director of Education, EWSolutions, Inc.

Micheline Casey, Director of Identity Daniel Teachey, Senior Director of Management, Governor’s Office of Marketing, DataFlux | A SAS Company Information Technology, The State of Colorado Glenn Thomas, Director of IT Governance, The Commonwealth of Kentucky Anthony Collins, Chief Enterprise Architect, The State of Delaware Christopher Traver, Senior Policy Advisor, Bureau of Justice Assistance, U.S. Robert Culp, Alliance Manager, ESRI Department of Justice Strategic Alliance, IBM Chuck Tyger, Associate Director Enterprise Mike Dunham, Senior Principle Consultant, Architecture, The Commonwealth of Keane Federal Systems, Inc. Virginia

Lauren Farese, Director, Public Sector Chris Walls, Senior Website & Publications Solution Architects, Oracle Corporation Coordinator, AMR Management Services

Michael Fenton, Director of Enterprise Tom Walters, Division of Data Architecture, Architecture, The State of North Carolina, The Commonwealth of Kentucky Office of Information Technology Services

Stephen Fletcher, Chief Information Officer, State of Utah, Co-Chair of the NASCIO Enterprise Architecture Committee

Christopher Ipsen, Chief Security Officer, The State of Nevada

Tom McCullough, Principal Architect Software Systems, Lockheed Martin

David Newman, Vice President, Research, Gartner, Inc.

26 Data Governance Part II: Maturity Models – A Path to Progress NASCIO: Representing Chief Information Officers of the States

Appendix C: Resources List of NASCIO Corporate Partners http://www.nascio.org/ NASCIO www.nascio.org aboutNascio/corpProfiles/

IT Governance and Business List of NASCIO Publications Outcomes – A Shared http://www.nascio.org/ Responsibility between IT and publications Business Leadership http://www.nascio.org/committees/ List of NASCIO Committees EA/download.cfm?id=98 http://www.nascio.org/ committees Data Governance – Managing Information As An Enterprise The Data Administration Newsletter Asset Part I – An Introduction http://www.tdan.com/index.php http://www.nascio.org/committees/ Presents 8 chapters that describe EA/download.cfm?id=100 how to implement data gover- nance Enterprise Architecture: The Path to Government Transformation The Data Governance Institute http://www.nascio.org/committees/ http://datagovernance.com/ EA/ DGI created a poster on data governance that can be Call for Action, A Blueprint for downloaded, or ordered in Better Government: The hardcopy online. Information Sharing Imperative http://www.nascio.org/advocacy/ The Data Management Association dcFlyIn/callForAction05.pdf International – DAMA – www.dama.org The Data Management Body of PERSPECTIVES: Government Knowledge (DMBOK) including a Information Sharing Calls to framework of data management Action functions and environmental http://www.nascio.org/ elements. publications/index.cfm#19 http://www.dama.org/i4a/pages/ index.cfm?pageid=3364 In Hot Pursuit: Achieving Interoperability Through XML The IT Governance Institute (ITGI) http://www.nascio.org/ http://www.itgi.org/ publications/index.cfm#21 Information Systems Audit and Control Association (ISACA) We Need to Talk: Governance http://www.isaca.org/ Models to Advance Communications Interoperability Certification in Governance of http://www.nascio.org/ Enterprise IT (CGEIT) from ISACA publications/index.cfm#50 http://www.isaca.org/Template.cfm? Section=Certification&Template=/Tagged A National Framework for Page/TaggedPageDisplay.cfm&TPLID=16& Collaborative Information ContentID=36129 Exchange: What is NIEM? The Center for Information Systems http://www.nascio.org/ Research (CISR) publications/index.cfm#47 http://mitsloan.mit.edu/cisr/ The National Information Exchange Model (NIEM) www.niem.gov

Data Governance Part II: Maturity Models – A Path to Progress 27 NASCIO: Representing Chief Information Officers of the States

Global Justice Reference Architecture for SOA http://www.it.ojp.gov/topic.jsp?topic_id=2 42 Global Justice Reference Architecture (JRA) Specification: Version 1.7 http://www.it.ojp.gov/documents/ JRA_Specification_1-7.doc

The Global Justice Reference Architecture (JRA) Web Services Service Interaction Profile Version 1.1 http://www.it.ojp.gov/documents/ WS-SIP_Aug_31_version_1_1_ FINAL(3).pdf

The Global Justice Reference Architecture (JRA) ebXML Messaging Service Interaction Profile Version 1.0 http://www.it.ojp.gov/documents/ ebXML_SIP_v01_Final_Version_ 100407.pdf

28 Data Governance Part II: Maturity Models – A Path to Progress NASCIO: Representing Chief Information Officers of the States

Appendix D: Endnotes 9 “The Four Stages of Data Maturity”, DataFlux, Tony Fisher, retrieved on November 10, 2008, from 1 “Data Governance – Managing http://www.sas.com/news/sascom/2007q4 Information As An Enterprise Asset Part I – /column_tech.html. An Introduction”, NASCIO, April, 2008, available at www.nascio.org/publications. 10 “The Four Stages of Data Maturity”, page 2; English, Larry. “Plain English about 2 Note: this report has been liberal regard- Information Quality: Information Quality ing the inclusion of maturity models. The Tipping Point.” DM Review, July 2007. words “data management” or “enterprise information management” may appear in the title of a specific maturity model. 11 Adapted from “The Data Governance Nevertheless, if a maturity model captures Maturity Model”, DataFlux Corporation. the essence relevant to this report, then it This paper presents these characteristics at was included. the various stages of data governance maturity. Retrieved on March 11, 2008, from http://www.dataflux.com/resources/ 3 “Transforming Government through resource.asp?rid=184. Change Management: The Role of the State CIO”, April 2007, NASCIO, www.nascio.org/publications. 12 See course materials from EWSolutions, “Enterprise Data Governance and Stewardship”, available for purchase at 4 “IBM Council Predicts Data Will Become www.EWSolutions.com. an Asset on the Balance Sheet and Data Governance a Statutory Requirement for Companies Over Next Four Years”, IBM 13 Newman, D., Logan, D., “Gartner press release, ARMONK, NY - 07 Jul 2008, Introduces the EIM Maturity Model”, see http://www-03.ibm.com/press/us/ Gartner Research, ID Number: G00160425. en/pressrelease/24585.wss. 14 See IBM Data Governance Council, 5 RASIC charts present assigned roles http://www-01.ibm.com/software/tivoli/ within a project team: responsible, governance/servicemanagement/ approving, supporting, informed, and data-governance.html. consulting. 15 See Carnegie Mellon Software 6 Gartner’s Data Quality Maturity Model, Engineering Institute at www.sei.cmu.edu. February 7, 2007, ID Number G001139742. 16 IBM Data Governance Council Maturity 7 Newman, D., Blechar, M.J., “Putting Model, October 2007, retrieved on May 12, Enterprise Information Management in 2008, from http://www-935.ibm.com/ Context”, Gartner, June 1, 2007, ID Number: services/uk/cio/pdf/leverage_wp_data_go G00148273. v_council_maturity_model.pdf.

17 8 The first of Dr. W. Edwards Deming’s 14 Thomas, G.J., “Application of the DMBOK Points. Deming, W.E., Out of The Crisis, in an Enterprise Data Architecture”, presen- Massachusetts Institute of Technology, tation at 2008 DAMA Conference. Center for Advanced Engineering Study, 1986. ISBN: 0911379010. 18 “Corporate Data Governance Best Practices, 2006-07 Scorecards for Data Governance in the Global 5000, The CDI Institute, April 2006, www.The-CDI- Institute.com.

Data Governance Part II: Maturity Models – A Path to Progress 29 19 Newman, D., Blechar, M.J., page 8. Disclaimer

20 Aiken, P., Allen, D., Parker, B., Mattia, A., NASCIO makes no endorsement, express “Measuring Data Management Practice or implied, of any products, services, or Maturity: A Community’s Self-Assessment”, websites contained herein, nor is NASCIO Computer, Vol. 40, Iss. 4, April 2007, pp. 42-53. responsible for the content or the activi- ties of any linked websites. Any questions 21 Carnegie Mellon University Software should be directed to the administrators Engineering Institute, Capability Maturity of the specific sites to which this publica- Model: Guidelines for Improving the tion provides links. All critical information Software Process, 1st ed., Addison-Wesley should be independently verified. Professional, 1995. This report and the NASCIO Enterprise Architecture Program are funded by a 22 Parker, B., “Enterprise Data Management grant from the Bureau of Justice Process Maturity”, Handbook of Data Assistance, Office of Justice Programs, U.S. Management, S. Purba, ed., Auerbach Department of Justice. Publications, CRC Press, 1999, pp. 824-843. The opinions, findings, conclusions, and 23 Ibid. recommendations contained in this publi- cation are those of the contributors, and 24 Aiken, et al., page 49. do not necessarily reflect the official positions or policies of the Department of Justice.

This project was supported by Grant No. 2007-RG-CX-K020 awarded by the Bureau of Justice Assistance. The Bureau of Justice Assistance is a component of the Office of Justice Programs, which also includes the Bureau of Justice Statistics, the National Institute of Justice, the Office of Juvenile Justice and Delinquency Prevention, and the Office for Victims of Crime. Points of view or opinions in this document are those of the author and do not represent the official position or policies of the U.S. Department of Justice.

30 Data Governance Part II: Maturity Models – A Path to Progress