NASCIO: Representing Chief Information Officers of the States

Data Part III: Frameworks – Structure for Organizing Complexity

Introduction frameworks and maturity models assist in describing the scope—both breadth and NASCIO has presented previous research depth—of an initiative. This holds true as briefs that introduce the subject of data well for data, information and knowledge governance, and emphasize the impor- management. tance of managing data and information assets as enterprise assets. Maturity models were presented that help describe the The Challenge journey state government must anticipate and plan. The challenge in state government is a history of state agencies operating fairly This research brief presents the concept of autonomously regarding processes and frameworks that will describe what consti- investment related to managing informa- May 2009 tutes a data governance program. The tion. In the decades of this history, focus will be on frameworks from the Data strategic intent, processes, organization, NASCIO Staff Contact: Management Association (DAMA), the information management, infrastructure, Eric Sweden Enterprise Architect Data Governance Institute (DGI), and IBM. technology, training, incentives and opera- [email protected] tions have been developed in a highly In general, frameworks assist in describing decentralized manner to meet the needs of major concepts and their interrelationships. state agencies independent of one anoth- Frameworks assist in organizing the er. As state government pursues an complexity of a subject. Frameworks facili- enterprise perspective in managing its data tate communications and discussion. All of and information assets, it will recognize a these descriptors apply as well to frame- disparity in data maturity levels within the works related to data governance. various lines of business, subject areas, Additionally, data governance frameworks knowledge bases, and even applications. NASCIO represents state chief assist in demonstrating how data gover- The emphasis in this series has been on information officers and infor- mation technology executives nance relates to other aspects of data state wide initiatives. However, it is impor- and managers from state management, data architecture, and enter- tant and prudent for state government to governments across the United prise architecture. look for examples, best practices, States. For more information visit www.nascio.org. standards, and processes that are currently Use of frameworks can assist state govern- working effectively within state agencies. Copyright © 2009 NASCIO All rights reserved ment in planning and executing on an This look must include evaluation of effective data governance initiative. They missteps and false starts that can provide 201 East Main Street, Suite 1405 Lexington, KY 40507 assist in achieving completeness in a valuable lessons so previous mistakes are Phone: (859) 514-9153 program. In any subject or discipline not repeated. An inspection of what’s Fax: (859) 514-9166 Email: [email protected]

Data Governance Part III: Frameworks – Structure for Organizing Complexity NASCIO: Representing Chief Information Officers of the States

already there can provide valuable input due to the vast complexities created by a into the state wide data governance history of independence, the greatest programs. barrier to collaborative work relationships is the inability to easily share information There has been progress in gaining an across agency boundaries. As new circum- enterprise perspective over the past decade. stances arrive that were never anticipated, Ten years ago a request for criminal history the ability for state government to work as information would most likely have met a single enterprise in meeting these new with a different response than it would circumstances is greatly hindered. These today. Today, the relevance of criminal circumstances were created during an era history information to hiring decisions, when collaboration was not promoted and education credentialing and custody was even discouraged. Now state govern- decision making is well understood. State ment is seriously challenged in its efforts government is designing and implement- to treat data and information assets as ing collaborative information exchanges enterprise assets. Before state government that entail all government lines of business can truly harvest the benefits of shared that historically did not share information. services, SOA, or cloud computing, it must Further discussion of the issues of informa- understand and properly manage its Enterprise tion sharing is presented in the NASCIO data/information. Information report “Perspectives - Government Management (EIM): Information Sharing: Calls to Action.”1 State governments are desperately An operational seeking ways to begin to manage their Examples of collaborative information information assets actively. The questions commitment to exchange partners include: justice and are myriad, but primary is the question of define, secure, homeland security; justice and public how to get started. NASCIO’s series on maintain and health; justice and environmental; trans- governance is intended to provide that improve the integrity portation and environmental; corrections guidance. First is the recognition that and efficiency of and healthcare providers. The recognition there is required governance or oversight of cross line of business collaborative that must be established which recognizes information assets information exchanges has created new the decision rights of all stakeholders. This across business demand and opportunities for more effec- has been described in the introductory boundaries, thus tive government decision making. It has research brief.3 achieving key objec- also brought to light the disparity in data tives of an terms, definitions, and implementations. Second is developing an understanding Now state government must develop its regarding the journey that must be antici- organization’s enter- capability for managing enterprise data pated to achieve a mature data prise information and information and that is where the governance capability. That journey was architecture strategy.2 disciplines of data and knowledge presented in the second in these series.4 Gartner management become relevant. Organizations in all sectors have recog- Now begins a process of examining the nized the necessity of viewing information building blocks of data and information as an enterprise asset as demonstrated by management. These include the concepts, the advent of Enterprise Information organization, and process that comprise Management (EIM) initiatives. information management or . Anticipating the need for Previous development of point solutions collaboration, common subject areas that and “silos of information” have created a are shared across state agencies will highly diversified portfolio of processes, eventually have to be identified. data assets, and technologies across state government. Today, it is recognized that state agencies can benefit decidedly from working collaboratively. Such collabora- tion then demands the capability to share information easily and quickly. However,

2 Data Governance Part III: Frameworks – Structure for Organizing Complexity NASCIO: Representing Chief Information Officers of the States

Need for a Business Outcome The demand for data and information to enable effective state government As an example of a subject area, states decision making forms the basis for have selected PERSON and all the various ongoing development of business intelli- subtypes related to it as an obvious candi- gence capabilities. Such capabilities are date for establishing a common, shared required to truly understand the problems, subject area. Another example is PLACE. challenges, successes, and requirements of These subject areas are excellent starting education at all levels. With proper intelli- subjects for establishing commonality of gence, analysis, and decision making, the description and representation across educational process can be continually state government data architecture. If improved to present relevant, effective agencies can agree and share this informa- training and education outcomes. Further, tion, great gains can be achieved for assumptions can be evaluated and either creating a single state government face validated or corrected. toward the citizen. As was presented regarding data gover- Embarking on large enterprise wide initia- nance maturity models, there are also a tives has not proven successful historically. variety of frameworks that deserve refer- A better approach is to begin with a focus ence. Each one brings valuable area or business outcome that is being perspectives and dimensions to state sought within state government. In the government data governance and data process of meeting that business need, management programs. parallel ongoing activity can be undertak- en to build the enterprise-wide data The Data Management Association governance capability. (DAMA) framework presents how data governance drives other functions that As an example of this kind of focus, some comprise an enterprise data management states have pursued data governance initiative. The Data Governance Institute initiatives related to education. State (DGI) Framework provides an overarching government is interested to know if process for establishing and sustaining a primary education is properly preparing data governance initiative. The IBM Data elementary students for intermediate, Governance Model has an inherent frame- junior high and high school. Are high work for data governance which was school programs adequately preparing presented in NASCIO’s research brief on students for college programs? Are data governance maturity models. This college programs adequate for the framework presents an emphasis on the demands of the 21st Century economy? relationships among the major groupings How effective is the teaching / training of data governance elements. process? These critical questions form the focus area and help describe the business outcome that drives a need for establish- The Data Management Association ing the necessary data and information International - DAMA management to continually evaluate the process of education. Effective manage- DAMA published the Data Management ment of information can provide the basis Body of Knowledge (DMBOK) in 2009. This for understanding that can then lead to is the culmination of years of work, and the necessary strategic decision making to contributions from an international ensure changes and transformations are community of data management profes- initiated and orchestrated within the sionals representing all sectors of the processes and systems of education. global economy. This framework is very Proper data governance is necessary to relevant to NASCIO’s presentation of guide and sustain effective management of governance. The DMBOK goes beyond information. strictly data governance to dovetail into

Data Governance Part III: Frameworks – Structure for Organizing Complexity 3 NASCIO: Representing Chief Information Officers of the States

FIGURE 1: DMBOK Themes

Data Integration Cultural Data Change Stewardship Leadership Data Management Themes

Enterprise Data Perspective Quality

the functions and processes for compre- The recurring themes of the DMBOK are hensive data management. As presented described in Figure 1. in earlier NASCIO research briefs, “data management” is the prevailing term. The DAMA framework is really a set of two However, DAMA has made it clear that the frameworks that encompass data manage- discipline of data management is broad ment: a functional framework and an enough to include data, information and environmental element framework. The knowledge. It is expected that over time center cell in the functional framework more organizational emphasis will be describes governance. The placement of given to the importance of managing this cell describes the overarching role of data, information and knowledge assets. data governance—it literally touches The DMBOK will be a valuable resource for every aspect of data / information state government as it pursues more management. Inspection of the DAMA actively managing these assets. It functional framework reveals the compo- provides detailed contextual diagrams, nents of data management that must be descriptions, diagrams, and a storehouse addressed in a data management operat- of references for each of the 10 functions ing discipline. DAMA published the Data that comprise the DAMA Data Management Body of Knowledge Management Framework. (DMBOK)5 which provides a description and context diagram for each of the 10 The goals of the DMBOK are focused on functions depicted. The DAMA framework data and knowledge management: has changed somewhat over time. It is  Build consensus expected that it will continue to change as  Provide standard definitions data and information management  Identify guiding principles continues to mature.  Provide an overview of commonly accepted good practices The DAMA Functional and Environmental  Identify common issues Element frameworks are described in  Clarify scope and boundaries detail in the Data Management Body of  Provide a guide to other related Knowledge (DMBOK). The two component resources frameworks are meant to work together. The core framework is the blue circle—

4 Data Governance Part III: Frameworks – Structure for Organizing Complexity NASCIO: Representing Chief Information Officers of the States

FIGURE 2: DAMA Functional Framework

Enterprise Data Modeling Value Chain Analysis Related Data Architecture Specification Analysis Analysis Data Data Modeling Measurement Architecture Database Design Improvement Management Implementation Data Management Development Architecture Acquisition Integration Recovery Control Database Tuning Delivery Meta Data Operations Retention Purging Management Data Management Data quality must be Governance considered integral Document & Content to any IT environment. Management Management - Gartner Acquisition & Storage Standards Backup & Recovery Classification Data Content Mgmt Reference & Administration Warehousing Authentication Retrieval Master Data & Business Auditing Retention Management Intelligence

Management External Codes Architecture Internal Codes Implementation Customer Data Training & Support Product Data Monitoring & Tuning Dimension Mgmt

Data Management Functions. Each established. That governance includes: function within the blue circle is  Strategic business intent – Business comprised of the associated elements Goals and Objectives from the framework of Environmental  Strategic intent of data management Elements. DAMA created a two dimen-  Organization sional worksheet that demonstrates the  Policies interaction. For each function, the various  Performance metrics environmental elements must be defined. The worksheet will be unique for each This approach is consistent with the enterprise and reflect specific organiza- NASCIO Enterprise Architecture Value tion, culture, and focus for that enterprise. Chain which begins with understanding and developing the environmental The implied sequence in the framework of context, followed by the understanding of data management functions is to begin specific needs and markets under consid- with Data Governance, advance to Data eration, followed by establishing strategic Architecture at 12:00 and move around intent and then enabling that intent clockwise to Data Quality Management at through capabilities. Data management / 11:00. Most noteworthy is the importance knowledge management is a critical of starting with data governance. All other enabling capability as has been empha- functions are subordinate to that function. sized in previous NASCIO research briefs Further inspection of the Data Governance on this subject. function will make it clear why that function should drive the others. It is DAMA pursues this subject further by within that function that the intent of an emphasizing that each data management enterprise data governance program is function must account for what DAMA

Data Governance Part III: Frameworks – Structure for Organizing Complexity 5 NASCIO: Representing Chief Information Officers of the States

FIGURE 3: DAMA Environmental Framework

Organization & Culture Critical Success Factors Reporting Structures Management Metrics Values, Beliefs, Expectations Attitudes, Styles, Preferences Activities Technology Rituals, Symbols, Heritage Phases, Tasks, Steps Tool Categories Dependencies Standards & Protocols Sequence & Flow Selection Criteria Use Case Scenarios Learning Curves Goals & Principles Trigger Events

Vision & Mission Business Benefits Strategic Goals Specific Objectives Guiding Principles Practices & Techniques Deliverables Inputs & Outputs Recognized Best Practices Information Common Approaches Documents Alternative Techniques Databases Roles & Responsibilities Other Resources Individual Roles Organizational Roles Business & IT Roles Qualifications & Skills

calls environmental elements. These are Operational Activities presented in Figure 3. Service and support activities performed on an on-going basis. DAMA’s Data Management Body of Knowledge (DMBOK) provides a textual Clear strategic intent is established for functional decomposition of the data each function according to the environ- management functions. There are 10 mental element Goals and Principles. Each functions and 102 activities. Each activity function is further described using a is categorized as belonging to one of four context diagram. Suppliers, inputs, Activity Groups: consumers, outputs, metrics and other components are presented as follows Planning Activities using the function Data Governance as an Activities that set the strategic and tactical example functional context diagram (see course for other data management activi- Figure 4). ties. Planning activities may be performed on a recurring basis. Governance then touches every aspect of data management as demonstrated by its Control Activities placement in the center of the DAMA Supervisory activities performed on an on- framework of data management functions going basis. (see Figure 5).

Development Activities Activities undertaken within projects and The Data Governance Institute recognized as part of the systems develop- (DGI) ment lifecycle (SDLC), creating data deliverables through analysis, design, In order to understand the DGI framework, building, testing and deployment. it is helpful to understand the underlying conceptual relationship among business

6 Data Governance Part III: Frameworks – Structure for Organizing Complexity NASCIO: Representing Chief Information Officers of the States

FIGURE 4: DAMA Context Diagram for the Governance Function

FIGURE 5: DAMA Worksheet – How the Two Frameworks Relate

Environmental Elements Data Management Functions Goals & Activities Deliverables Roles & Technology Practices & Organization & Principles Responsibilities Techniques Culture Data Governance Data Architecture Management

Data Development Database Operations Management Data Security Management Reference & Master Data Management Data Warehousing & Business Intelligence Management

Document & Content Management Meta Data Management Data Quality Management

Data Governance Part III: Frameworks – Structure for Organizing Complexity 7 NASCIO: Representing Chief Information Officers of the States

FIGURE 6: Key Responsibilities in Data Governance

functions, information and technology DGI makes a strong point that information that is promoted by the DGI. technology (IT), and data governance only exist to assist the business in managing DGI has observed that the importance of information. The capability to manage data governance has become a high prior- information enables strategic business ity for the business. Some organizations intent. have moved “information management” functions out of information technology The DGI framework for data governance organizations and into the business side. (see Figure 7) presents major components The business side then has responsibility and also a process or sequence for for managing information in order to navigating through the framework.6 It is achieve its strategic intent. Technology is recommended that the 11” x 17” DGI then engaged to assist in the manage- poster be downloaded as a reference.7 ment of that information. However, This document provides detailed descrip- management of information is viewed as tions of the components and presents an primarily a business responsibility. These intended sequencing that answers the relationships are demonstrated by the interrogatives, Who/What/When/Where/ Venn diagram presented. Information is Why/How. the linchpin between the business and IT. DGI presents the lifecycle of data gover- Data governance is not viewed as an end nance intended to ensure the proper in itself. Data governance is required to sequence of activities are followed so that ensure data quality which contributes a data governance initiative not only is toward effective decision making and deliv- initiated for the right reasons, but is also ery of quality services to citizens. This is the able to sustain itself (see Figure 8). outcome that should be presented in making the business case for a data gover- From the Data Governance Institute, we nance initiative in state government. learn the necessity of establishing a focus

8 Data Governance Part III: Frameworks – Structure for Organizing Complexity NASCIO: Representing Chief Information Officers of the States

FIGURE 7: DGI Data Governance Framework

FIGURE 8: 7 Phases in the Data Governance Life Cycle

area—at least initially. There is a need to governance. As presented in the NASCIO balance the longer term vision as Enterprise Architecture Value Chain. The described by the data governance maturi- motivation and strategic intent drives the ty models8 with the need to deliver identified need for data governance. manageable, carefully scoped outcomes. Large initiatives don’t typically work on a DGI spends considerable effort in explor- first launch. Support will wane without ing universal drivers and focus areas for immediate or short term outcomes that establishing intent and scope (see Figure demonstrate value for the initiative. Even 9). These must be established first before while a large initiative is working to create moving into other aspects of the frame- an effective operating discipline, govern- work. ment continues to create even more data and information. Collaboration among Organizations need to establish a gover- state agencies requires the development nance approach, or process that clearly of short term to medium term solutions. describes the rules of engagement for managing data. The DGI Framework is The surrounding rationale for the DGI intended to provide the following Framework is consistent with NASCIO’s outcomes for a data governance initiative: approach to enterprise architecture and

Data Governance Part III: Frameworks – Structure for Organizing Complexity 9 NASCIO: Representing Chief Information Officers of the States

FIGURE 9: Universal Drivers for any Data Governance Initiative

FIGURE 10: UNIVERSAL GOALS FOR DATA GOVERNANCE Specific data governance policies are dependent upon the focus of the data governance program.

 Achieve clarity address those specific focus areas that  Ensure value from efforts characterize the original impetus for  Create a clear mission establishing data governance. DGI  Maintain scope and focus describes the following focus areas. The  Establish accountabilities specifics of the data governance charter  Define measurable successes will then depend on what the enterprise establishes as focus areas (See Figure 11). The supporting process for the DGI Framework initiates through the definition These focus areas will then provide signifi- of a focus area. However, all data gover- cant influence on the shaping of the data nance initiatives will share a common set governance initiative. of “universal goals” (See Figure 10). DGI goes on to describe 10 “universal Effective data governance initiatives will components” of any data governance encompass one or more focus areas. The program that are organized into three program design will then be tuned to major groupings.

10 Data Governance Part III: Frameworks – Structure for Organizing Complexity NASCIO: Representing Chief Information Officers of the States

FIGURE 11: DGI Data Governance Focus Areas

FIGURE 12: DGI Data Governance Relationships

Data Governance Part III: Frameworks – Structure for Organizing Complexity 11 NASCIO: Representing Chief Information Officers of the States

Rules and Rules of Engagement DGI makes the following recommenda- These describe rules in terms of policies, tions regarding initiating a data requirements, standards, accountabilities governance program: and controls. Rules of engagement then  Data governance programs are unique describe how different groups will share to each organization. Do not assume a and delegate responsibilities for establish- data governance program from anoth- ing these rules and executing on them. er organization can be simply adopted.  Leverage existing governance disci- 1. Mission and vision plines. Examples include: 2. Goals, governance metrics and  IT Governance success measures, and funding strate-  Records Management gies  Change Management 3. Data rules and definitions  Beware of simply putting together 4. Decision rights data stewards and rules. This approach 5. Accountabilities will not be successful. This is why the 6. Controls DGI framework was designed with an inherent sequence. Follow the People and Organization sequence to ensure success. This component describes how data  Configure your program out of the governance will be organized, and what things that are already working in your roles and responsibilities will be defined. organization. This will be more successful than establishing a separate, 7. Data stakeholders completely new program. 8. A data governance office  Identify and understand the obvious 9. Data stewards and the not so obvious stakeholders. Identify all stakeholders such as Processes downstream users of information, web These are the processes, methods and development teams, developers of procedures for creating and maintaining a taxonomies, records management, data sustained effort in data governance. architects, etc.

10. Proactive, Reactive, and Ongoing Data Governance Processes

12 Data Governance Part III: Frameworks – Structure for Organizing Complexity NASCIO: Representing Chief Information Officers of the States

FIGURE 13: The IBM Data Governance Council Framework

Elements of Effective Data Governance

Outcomes Data Risk Management & Value Creation Compliance

Enablers

Organizational Structures & Awareness Requires

Policy Stewardship

Enhance Core Disciplines

Data Information Information Quality Life-Cycle Security Management Management and Privacy

Supports Supporting Disciplines

Data Classification & Audit Information Architecture Metadata Logging & Reporting

IBM Data Governance Council tional activities and present policy Framework challenges. The focus in this framework is on organizational behavior based on an This framework is also presented with underlying premise that only people can additional detail in the NASCIO research be governed and not the data itself per se. brief on data governance maturity models Therefore, organizational structures, policy and forms the basis for the IBM Data and stewardship are functional require- ments to affect organizational behavior Governance Council maturity model.9 This framework presents major concepts that over the core disciplines of data quality, comprise not only governance but also an information lifecycle management (ILM), security and privacy, data architecture, enterprise data management practice.10 metadata, and, audit and reporting. Major dependencies are presented across groupings of functions. The functions Most members of the Data Governance presented compare well with the DAMA Council who have used the Framework functional framework for data manage- have done so with a six step approach: ment. 1. Build the organizational structures The IBM Data Governance Council 2. Assess the current situation Framework was designed to be outcome 3. Create an operational charter oriented. Risk Management, compliance, 4. Develop data stewardship and value creation are seen as desirable 5. Measure progress with key metrics outcomes of a data governance program, 6. Report results even though they may also be daily opera-

Data Governance Part III: Frameworks – Structure for Organizing Complexity 13 NASCIO: Representing Chief Information Officers of the States

FIGURE 14: Process for Implementing the IBM Data Governance Council Framework

Build the Organizational Structures 1. The Data Governance Council – The The first step in any successful data-gover- council is the place where cross nance program is identifying an individual organizational issues get raised, within the organization who carries the assessed, and policy decisions are delegated authority of executive manage- made. The make-up of the council can ment and making that person accountable vary in size and seniority, but it should to make things happen. There is no substi- be cross functional to be effective. It tute for strong leadership. can include representatives from the six core and supporting disciplines in Data governance is a political challenge the IBM Data Governance Framework. that requires building consensus among It should include representatives from many diverse stakeholders. Political leader- state agencies, operations and human ship within the organization is therefore a resources. priority. Once established, that leadership can create a governing council composed 2. Data Stewardship Roles and Resources of organizational stakeholders to formu- – Stewards execute policies and late stewardship policies and report surface organizational issues. Without progress to executive management. an active data stewardship program, a data governance council has no Some members have used a process means to implement policy. In many similar to the one shown in Figure 14 to organizations the stewardship tasks implement the IBM Data Governance are performed informally. The IBM Framework. Data Governance Council approach establishes a formality and gives There are four key components in this recognition to these roles. model:

14 Data Governance Part III: Frameworks – Structure for Organizing Complexity NASCIO: Representing Chief Information Officers of the States

FIGURE 15: Example of a Data Governance Scorecard

Good governance practices can help [organizations] recognize where to invest in data quality and content manage- ment programs, to maximize the value 3. Organizational Charters – A charter is a level. It also doesn’t matter if the subject that they can create. constitution of powers, and it enumer- area is one data subject or all data subject - Gartner ates: areas. The approach is scalable and will  how the data governance council grow as the governance initiative grows. and stewardship communities The same steps and processes are equally interact useful.  how often meetings are held  what constitutes a quorum for Assessing the Current Situation votes With a solid organizational infrastructure,  funding the next step is to setup an assessment process. Benchmarking data governance The charter may contain a logical capabilities at the start of the program is organizational model to show how necessary in order to understand where groups interact within the data gover- the organization is initially in terms of nance function. A logical organizational practices and where it organizational model is not intended wants to go. The Data Governance Council to represent or align to formal report- Maturity Model is a good tool for this, but ing relationships. assessments shouldn’t be used just on a macro basis. Data governance may exist at 4. An Issue Triage Process – defines how various levels of maturity within certain issues are raised, assessed, discussed, subject areas, departments and agencies. and resolved. This is a key element in the charter, but also has process Normalizing the assessment process for dependencies that require greater individual governing issues is an impor- detail. tant part of issue triage. Issue triage is an arbitration process to inject objectivity This approach provides a streamlined set into the governance decision-making of processes that are easy to replicate and process. An issue triage process should be cover common organizational structures. employed to bring new issues and It doesn’t matter if this is done on a challenges to the data governance board departmental, divisional, or enterprise or council. Issues and challenges must be

Data Governance Part III: Frameworks – Structure for Organizing Complexity 15 NASCIO: Representing Chief Information Officers of the States

assessed consistently and fairly using boards. The role can not be outsourced to common methods so that stakeholders vendors. These are the people who know have the opportunity to participate. This the organization well from both business will ensure that decision-making is fair and and IT perspectives. They are detail orient- democratic. ed and have excellent personal relationships with both IT and business Create an Operational Charter managers. These are the doers who not Democracies function best with a consti- only enforce data governance policies and tution, because writing down roles and coordinate change, but also identify key enumerated powers is the best way to set issues and bring them to the data gover- boundaries and ensure consistent nance council when they require triage. outcomes. The charter should delineate Typically these people can be identified by the functions for which the data gover- asking the question “Who do I ask about nance council has jurisdiction, how many such and such data?” The informal members from each agency or depart- networks within any organization will lead ment are represented, rules of delegation to the right people. and substitution, how often meetings are called and what constitutes a quorum for Measuring Progress with Key Metrics votes. But the most important aspects of Every new data governance program will the charter deal with the three fundamen- have about 90 days to demonstrate tal powers of the data governance council: progress before losing political capital. Therefore, knowing what to measure is as 1. The power to subsidize projects with important as knowing what should be funding done, and how to do it. The Data 2. The power to veto bad things Governance Council Maturity Model has 3. The power to implement policy with many key metrics across five levels of stewardship maturity that provide valuable bench- marks of organizational behavior. The Without written operational and function- Maturity Model is intended for normalized al responsibilities, a data governance assessments during issue triage, tracking council won’t serve with a common key performance metrics for each issue purpose and won’t garner the organiza- and monitoring project and program tional respect it needs to govern progress. Metrics are established for each effectively. of the 11 elements presented in the IBM Data Governance Council Framework. Developing Data Stewardship Data Stewardship is an organizational Making these key metrics and progress behavior. Data stewardship recognizes the statistics available to the organization in a custodial obligations that everyone shares dashboard or business intelligence appli- to manage state government data cation is a fundamental aspect of effective resources effectively. However, at this early governance. Especially in the beginning, date few people understand this behavior transparency delivers huge benefits. and so data stewards are needed to Governance works best when it is open promote and implement data best practices and available. Tracking progress and throughout the organization. A data letting everyone know what is being steward is a policy implementer, someone tracked is a powerful tool in affecting who integrates policy into business organizational change. This will also assist processes, data structures, applications, in gaining not only participation, but and new business entities. It is a role and ownership in the data governance process. responsibility that needs to be developed As has been described, literally everyone in over time, eventually leading to a commu- the organization must play a part in data nity of data stewards. stewardship. Access to these metrics will assist in achieving that perspective. These people can not be found on job

16 Data Governance Part III: Frameworks – Structure for Organizing Complexity NASCIO: Representing Chief Information Officers of the States

FIGURE 16: Example of a Data Governance Normalized Metrics

FIGURE 17: Example of a Data Governance Dashboard

Data Governance Part III: Frameworks – Structure for Organizing Complexity 17 NASCIO: Representing Chief Information Officers of the States

Report the Results leaders and good frameworks can bring Reporting is a political tool to either enormous benefits to state organizations reward correct behavior or threaten bad looking to reap the opportunities of effec- behavior. The data governance program tive data governance. must be on a regular reporting cycle with both the CIO and the Legislative Audit Similar to DAMA’s Data Management Body Committee. Reporting should present a of Knowledge (DMBOK), the IBM frame- normalized report that illustrates both work makes a strong point regarding the program progress in terms of maturity as need for valuing data and information well as project progress in terms of Good, assets. IBM goes further to make the point Fair, and Poor. Reporting is also a tool to that enterprise value is a determined monitor stewardship progress on project outcome of data governance and data tasks around data quality, ILM, security & management. The concepts of risk privacy, metadata, etc. Report recipients management and compliance are present- may be project leadership, executives, ed and create an additional motivation for architects, and boards. an effective data governance initiative. IBM includes the concept of Information Having a Data Governance Strategy Map is Life-Cycle Management defined as a an effective tool for monitoring DG systematic policy-based approach to infor- program status at both high and low mation collection, use, retention, and levels. deletion. Refer to NASCIO’s report “Data Governance Part II: Maturity Models – A A Data Governance Framework is a graphi- Path to Progress” for more detail on this cal illustration of many complex political model. processes. Data is a strategic asset that can’t be governed per se. Only people can be governed, because only people can Summary decide to enhance and protect data, respect custodial obligations, and through Frameworks are a necessary ingredient in their stewardship improve the organiza- planning and executing on an enterprise tion. But accomplishing these goals data governance program in state govern- requires more than charts and programs. ment. The frameworks presented should It requires using common tools and be used in organizing concepts and estab- processes, benchmarks and metrics, lishing the components of a data reports and charters. And - lots of practice. governance initiative and data / informa- tion management. The IBM Data Governance Council Framework is both a benchmark and a The full operating discipline for data best-practices guide developed by over 50 governance will entail the use of maturity organizations working together and models, frameworks, process, and organi- sharing experiences. Implementation will zation. Underpinning any such endeavor vary from state to state as there is no one must be a strong business need or opportu- size fits all approach to data governance. nity. Enterprise wide initiatives that are However, the six common steps enumerat- not built on a specific near to medium ed above can help any state government term deliverable will not succeed. Short to data governance program get off to a medium term “wins” must be achieved to good start and lay the foundation for maintain motivation. However, data / sustainable success. In the end, however, knowledge management must also be the success of data governance is depend- understood as a long term initiative that ent on leadership. The best frameworks in constitutes more than a cost of doing the world will not compensate for poor business. There is a strategic aspect to leadership. Nor will the best leaders be managing data and knowledge assets that able to lead well for long without a consis- is highly proactive. tent framework to guide behavior. Good

18 Data Governance Part III: Frameworks – Structure for Organizing Complexity NASCIO: Representing Chief Information Officers of the States

Data/Knowledge management has both assets must be protected from unautho- strategic and operational elements. It is rized access and use so that it can be possibly the most important strategic and trusted and used to generate value for the operational capability an enterprise can true owners. possess. Some knowledge assets will gain value over time. Others will depreciate to NASCIO will continue to explore the little value. State government knowledge subject of data governance with addition- assets must be continually evaluated for al events and publications that will focus value. Such assets must be available so the on organization and process. value can be harvested. Knowledge that is merely kept only has potential value. It must be accessible to generate real benefits to state government. Knowledge

Calls to Action

1. Adopt one or more frameworks for 5. Identify all stakeholders, some of managing a state data governance whom may not be obvious. Enlist program. The framework should be their assistance in making the case for comprehensive. Use of the frame- data governance. works in this report are highly 6. Exploit the best ideas that are already recommended. in place within state agencies. Bring 2. Establish a focus area and business these ideas into state wide initiatives. initiative for driving a data gover- Include ideas from local government, nance program. Identify and focus on academia and industry. a business problem to be solved or a 7. Ensure new programs and projects business opportunity to be harvested. maintain compliance with the state Enterprise initiatives without a data governance standards. business problem or issue will not Contracts, MOUs, cooperative agree- succeed. ments, service level agreements all 3. Leverage existing governance to need to maintain such compliance so launch and sustain data governance the state data governance program processes. Continue to encourage does not erode over time. cross-line-of-business collaboration 8. Continue to work with NASCIO and on data governance. other state government associations 4. Data governance should not be to influence the federal government presented as an overhead project. funding process to move away from Make the case for data governance stove-piped funding. Funding needs based on real outcomes sought such to support enterprise data gover- as: nance initiatives in order to continue  Improved decision making based build toward more effective and on improved data quality. efficient government.  Greater value gained in service 9. In evaluating service offerings and delivery to citizens. cloud computing, understand the  Knowledge management as a implications and assurances for strategic weapon for gaining managing data / knowledge assets. competitive advantage, or efficiently meeting regulatory requirements.

Data Governance Part III: Frameworks – Structure for Organizing Complexity 19 NASCIO: Representing Chief Information Officers of the States

Appendix A: Acknowledgements Chuck Tyger, Associate Director Enterprise Architecture, The Commonwealth of Virginia Steven Adler, Program Director of IBM Data Governance Solutions Chris Walls, Senior Website & Publications Coordinator, AMR Management Services Micheline Casey, Director, Identity Management, State of Colorado

Robert Culp, Alliance Manager, ESRI Strategic Alliance, IBM

Learon Dalby, GIS Program Manager, NSGIC President, The State of Arkansas

Michael Fenton, Director of Enterprise Architecture, The State of North Carolina

Stephen Fletcher, Chief Information Officer, State of Utah, Co-Chair of the NASCIO Enterprise Architecture Committee

Michael J Hammel, Enterprise Architect, Commonwealth of Virginia

Deborah Henderson, President DAMA Foundation, VP Education and Research DAMA International

Christopher Ipsen, Enterprise Architect, State of Nevada

Dugan Petty, Chief Information Officer, State of Oregon, Co-Chair of the NASCIO Enterprise Architecture Committee

Doug Robinson, Executive Director, NASCIO

Bill Roth, Chief Technology Architect, The State of Kansas

Dr. Anne Marie Smith, Principal Consultant, Director of Education, EWSolutions, Inc.

Glenn Thomas, Director of Data Architecture, Commonwealth of Kentucky

Gwen Thomas, President, The Data Governance Institute

Tom Walters, Division of Data Architecture, Commonwealth of Kentucky

20 Data Governance Part III: Frameworks – Structure for Organizing Complexity NASCIO: Representing Chief Information Officers of the States

Appendix B: Resources List of NASCIO Corporate Partners http://www.nascio.org/ NASCIO www.nascio.org aboutNascio/corpProfiles/

IT Governance and Business List of NASCIO Publications Outcomes – A Shared http://www.nascio.org/ Responsibility between IT and publications Business Leadership http://www.nascio.org/committees/ List of NASCIO Committees EA/download.cfm?id=98 http://www.nascio.org/ committees Data Governance – Managing Information As An Enterprise The Data Administration Newsletter Asset Part I – An Introduction http://www.tdan.com/index.php http://www.nascio.org/committees/ Presents 8 chapters that describe EA/download.cfm?id=100 how to implement data gover- nance Data Governance Part II: Maturity Models – A Path to Progress The Data Governance Institute http://www.nascio.org/committees/ http://datagovernance.com/ EA/download.cfm?id=111 DGI created a poster on data governance that can be Enterprise Architecture: The Path downloaded, or ordered in to Government Transformation hardcopy online. http://www.nascio.org/committees/ EA/ The Data Management Association International – DAMA – www.dama.org Call for Action, A Blueprint for The Data Management Body of Better Government: The Knowledge (DMBOK) - Information Sharing Imperative http://www.dama.org/i4a/pages/ http://www.nascio.org/advocacy/ index.cfm?pageid=3364 dcFlyIn/callForAction05.pdf The IT Governance Institute (ITGI) PERSPECTIVES: Government http://www.itgi.org/ Information Sharing Calls to Action Information Systems Audit and Control http://www.nascio.org/ Association (ISACA) publications/index.cfm#19 http://www.isaca.org/

In Hot Pursuit: Achieving Certification in Governance of Interoperability Through XML Enterprise IT (CGEIT) from ISACA http://www.nascio.org/ http://www.isaca.org/Template.cfm? publications/index.cfm#21 Section=Certification&Template=/Tagged Page/TaggedPageDisplay.cfm&TPLID=16& We Need to Talk: Governance ContentID=36129 Models to Advance Communications Interoperability The Center for Information Systems http://www.nascio.org/ Research (CISR) publications/index.cfm#50 http://mitsloan.mit.edu/cisr/

A National Framework for The National Information Exchange Collaborative Information Model (NIEM) www.niem.gov Exchange: What is NIEM? http://www.nascio.org/ publications/index.cfm#47

Data Governance Part III: Frameworks – Structure for Organizing Complexity 21 NASCIO: Representing Chief Information Officers of the States

Global Justice Reference Architecture for SOA http://www.it.ojp.gov/topic.jsp?topic_id=2 42 Global Justice Reference Architecture (JRA) Specification: Version 1.7 http://www.it.ojp.gov/documents/ JRA_Specification_1-7.doc

The Global Justice Reference Architecture (JRA) Web Services Service Interaction Profile Version 1.1 http://www.it.ojp.gov/documents/ WS-SIP_Aug_31_version_1_1_ FINAL(3).pdf

The Global Justice Reference Architecture (JRA) ebXML Messaging Service Interaction Profile Version 1.0 http://www.it.ojp.gov/documents/ ebXML_SIP_v01_Final_Version_ 100407.pdf

22 Data Governance Part III: Frameworks – Structure for Organizing Complexity NASCIO: Representing Chief Information Officers of the States

Appendix C: Endnotes Disclaimer

1 NASCIO report “PERSPECTIVES – NASCIO makes no endorsement, express Government Information Sharing: Calls to or implied, of any products, services, or Action”, available at www.nascio.org/publi- websites contained herein, nor is NASCIO cations. responsible for the content or the activi- ties of any linked websites. Any questions 2 Casonator, R., Friedman, T., “Enterprise should be directed to the administrators of Information Management Is Still the specific sites to which this publication Misunderstood by Many”, Gartner, June 9, provides links. All critical information 2008, Gartner ID Number: G00158458. should be independently verified.

3 NASCIO report “Data Governance – Managing Information As An Enterprise Asset Part I – An Introduction”, available at www.nascio.org/publications.

4 NASCIO report “Data Governance Part II: Maturity Models – A Path to Progress, available at www.nascio.org/publications.

5 The Data Management Body of Knowledge, DAMA International, 2009, ISBN 978-0-9771400-84, LOC No. 2008912034.

6 “How to Use the DGI Data Governance Framework to Configure Your Program”, The Data Governance Institute, retrieved on May 7, 2009, from http://www. datagovernance.com/whitepaper_ abstracts.html

7 See The Data Governance Institute http://datagovernance.com

8 See Data Governance Part II

9 NASCIO report “Data Governance Part II: Maturity Models – A Path to Progress”, available at www.nascio.org/publications.

10 IBM Data Governance Council Maturity Model, October 2007, retrieved on May 12, 2008, from http://www935.ibm.com/ services/uk/cio/pdf/leverage_wp_data_go v_council_maturity_model.pdf

Data Governance Part III: Frameworks – Structure for Organizing Complexity 23