kate carruthers, unsw australia, focus day, presentation at chief data & analytics officer...

Data Governance for the

Value-Oriented Organisation

Kate Carruthers

Classification: Public

The brief

1. Implement an institution-wide data and information strategy, including data governance, control, and policy development

2. Include information protection, information and data governance, and data quality processes, and data life cycle management

3. Work collaboratively across the institution to enable the exploitation of data assets to create business value

12/09/2016 Data & Information Governance Office 2

Ensure that the institution has the right information to support key strategic

initiatives



Data Quality Management

Data Warehouse, Business Intelligence

& Big Data

Reference & Master Data Management

Data Architecture & Modelling

Data Governance

DATA & INFORMATION GOVERNANCE

• Appropriate use • Business value • Information meaning

• Data transparency • Data lineage • Data Quality

Information Governance Data Governance

• Data Security • Change Impact • Service Levels

• Information Life–cycle • Information Ownership • Privacy

Definition

"Data governance is the organization and implementation of policies, procedures, structure, roles, and responsibilities which outline an enforce rules of engagement, decision rights, and accountabilities for the effective management of information assets."

(John Ladley, Data Governance: How to Design, Deploy and Sustain an Effective Data Governance Program, 2012)


Baseline Principles

• Data & information governance

– is a business driven activity

– is a framework to enable the business to better manage information and data quality

• No data or information governance activities will be undertaken without business buy-in and leadership

• Decision making rights need to be determined


The 4 dimensions Framework:

• provides enterprise wide roles and responsibilities to be accountable for decisions related to data assets

• establishes policies & procedures to manage the data assets

• provides diverse tools for managing operational data tasks

UNSW Data Governance Framework focuses on the oversight, guidance and quality of enterprise data assets enabled through People, Policies, Procedures and Tools

1

Policies are high level statements that provide context for strategic decisions

relating to the data assets

People can be members of UNSW governance bodies, which hold the authority for decision

relating to data assets

Tools are pre-prepared objects that support people carrying out procedures

Procedures are specific instructions designed to ensure policy is followed and

outcomes are measurable

Workflow for Approval

Checklists

Issues Register

Data Profiling

Data Sharing

Data Reporting

Regulatory Compliance

Data Asset Prioritisation

Data Exchange Agreements

Data Process Flow

Data Integration

Data Security

Strategic Drivers

Dim

en

sio

ns

Enterprise Oversight of Data

Enterprise Guidance on Data

Enterprise Quality of Data

Performance Metrics

Policies Procedures Tools

Data Executives

Data Owners

Data Stewards

People

Data Creators/ Data Specialists

1 2 3 4


Data & Information Governance Model


Policy Framework

Coordinating Committees

• Data Governance Steering Committee • Business Intelligence Steering Committee • Information Security Steering Group

Data Ownership & Management

• Data Areas • Data Executives • Data Owners • Data Stewards

• Data Governance Policy • Data Classification Standard • Data Handling Guidelines • Information Security Management System

Data Creator / Data Specialists Support

Strategic

Tactical

Operational

Data Executive

Data Owner

Data Stewards

• Provides leadership in data quality and in resolving conflict regarding data assets • Provides direction and priorities in specific Data Area • Takes leadership support for the data quality principles, policies and standards

across the Data Area

• Ownership of the Data Area on day-to-day basis – accountable for checking the Data Quality

• Provide managerial support to the data governance program and develop data management artefacts

• Provide operational help around planning and issues resolution

• Represent functional areas across the University • Identify and fix data issues within their respective business areas • Document and log data quality issues for resolution in source systems • Provide defined processes for conformance of data to acceptable levels

• Business SMEs • IT /source System/Application SMEs • Database Admin, System Admin, Application specialist, Developers, • Business Analysts, etc. • Researchers and Academics

Data Ownership and Management


Role High Level Definition

These roles are aligned to provide strategic leadership, tactical and operational excellence to manage the Data Assets

The beginning…

• Tactical and reactive approaches

• Ad-hoc delivery

• No finalised documentation

• No data or information governance

• No set roles or responsibilities

• No policies or procedures

• Not linked to IT Security


• Provide actionable insights for business leaders

• Enable leaders to understand their business operations

• Build predictive models to enable strategic planning


Driver: Need to develop strategic business insight capability

Foundations

Business glossary

Business metrics

Tools

Data sources

Data quality



Business Intelligence

Data & Info Governance

People

Process

Agile Customer focused

Repeatable Documented

Reduce friction Improve response times

Skilled Knowledgeable

Informed Customer

focused

Business driven Understandable Practical Useful

Informative Reliable Fast Strategic Solution oriented Predictive

Engagement

• Strong customer engagement – Business Advisory and Reference Groups established

• Important role for IT

• Need to build partnerships

• Used agile methods


Technology

• Adopting Collibra Data Governance Centre

• Starting with business glossaries

• Moving toward reference data

• Business case for Master Data Management

• Integration tools on agenda for next year


Data Classification – the classification process will involve appropriate risk assessment

Highly Sensitive

Sensitive

Data that if breached owing to accidental or malicious activity would have a high impact on the University’s activities and objectives.

Data that if breached owing to accidental or malicious activity would have a medium impact on the University’s activities and objectives.

Data that if breached owing to accidental or malicious activity would have a low impact on the University’s activities and objectives.

Data that if breached owing to accidental or malicious activity would have an insignificant impact on the University’s activities and objectives.

Private

Public

High

Medium

Low

• Student zID’s, passwords, UNSW IT systems login

• Student personal records and admission applications

• Faculty/staff employment applications, personnel files, benefits, salary, birth date, personal contact information

• Unpublished research data (at data owner's discretion) • Non-public UNSW contracts, policies and policy manuals • UNSW internal memos and email, non-public reports, budgets, plans or financial information

• Information authorized to be available on or through UNSW website without zID authentication

• Job postings, public research data, staff details, policy or procedure manuals etc.

• Public, available campus maps

Classify the Data Risk Assessment Business Decision

As per the approved Data Classification Standard

As per the UNSW IT Risk Management Policy

As per agreed Data Governance Roles and Responsibilities

Data Management and Operations


Identify the Data Owner Identify the Information

Assets Assess data risks

Apply data classification to the Information Asset

Apply the controls Data classification process:

People

• Getting the right mix of skills and institutional knowledge

• Not growing team too fast

• Building culture and relationships

• Developing technical capability


Key Factors in Success

• Data & Information Governance

–needs to be a good fit for each specific Data Area and the business operations it supports

– for each UNSW Data Area needs to be developed collaboratively with the stakeholders


There is no single ‘right’ answer for how to do it – the process needs to align to the business needs of each particular Data Area

What we’ve learned so far

1. Build slowly – don’t rush

2. Bring the customers along too

3. Culture drives strategy

4. Agile approaches work

5. Collaboration matters


kate carruthers, unsw australia, focus day, presentation at chief data & analytics officer...

Data & Analytics