kate carruthers, unsw australia, focus day, presentation at chief data & analytics officer...
TRANSCRIPT
Data Governance for the
Value-Oriented Organisation
Kate Carruthers
Classification: Public
The brief
1. Implement an institution-wide data and information strategy, including data governance, control, and policy development
2. Include information protection, information and data governance, and data quality processes, and data life cycle management
3. Work collaboratively across the institution to enable the exploitation of data assets to create business value
12/09/2016 Data & Information Governance Office 2
Ensure that the institution has the right information to support key strategic
initiatives
12/09/2016 Data & Information Governance Office 3
12/09/2016 Data & Information Governance Office 4
Data Quality Management
Data Warehouse, Business Intelligence
& Big Data
Reference & Master Data Management
Data Architecture & Modelling
Data Governance
DATA & INFORMATION GOVERNANCE
• Appropriate use • Business value • Information meaning
• Data transparency • Data lineage • Data Quality
Information Governance Data Governance
• Data Security • Change Impact • Service Levels
• Information Life–cycle • Information Ownership • Privacy
Definition
"Data governance is the organization and implementation of policies, procedures, structure, roles, and responsibilities which outline an enforce rules of engagement, decision rights, and accountabilities for the effective management of information assets."
(John Ladley, Data Governance: How to Design, Deploy and Sustain an Effective Data Governance Program, 2012)
12/09/2016 Data & Information Governance Office 5
Baseline Principles
• Data & information governance
– is a business driven activity
– is a framework to enable the business to better manage information and data quality
• No data or information governance activities will be undertaken without business buy-in and leadership
• Decision making rights need to be determined
12/09/2016 Data & Information Governance Office 6
The 4 dimensions Framework:
• provides enterprise wide roles and responsibilities to be accountable for decisions related to data assets
• establishes policies & procedures to manage the data assets
• provides diverse tools for managing operational data tasks
UNSW Data Governance Framework focuses on the oversight, guidance and quality of enterprise data assets enabled through People, Policies, Procedures and Tools
1
Policies are high level statements that provide context for strategic decisions
relating to the data assets
People can be members of UNSW governance bodies, which hold the authority for decision
relating to data assets
Tools are pre-prepared objects that support people carrying out procedures
Procedures are specific instructions designed to ensure policy is followed and
outcomes are measurable
Workflow for Approval
Checklists
Issues Register
Data Profiling
Data Sharing
Data Reporting
Regulatory Compliance
Data Asset Prioritisation
Data Exchange Agreements
Data Process Flow
Data Integration
Data Security
Strategic Drivers
Dim
en
sio
ns
Enterprise Oversight of Data
Enterprise Guidance on Data
Enterprise Quality of Data
Performance Metrics
Policies Procedures Tools
Data Executives
Data Owners
Data Stewards
People
Data Creators/ Data Specialists
1 2 3 4
12/09/2016 Data & Information Governance Office 7
Data & Information Governance Model
12/09/2016 Data & Information Governance Office 8
Policy Framework
Coordinating Committees
• Data Governance Steering Committee • Business Intelligence Steering Committee • Information Security Steering Group
Data Ownership & Management
• Data Areas • Data Executives • Data Owners • Data Stewards
• Data Governance Policy • Data Classification Standard • Data Handling Guidelines • Information Security Management System
Data Creator / Data Specialists Support
Strategic
Tactical
Operational
Data Executive
Data Owner
Data Stewards
• Provides leadership in data quality and in resolving conflict regarding data assets • Provides direction and priorities in specific Data Area • Takes leadership support for the data quality principles, policies and standards
across the Data Area
• Ownership of the Data Area on day-to-day basis – accountable for checking the Data Quality
• Provide managerial support to the data governance program and develop data management artefacts
• Provide operational help around planning and issues resolution
• Represent functional areas across the University • Identify and fix data issues within their respective business areas • Document and log data quality issues for resolution in source systems • Provide defined processes for conformance of data to acceptable levels
• Business SMEs • IT /source System/Application SMEs • Database Admin, System Admin, Application specialist, Developers, • Business Analysts, etc. • Researchers and Academics
Data Ownership and Management
12/09/2016 Data & Information Governance Office 3
Role High Level Definition
These roles are aligned to provide strategic leadership, tactical and operational excellence to manage the Data Assets
The beginning…
• Tactical and reactive approaches
• Ad-hoc delivery
• No finalised documentation
• No data or information governance
• No set roles or responsibilities
• No policies or procedures
• Not linked to IT Security
12/09/2016 Data & Information Governance Office 10
• Provide actionable insights for business leaders
• Enable leaders to understand their business operations
• Build predictive models to enable strategic planning
12/09/2016 Data & Information Governance Office 11
Driver: Need to develop strategic business insight capability
Foundations
Business glossary
Business metrics
Tools
Data sources
Data quality
12/09/2016 Data & Information Governance Office 12
12/09/2016 Data & Information Governance Office 13
Business Intelligence
Data & Info Governance
People
Process
Agile Customer focused
Repeatable Documented
Reduce friction Improve response times
Skilled Knowledgeable
Informed Customer
focused
Business driven Understandable Practical Useful
Informative Reliable Fast Strategic Solution oriented Predictive
Engagement
• Strong customer engagement – Business Advisory and Reference Groups established
• Important role for IT
• Need to build partnerships
• Used agile methods
12/09/2016 Data & Information Governance Office 14
Technology
• Adopting Collibra Data Governance Centre
• Starting with business glossaries
• Moving toward reference data
• Business case for Master Data Management
• Integration tools on agenda for next year
12/09/2016 Data & Information Governance Office 15
Data Classification – the classification process will involve appropriate risk assessment
Highly Sensitive
Sensitive
Data that if breached owing to accidental or malicious activity would have a high impact on the University’s activities and objectives.
Data that if breached owing to accidental or malicious activity would have a medium impact on the University’s activities and objectives.
Data that if breached owing to accidental or malicious activity would have a low impact on the University’s activities and objectives.
Data that if breached owing to accidental or malicious activity would have an insignificant impact on the University’s activities and objectives.
Private
Public
High
Medium
Low
• Student zID’s, passwords, UNSW IT systems login
• Student personal records and admission applications
• Faculty/staff employment applications, personnel files, benefits, salary, birth date, personal contact information
• Unpublished research data (at data owner's discretion) • Non-public UNSW contracts, policies and policy manuals • UNSW internal memos and email, non-public reports, budgets, plans or financial information
• Information authorized to be available on or through UNSW website without zID authentication
• Job postings, public research data, staff details, policy or procedure manuals etc.
• Public, available campus maps
Classify the Data Risk Assessment Business Decision
As per the approved Data Classification Standard
As per the UNSW IT Risk Management Policy
As per agreed Data Governance Roles and Responsibilities
Data Management and Operations
12/09/2016 Data & Information Governance Office 16
Identify the Data Owner Identify the Information
Assets Assess data risks
Apply data classification to the Information Asset
Apply the controls Data classification process:
People
• Getting the right mix of skills and institutional knowledge
• Not growing team too fast
• Building culture and relationships
• Developing technical capability
12/09/2016 Data & Information Governance Office 17
Key Factors in Success
• Data & Information Governance
–needs to be a good fit for each specific Data Area and the business operations it supports
– for each UNSW Data Area needs to be developed collaboratively with the stakeholders
12/09/2016 Data & Information Governance Office 18
There is no single ‘right’ answer for how to do it – the process needs to align to the business needs of each particular Data Area
What we’ve learned so far
1. Build slowly – don’t rush
2. Bring the customers along too
3. Culture drives strategy
4. Agile approaches work
5. Collaboration matters
12/09/2016 Data & Information Governance Office 19