 Hello and welcome. My name is Shannon Kemp and I'm the Chief Digital Manager of Data Diversity. We'd like to thank you for joining the current installment of the monthly Data Diversity Webinar Series, Real World Data Governance with Bob Siner. Today, Bob will discuss formalized data governance with policies and procedures. Just a couple of points to get us started. Due to the large number of people that attend these sessions, he will be muted during the webinar. If you'd like to chat with us or with each other, we certainly encourage you to do so, so just click the chat icon in the upper right-hand corner for that feature. For questions, we will be collecting them by the Q&A in the bottom right-hand corner of your screen. Or if you'd like to tweet, we encourage you to share highlights or questions via Twitter using hashtag RWDG, Real World Data Governance. And as always, we will send a follow-up email within two business days containing links to the slides, the recording of the session, and additional information requested throughout the webinar. Now let me introduce to you our speaker for today, Bob Siner. Bob is the President and Principal of KIK Consulting and then Educational Services and the Publisher of the Data Administration newsletter, TDAN.com. Bob has been a recipient of the Dama Professional Award for significant and demonstrable contributions to the data management industry. Bob specializes in non-invasive data governance, data stewardship, and metadata management solutions. And with that, I will give the floor to Bob to get today's webinar started. Hello and welcome. Thank you everybody for taking time out of your busy schedule to attend another one of the Real World Data Governance webinars. As Shannon mentioned, today we're going to talk about formalizing data governance with policies and procedures. So I've got a lot of content in this webinar, so I'm going to get to it relatively quickly. But one of the things I'd like to suggest is please take advantage of the chat group and the Q&A section. I'm curious as to how many of your organizations have data governance policies and what goes into the data governance policies and who has responsibility for enforcing these things. You know, I have my opinions. I've worked with a lot of clients that have data governance policies and I've worked with many that haven't necessarily had a data governance policy per se. But we're going to talk about the different components of a data governance policy, the roles and responsibilities that are really important to make certain that a data governance policy can be enforced. We're going to talk about a bunch of things. So again, glad to have you with us today. Before I get started, typically I'd like to run through a couple of the upcoming events. Certainly, as you may know, the Real World Data Governance Series takes place on the third day. And San Diego as well. At the DGIQ conference, I'll be talking about how to save a failing data governance program. For your information also, there's a learning plan, an online learning plan, a data diversity about non-invasive data governance. And as Shannon had mentioned, the data administration newsletter, something else that's near and dear to my heart, it's a free online publication that has a lot of information about a lot of subjects. Specifically, data governance is hit on quite a bit and that's not a surprise because I actually write a lot about the subject. So today in the webinar today, I'm going to discuss five really important things. The first thing I'm going to do is I'm going to spend a little bit of time talking about the relationship between data governance and data policy within the organization. Then what I'm going to do is as part of that piece, I'm going to talk about the different components to a data governance policy. And then I'm going to say there's a certain part of data governance policies that focus around core guidelines. And I'm going to share with you some guidelines and principles that I've seen included in data governance policies. We'll talk about the different data governance roles and how they're important to making certain that the policy is enforced and that people are following policies and procedures. I'm going to share with you a bunch of different tools and templates and things that I've shared before but that I like to talk about and that talks about basically how do you formalize data governance within your organization. And we'll talk about how those things relate back to the policy. Then we'll talk about measuring the results of putting a data governance policy in place. So without further ado, I'm going to first spend a couple minutes talking about the relationship between data governance and data policy in your organization. And one of the things that I suggest is that organizations ask themselves a couple key questions before they take the time and go through the effort of creating a data governance policy and putting the data governance policy in place and having it be backed and supported by management and the organization. We'll spend a little bit of time talking about what goes into a policy and I'll share with you some examples of things that I've seen included in policy. We'll talk about who owns the policy and then whose responsibility it is to enforce a policy around data governance in your organization. So the first question there is you got to ask yourself the question, is a data governance policy necessary within your organization? And over the years I've seen a lot of people attempting to put data governance policies, data quality policies, information security policies in place. Well, I thought I'd go looking for the best purpose statement that I could see around putting together a data governance policy. If we're looking to get people in the organization to change their behavior, we want to make sure that this policy is approved and it's really being used to influence and determine decisions, actions, and other matters. So if you're going to have a purpose statement in your data governance policy, you might want to include verbiage like this to say that the purpose of the policy is that when it's approved that it's really intended to influence people's behavior and determine decisions and actions and other matters that are associated with the policy. Another side question to is a data governance policy necessary is the question of do we want our data governance policy to do? And there's a bunch of different things that a data governance policy can do. One is to spell out the guidelines and principles that I mentioned earlier and we'll discuss four key principles here in a couple minutes. The first thing that the data governance policy might do for your organization is spell out exactly what data governance is to your organization, why it's important, why it's necessary. Spell out the fact that you even have a data governance program in place. I've worked with a lot of organizations that when we start to get into conversations with people in the business areas and in some of the technical areas that they don't even know that there's a data governance program in place. So some organizations use charters, others use policies and things like that to define that you have a data governance program. It may also spell out how the program works who has responsibility. All of these things that are listed on the screen that data governance policies can do for your organization. Now, I mentioned that these guidelines and principles are really kind of the core piece to the policy and I'm going to share with you four that I've found to be very helpful for organizations as they've gotten started putting together a data governance policy. So the question is really do you need a data governance policy? And the answer to that question is really it depends on your organization. If your organization is very policy driven and if you really require having a policy in place for data governance that senior leadership supports, that's really, the chances are you're probably going to need a data governance policy within your organization. Oftentimes, as I mentioned before, the data governance policy outlines who's responsible for the data governance policy, who has responsibility for enforcing the policy. So the chances are, you may need a data governance policy if these things are true. And you can look around your organization and see what other policies you have to see if the data governance policy is really going to add anything new to the equation. There's a lot of organizations that may not need a data governance policy, per se. Especially if your organization is not policy driven or your senior leadership can demonstrate that they're behind the actions of governing data in different ways. Maybe you don't need to have a data governance policy. As you'll see, some of the things that I'm going to discuss as far as being the guidelines and the principles for data governance policy, their word is pretty strongly. And if you can get your management to agree that these things are important and that you want to move in the direction of those guidelines and principles, it's really having a data governance policy that states these things will be very important. And you know what the chances are if you're in a fairly sizable organization that you probably already have some different policies in place around data. You might have an information security or privacy policy. There may be policies that are associated with the different regulations and complying to those regulations within your industry or within your municipality or locality where you're located in the country. You might have different policies that are already in place associated with your data. You might have data protection and data classification policies in place in your organization. Many organizations I've seen have had data sharing agreements and they set up these service level agreements for sharing data. So you may already have a policy in place around data sharing. Several of my clients that I'm working with right now have put together data quality policies and the data quality policies that they've put together have looked a lot like a data governance policy. So when you look at and you see what different policies you already have in place associated with the is effective if people are following it and certainly we want to talk to people in the organization and see if it makes sense to them and make certain that we at least add those components to the data governance policy that are important for our organization. So that first section of the policy is typically kind of an introductory section. It has a whole bunch of different types of things that you might want to include in it. A purpose statement, a scope statement, violations. And what I wanted to do is I wanted to share with you a couple of different things that you might want to include as the purpose, the scope and the violations. Can you hear me? Sorry, there was a horrible distortion about for a few minutes. Can you back up to the beginning of the slide, please? I'm so sorry. The beginning of the slide? Okay, I will do that. I don't know if it's coming from my end or not. So I don't know how much you caught if you caught it, but one of the first things I wanted to talk about was is the relationship between the data governance and the data governance policy. So the first question you may want to ask yourself is, is the data governance policy even necessary? And if it is necessary, then you might want to put together a purpose statement, something that states why we need a data governance policy in the first place. And one of the things when I did a little bit of research, I looked at what some of my clients have said as to what the purpose of the policy is. It's to approve and intend to influence and determine decisions, actions and other matters. So the question really becomes, do we need to have a purpose statement for our data governance policy? If you're thinking about doing that, that might be a statement that you might want to consider. One of the things that a data governance policy can do is that it can spell out different information about what a data governance policy does. It may spell out what data governance is in the first place, spell out why data governance is important and necessary for your organization. It may even spell out, because everybody in the organization might not be aware that you have a data governance program. So creating a policy around data governance might be able to be used to spell out that you have a data governance program in the first place. The policy itself might spell out how data governance will work and who in the organization has the responsibility for putting governance in place. So the question is, is a data governance policy going to be necessary within your organization? Or a data governance policy may be necessary if your organization has policies for a lot of different things. So if your organization is policy-driven, then yes, it might be important to create a data governance policy. Also, the fact that data governance policies or policies of all types are typically approved at a senior level in the organization. Well, if you have a data governance policy that's signed off at the senior management level, it certainly demonstrates a level of senior leadership support for data governance and for the fact that a policy even exists. Oftentimes, the data governance policy is necessary if you really need to outline who's responsible and who's going to enforce the rules that are associated with data governance. On the flip side of that, the data governance policy might not be necessary within your organization. And that might particularly be true if your organization is not policy-driven. And oftentimes, you can tell. You might know from what policies already exist around data, around other things, whether or not a data governance policy per se is necessary in your organization. But if you're not policy-driven, then there's a really good chance that you may not be necessary to put a data governance policy in place. Oftentimes, senior leadership may demonstrate support for data governance in another way. They may not need a policy to approve in order to demonstrate that they support the actions of governing data within your organization. And some organizations, it's better served for them to just provide guidelines and things like that that will help people to kind of stay on track with managing data as a valued asset within the organization. And the truth is, you may already have a whole bunch of different policies in place. Data information security and privacy policy, a regulatory or compliance policy, certainly data protection and data classification policy, those things are really the reason for many data governance programs is to make certain that we're going to be GDPR compliant, or that we're going to protect PII data or PHI data. And many organizations have data sharing agreements and things like that, service level agreements between parts of the organization that are sharing data. And then they may have, and several of the clients that I'm working for right now are developing data quality policies. And the data quality policies are put in place to help people to understand what the rules are associated with managing the quality of the data. So again, you may not need a policy if you have a whole bunch of policies around data already in place. And the question you may want to ask is what will a data governance policy add that these other policies that are already in place don't already address? So again, you may need a policy, you may not need a policy, but one of the things that I wanted to share with you is what some of those things are that fit into a data governance policy. So I already shared kind of a purpose statement. We know that we need to have a purpose for our data governance program. We need to have a purpose for our data governance policy. Well, there's several other things that I see, typically that are included within a data governance policy. And one may be an introduction, a policy statement, and again, there's a set of core principles and guidelines that I'm going to kind of pull out of this section of the presentation and talk specifically about those four guidelines and principles. And then how are we going to measure the policy? What are the dimensions of data governance that we can use to make sure that the policy is working for us and that the people in the organization know and understand the fact that a policy even exists around data governance? So the first item that I mentioned was the introduction. And oftentimes the introduction to a data governance policy contains a purpose, a scope. It discusses violations. It somebody doesn't follow the policy. So what I wanted to do is I wanted to share with you quickly several of those things that would go into the data governance policy into the introduction. And these are sample things like purpose statements and visions and what the scope of the policy may be. So this is an example of a purpose statement for a data governance policy that the data governance policy is designed to manage escalation of data. Can you hear me? Yes. Okay, because there it goes. It cleared up again. I don't know if it's your telecom line. But the feedback was back again. Okay. Do you want me to go back a little bit, or can you from here? It's really bad on your end. Actually, I apologize everyone. Bob, can you hang up and call back in? I will definitely do that. I'll be right back. Hi, all. Thanks for staying tuned. I apologize for the technical disruptions as I tell people all the time. Technology is great when it works. So we'll get Bob called back in here so we can get him on a clean line. It definitely sounded like he was gargling. It looks like you're logged in twice, though. Is the next door window that you have that you can close? Yes. Hold on. Let me close that other window. Let's start at the top of the slide again, and I'll have our fabulous editor work through the video. That works for the recording folks, so. This hasn't really happened before that we've had these issues, but now I'm having trouble seeing the slides on the screen. Okay. You're currently, so try and move the slide. Sorry, folks. Yeah, really sorry, folks. You know what? Am I still logged in because I don't see myself? Yeah, I see you on. Okay. And I'm going to, here I am back on. So, okay, are we going to go back to the top? Yeah. Everyone's saying I caught you pretty quickly, so maybe start at the introduction and purpose. And then I will actually start at the beginning of the slide and I'll have our editor go through. And I apologize, folks, if we can run over a little bit today. Oh, that's too far back. This is the beginning of the slide. Up to slide 12. Up to slide 12. Okay. Getting there? Yeah. Sorry, folks. Yeah. Sorry, folks. Hopefully it'll be a little bit better at this point. The top of that slide. And again, thank you, folks. You know, isn't technology wonderful? You know, we do the best we can to put on the best webinars we can. Sometimes there's technical glitches. We've got wet bad weather in the Pittsburgh area. So if I'm repeating myself to you, I really apologize, but I'm going to try to get through these slides and hopefully we won't have any other problems moving forward. At the top of the slide. Great. If you started at the top of the slide there, that's great because then I can edit out the other stuff. Okay. Comments there. Okay. Okay. So one of the first things that's really important to discuss is the relationship between data governance and data policy. So we might want to talk, you know, we've talked a little bit about is a data governance policy necessary? You know, when do we know that a data governance policy is going to be something that's necessary to the organization and when is it not necessary? Well, a couple other things that you might want to ask yourself, what do we include? You know, what basically goes into a data governance policy? And oftentimes there's an introduction to the policy that includes things like purpose statement, a scope statement. What happens if somebody violates the policy? So here I'm going to share with you real quickly a couple examples of what goes into a purpose, scope, and violation statement. So the first thing is the purpose itself, which is that the data governance policy is designed to manage creation, transformation, usage of data. You know, for the data that's owned by your organization or that's being managed and care of your organization. So the purpose statement is something that would go into the introductory part of your data governance policy. The next piece is the scope. What would go into scope? So you got to really identify what and who in the organization is going to be impacted by the data governance policy. So, you know, here's an example of a scope statement that the policy applies to all employees, contractors, you know, temporary employees, and those people that are associated with the organization. So typically if you're going to have a policy that talks about things like protecting sensitive data, well, you're not going to want to just focus that on a specific group of people within the organization. Basically, a typically in a scope statement, it says that everybody that works at the organization would have some, would be impacted and that the policy really applies to everybody within the organization. You know, a statement of violations might include things like the fact that the violation is considered a serious breach of trust and that there would be the potential that there would be some disciplinary action that would be required or that would be in effect if people in fact don't follow the things that the policy has defined for you. Also, within a data governance policy, organizations have been known to put a policy statement. So I wanted to share with you a brief example of what a policy statement might look like. Again, I hope you'll be able to go back and look at this webinar if you're thinking about creating a data governance policy and potentially use some of these different things that I'm sharing, the policy statement, the purpose, the introduction and those types of things, certainly the guidelines and the principles that keep people on track for making certain that they're following the things that are being spelled out by the data governance policy. You know, oftentimes there's, like I mentioned before, the data governance guidelines and principles and in fact I kind of pulled them out of this section of the webinar today and have a separate section that really focuses on those four core guidelines. And you'll notice when I talk about those things that if we can get our senior leadership to buy off on or to sign off on the fact that these principles are necessary, then it's really the support and the backbone of a solid data governance program. So I'll share those with you in a second. Then there's also other things like the dimensions. How are we going to measure whether or not a data governance policy is being followed? Those things might be typical dimensions of data quality might be included in there. So how well are people able to access the data? How accurate and complete is the data? Consistent is the data and those types of things. So I'm going to share with you a graphic here in a second that talks about the different pieces of the policy and how they kind of fit together and then we'll focus on those core guidelines. But we also need to answer the question who in the organization is going to have ownership of the data governance policy? And so in order to do that, we need to define what it really means to own the policy. Now I've seen organizations where the data governance office or the data governance team has responsibility for the policy. But then the people in the organization that stand behind the policy or that have approved the policy or at least taken the policy to the appropriate level of the organization, the data governance council also plays a role in the ownership of the data governance policy. So I'm going to spend a little bit of time talking about the different roles and how they come into play when we talk about implementing a data governance policy in our organization. And then the other question is who's going to enforce the policy? And that's always the key question is if there's going to be penalties, if there's going to be problems that are going to be caused by not following the policy and that those issues are going to be enforced, we need to define, well, what does it mean to enforce the policy? Are we going to give people warnings? Are we going to give them a flap on the wrist? But what does it mean to truly enforce the policy? Are the same people in the organization that have that responsibility responsible for communicating the policy to people as well? You know, is it also the group that makes certain that the policy is being followed and what exactly does that mean? You know, the group that enforces the policy, sometimes they have responsibility for taking measurements to see how well the policy is being followed in the organization. Sometimes that's also the responsibility of the data governance organization or the data governance office or data governance team, whatever you call it within your organization. So if you've been attending the Real World Data Governance Webinars for some time, you may have seen this graphic before. And in fact, I had a client that I developed the first version of this graphic around, and they basically told me that a picture is worth a thousand words. And so this diagram basically is in the middle, and we'll talk more about those things in a second, but oftentimes the policy translates into specific examples that you have in your organization associated with the governance and the management of data and then how we're going to measure those things within the organization through things like accessibility, accuracy, completeness, and consistency. So this diagram is really important, but really, most specifically, those things that are in the middle of the diagram, when it comes to the core guidelines for an organization to embrace and core principles that are often included within a data governance policy, these are the four principles. So what I want to do is I want to walk through each of these four principles and just talk about them briefly as to whether or not they might be something that would make sense for you to adopt as part of your data governance policy in your organization. So the first one is that data is recognized as a valued and strategic enterprise asset. And if we would include that in a data governance policy, and we would ask that people at the senior level of the organization would recognize that and that they understand that data is a valued asset, to have their signature on a policy that states that data is a valued and strategic asset is an important step for your organization. Accountability for data is clearly defined, recorded and enforced. Well, that's very important as well. And we'll spend a little bit of time talking about how that accountability really is acts as the backbone for your data governance policy. If data is managed to follow internal and external rules, that's a no-brainer. In most organizations, the rules that are associated with your policy or the rules that are associated with handling data and protecting data and sharing data are very important and they need to be stated as such. And to state within your policy that you're following these rules is very important. Data quality is defined and managed consistently across the enterprise. That's another guideline that I suggest that organizations, if you're going to create a data governance policy, that you include that as a guideline for you. And the one thing that I really want to stress is that this is a very important slide. If you recall by the graphic that I shared with you, those things that I circled in red or I put a square around in red, those are the most important aspects of your policy. So again, if you can get your leadership to sign off on the fact that the policy exists and that they believe that data is a valued asset and that they know that accountability needs to be clearly defined, these four core principles often lie at the heart of a successful data governance policy in your organization. So the first one was that data is recognized as a valued asset and a valued and strategic enterprise asset. So when we look at the data, we can understand that the data can have a positive value on the organization, but it can also have a negative value on the organization. So if we're going to define that data is recognized as a valued and strategic enterprise asset, then we want to be able to articulate what the positive value is that quality data provides to the organization. So we want to make certain that we have data that's fit for purpose and that it addresses the analytical purposes that are required by the organization. So we know that there's a lot of different positive values that can come from having good, clean quality data, but we also recognize that data can have negative value as well. It can cause people to take more time to get to their results, to get to their answers, to make decisions. It may also provide the wrong answers to the questions that are being asked of the data. So we know that data has a positive and a negative impact on the organization. Think about, including in your policy, those statements of what the positive value are that data can have and the negative value that data can have. So when I talk about data as recognized as a value asset, I want to kind of elaborate on the word recognized. And if you've attended my webinars in the past, you know I talk a lot about defining, producing, and using data. And so in order for you to recognize data as a value asset to the organization, then you want to make sure that you're governing and that you're managing the definition of that data, that you're managing the production and where that data comes from to make sure that you have high quality data. And by all means, you know that you need to recognize that the usage of the data must be governed. If you're doing sensitive data, you know what data is sensitive and how they can and cannot handle that data. The second guideline was the accountability for data is clearly defined. So I'm going to share with you in a moment a pyramid diagram that I've shared before, which is the operating model of roles and responsibilities. So oftentimes when organizations are clearly defining accountability for data, that will have different layers of responsibility around the management of data. So if you've attended my webinars in the past, if you attended the one that we did last month about everybody is a data steward, get over it, you know, the way that I think about it is that in order to have complete coverage of your organization and make sure that everybody who has a relationship to data is held accountable to that relationship, you know, that accountability is based on a person's relationship to the data. So if they define the data and they have the responsibility for defining the data in such a way that it's going to improve not only the collection of the data but the usage of data, if you have responsibility for producing data, then you need to know how the data that you're producing impacts people in process along the line in your organization. And again, the no-brainer is the usage of the data. How we can and can't share data that we want to make sure that we clearly outline that people that use sensitive data have a certain responsibility around protecting that data and how they're handling and using that data. And as I said, everybody is a data steward and I think that we need to get over that in order to have complete coverage of stewardship within the organization. Data is managed to follow internal and external rules. And again, that's another no-brainer. Typically, a principle like that is not optional. So there's different rules that are coming at your organization from either internal sources or external sources. There's internal data management rules and handling rules for sensitive data. Oftentimes there's law and there's legal implications to making sure that your data follows regulatory concerns and that the compliance for that data. So we know that as one of those core principles we need to manage and follow internal and external rules and regulations associated with the data. And so those rules and regulations also must be documented. They need to be put in a format that people will not only read but they'll understand and they'll make part of their daily activities associated with the data. Make sure that the policy is communicated, that those rules are communicated and it's really not worth a darn unless you have some way of being able to enforce that the rules are being followed. So this is the third guiding principle that you might want to consider including within your data governance policy. And the last principle is that there's four guidelines to consider or is that the data quality is defined and managed consistently across your data life cycle. And that would be to make certain that data quality is not only the focus of your traditional waterfall methodology approach and projects but also your agile methodology takes into consideration different aspects of the data life cycle to make certain that we are managing the data consistently and that we're looking to find high quality data in every piece of the data life cycle. Also when you're reacting to issues and you're responding to data issues and data problems in your organization you want to make certain that the data focus is also included in those reactive solutions. So again as I said the different pieces of the data life cycle include data definition, data production and data use. And you want to make sure that data quality is being managed when data is being defined meaning having high quality metadata and information about the data when the data is produced we want to make certain that the people that are producing the data understand the impact that they have from the data that they are producing and again as data usage as I talk about a lot the need to make certain that the people that are using data that have rules associated with it that they understand the rules and that they're following the rules. So again I'm not going to go back to the slide but that slide that I marked is the management data governance principles that you might want to apply to your data governance program. Now I also mentioned that I'm going to talk about the different roles and responsibilities that are associated with a data governance policy and a data governance program and I could spend the whole time the whole rest of the time kind of going through the different pieces of this data governance operating model but I've shared that in other webinars and the fact is that we know we have people at all different levels of the organization that understand data governance and follow the responsibilities that come with their relationship to the data. So we've got the operational and tactical data stewards we've got the data governance council or some similarly named part of your organization you might have a senior leadership team our steering committee friends team data governance office all of these people need to be involved in and know the differences, the difference that having a policy versus not having a policy will represent within your organization. So I wanted to share with you that diagram and tell you that these are the primary roles all the different players that might be associated with not only defining a data governance policy but implementing a data governance policy in your organization. So those groups that I suggest might be really involved in the data governance policy would be the data governance office or the team that has the responsibility for planning data governance the data governance council, the steering committee the partners and let's not forget the data stewards because we know that everybody in the organization that has a relationship to the data needs to be held formally accountable for that relationship to the data. As I said everybody is the data steward and we need to get over that. The data governance office and what their involvement is in the creation of a data governance policy. Well the truth is and I've learned this from experience in a lot of organizations is that somebody in the organization or some group needs to have the responsibility for authoring the policy. For authoring the policy in the first place and then taking it through the approval process and making certain that the policy covers all things that policies must cover within the organization. There are some organizations that have policy management policies which means that in order to manage a policy certain things need to take place and typically within the organization the policy is not going to create itself so therefore the data governance office needs to do it. Somebody also needs to be and have the responsibility for communicating that policy across the organization. So let's be involvement in the data governance council and those are the people at the strategic level so again I'm showing the operating model in the bottom right-hand corner and I'm pointing at the piece of the operating model that I'm talking about and oftentimes what I've found is that the data governance policy is taken to the data governance council. Again the people in the organization that strategically represent different parts of the organization oftentimes the data governance council gets the first crack at approving the policy and making certain that there's a commitment to enforce the things that are in the policy and you have to seek out that commitment from people at the council level of your organization and oftentimes not only is it important the data governance office where the data governance team create the policy this level the data governance council is the level where things are expected to take form and we're going to be able to make things happen so we want to make sure that the data governance council and they oftentimes act as that liaison between the data governance office and the steering committee or those people at the highest point of the operating model so we want to make sure that the council is well-versed in why there's a need for policy and what goes into the policy within the organization. The steering committee well actually I mentioned that the data governance council might be the approvers of the policy but typically people at the data governance council are not the people that are going to sign the policy it's going to be people that are above them so a steering committee or a management committee they're basically the ultimate approvers of the policy and they're also the ultimate people that are going to have responsibility for making sure that the policy is enforced and so typically if you don't have the support of your executive level of the operating model then the policy will call for something to become policy in the organization so we know that we want to have sign-off from those people in the organization that have the most support or should I say the most weight behind their signature and what that will include on the policy. We also want to include the data governance partners and that's one of the two sidebars on the left side of the operating model and that might include people from the information security team, privacy team, communications team get those people involved in helping to make sure that the policy is well communicated across the organization and there may be other policy teams in your organization that you can learn from but we want to make sure that we're involving the appropriate people in the not only the development but the deployment of the policy and here are some ideas that are involved in that conversation and then of course we've got the data stewards that everybody in the organization or those people at the operational and tactical level these are people in your organization that are expected to know that a policy exists they're expected to know what's in the policy and if you look at the scope statement that I included earlier these are people that are expected to follow the policy without being followed and again the mere fact that anybody that has a relationship to the data needs to be held formally accountable for the data as I said again everybody in the organization is potentially a data steward and we need to get over that fact that means that we need to communicate effectively this policy to all the people of the organization so what I want to do is I also want to share with you a couple of different races and similar types of constructs to formalize data governance with procedures and what might be some of the artifacts that you can use to help to formalize data governance with those procedures and one thing that I mention often is I really don't like it when people call these procedures data governance procedures because it really is pointing a finger at data governance it says the reason why we're doing these procedures is because if data governance is telling us that we need to do that procedures that are governed again rather than calling them data governance procedures so in the non-invasive approach to data governance typically I talk about looking at procedures and applying the appropriate level of governance to the procedures and certainly there will be additional levels of governance that are necessary that are associated with your data governance policy I talk about the data governance bill of rights which is basically the word rights is in quotes indicating the right people involved at the right time for the right reason within your process and that's really what these tools are used to set up if you're familiar with racy charts and activity charts and things like that well you may want to consider using some of these templates that I'm going to share with you in a second the governance activity matrix and I'm going to share a couple different versions of that those can be used to formalize governance through procedure make sure that you're getting the right people involved at the right time for the right reason and so on so what are some of those data governance or what are some of those procedures that need to be governed well I wanted to provide you with a short list actually it's a two part list the different types of procedures that governance might be applied to again we don't have to rename them data governance processes or procedures we need to apply governance to these procedures and processes so data access resolution and how we define produce and use data and certainly what we want to do is take a look at the methodologies that we're following and apply governance to those to the steps of the methodologies that we're following so there's a handful or maybe more than a handful of different procedures that you might want to govern and certainly data retention and the elimination of data data quality management metadata management glossary dictionary require that you have processes in place not only for defining these things in the first place but making sure that they're being enforced you know when it comes to the glossary and the dictionary you know we want to make certain that that work that we put into creating a glossary or dictionary can also be governed and I'm going to share with you kind of a flow chart example of how one organization did that here this is kind of a tickler for next month's webinar because we're going to talk about this in a little bit more detail but typically I talk about there being three different levels of metadata that are important for us to manage within our organizations and if we put the time and effort towards creating the glossary and the business terms creating the dictionaries for specific data applications within our organization that we want to make sure that we're putting process in place to manage those types of tools that we're putting time into for our organization so they're not one time efforts there's actually process and procedure that is behind creating the glossary creating the dictionary capturing the technical metadata so that people will better understand and better use data so I'm really showing you this diagram to really show you this diagram which is the one that just shows kind of a high level chart that we need to engage in the process of making certain that we're keeping these things up to date so this is an example from an organization that put a lot of time and resources into creating a business glossary and creating a data dictionary and they wanted to make sure that they put kind of severe change management processes in place associated with these assets that they're now creating for their organization this is an example it's the beginning of a racy chart but basically an organization that I worked with defined six primary procedures that they wanted to govern so resolving information quality issues monitoring risk monitoring quality those types of things and they set it up in a spreadsheet format that if you clicked on one of those lines that are underlined in blue you'll see that a racy chart will pop up and the different roles across the top and the different steps of the process down the left-hand side we may want to be able to document who's responsible, who's accountable who's supportive, who's consulted and who's informed but creating things like these tools help people to understand when they're going to get involved in the different processes that we are governing and apply formal governance to these processes there's another example of a racy chart that I wanted to share with you a data issue resolution chart and as you can see it has the different roles and responsibilities across the top and the different steps of the data quality and issue resolution process down the left-hand side so if we're looking to formalize governance with procedures then one of the things that we know that we need to do is make certain that people understand when they need to get involved how they need to get involved what their time commitment is going to be so if we're going to formalize governance with a procedure you may want to consider creating an activity matrix or you may want to include different types of charts that I've shared with you or other types of charts to make sure that you're formalizing those procedures and you're getting the right people involved at the right time and so on so the last thing I want to share with you today is information about measuring the results of putting a data governance policy into place so there's four things that I want to talk about in relationship to formalizing or to measuring the results of putting a policy in place the first one is I'm going to share with you some metrics that you might want to consider and to associate with your policy have an idea as to whose responsibility it is to put together the matrices and who should see the metrics and who we're going to share that information with and then the last thing is and I've been told that the auditors aren't your friends I kind of disagree with that statement I want to say that if we're going to be able to audit our policy and prove that it's being followed that we need to have auditable metrics as well so I'm going to share with you a little bit about that the metrics that you ought to consider putting in place associated with your policy is how many people in the organization know that there's a policy what percentage of the core groups in the organization that are going to be expected to follow the policy have been educated how many of the processes and procedures that I listed for you or others that you may list are being governed and being governed in association with the things that we've defined as the outline or the guidelines for the data governance policy the number of the different partners that we've involved again going back to the operating model now talk about different data governance partners who are we involved in the processes and procedures of putting a policy in place things like the number of data incidents that have been reported how you've progressed on these incidents are also things that can be measured within your organization so I always expect that if you're going to put a policy in place and you're expecting to enforce that policy that you're going to put metrics in place to be able to demonstrate to your organization how people are following the policy and how many people know about the policy who has the responsibility for the metrics I often find that it's the data governance office that has that responsibility but often times again as their partner in crime the data governance council the data governance office might want to share with the data governance council exactly what the metrics are how we're going to be able to tell whether or not the data governance policy is being followed the steering committee is also going to be made aware of them the data governance partners and of course like I said before they want to involve all the people in the organization that have a relationship to the data and it's important to again consider that the data stewards are really the biggest recipients of the policy because they're the ones that are being expected to follow the policies and actually to assist in the reporting of the metrics associated with the policy one of the last two things I want to mention is once we've created these metrics through dashboards pie charts and things like that who do we want to share these metrics with and I suggest often times that we take these metrics to the council first to show what progress data governance is making as a whole within the organization you're going to share those metrics with people at the steering committee level as well the partners and again of course the data stewards we know we need to make certain that the data stewards understand that now that they've been educated to follow the rule of law that has now been set forth by the data governance policy within your organization and I mentioned as kind of a last piece here is that we really should probably involve the regulators internal regulators external regulators anybody that has responsibility for making certain that the data is being managed well involving people from a privacy and an information security perspective so there's a lot of things that we need to put in place it's one thing to kind of have the construct to put together a data governance policy it's another thing to make certain that that policy is communicated effectively and that people are being expected and are being recorded as to how we how they're following the policy and oftentimes to do that we need to involve the appropriate people at the appropriate time in the definition of the policy and then the enforcement of the policy so basically in this webinar I've discussed these five things I spent a little bit of time talking about the relationship between data governance and the data policy and whether or not a data governance policy would be important within your organization you know I spent some time talking about those core guidelines data as an asset clearly defined accountability following the rules and making sure that we're consistent those are four core guidelines that I've seen included within a data governance policy we talked about the different roles of the operating model that I shared with you and how they're important to making certain of the policy and procedures that are being followed I shared with you some racies and similar constructs and then we talked about measuring the results of formalizing policies and procedures and with that I feel like I've shared a lot of information I'm going to turn it back over to Shannon from today or see if we have any Q that I can provide the A to Bob thank you so much for another great presentation and thanks to our community again for being so patient and grateful through the sound issues I really appreciate it I just love the community that we are involved in Bob if you have time I'll let it go over five minutes here because we did have to pause if that's all right with you we'll get some answers Bob also writes up the answers to the questions so if you think of questions and we don't have time to get to it Bob will write up the answers and we'll get that included in the follow up email which will go out by end of day Monday with links to the slides, the recording, his matrices and anything else requested throughout so diving right into it a lot of great questions coming in of course as data governance policy is developed and crafted you did talk about this a bit further on in the webinar but just do you want to summarize again who should be involved in the process so often times somebody as I said before needs to have the responsibility for creating the policy and often times if there's not other people in the organization that have the specific responsibility for creating policy it's going to fall in the lap of the data governance office the data governance team the planning team and such so obviously those are the people that often times get involved in the development of the policy my suggestion was that we take the policy to the council and the council kind of helps us to guide the data governance office and the things that they should be doing so we should be sharing the policy with the data governance council and getting feedback from them but then ultimately the ultimate approvers of the policy are going to be people on the steering committee people at the highest level of the organization because none of these times that I spelled out are really sustainable or enforceable unless you have some type of leadership management agreeing to that so certainly the data governance office the data governance council the data governance team we also want to make certain that we share the data governance policy with basically all levels of that operating model of roles and responsibilities so the stewards need to know the policy they need to live by the policy so the managers may be those people in the organization that are providing us support and helping us to enforce the policy so basically there's a lot of different people that are a lot of moving parts in the creation of a data governance policy but I would start first and foremost with the data governance office and the people that have responsibility for the program itself so what would be the difference between a data governance policy versus a data governance charter which would have similar components that's a great question because there are organizations that create charters around data governance in lieu of having a policy and often times charters need to be approved at certain levels of the organization as well I would say that a lot of the components that I spoke about that could be included in a data governance policy the introduction the policy statement the guideline statement the dimensions that those could be included in a charter as well so I don't necessarily make a big differentiation between data governance policy and charter I typically find though that organizations don't have both a charter and a policy although some of you may disagree with that that's how I typically see it that a charter might be created in lieu of having a policy what about applying data governance to business processes processes I call them business processes I think one of the best ways of being able to apply data governance again getting the right people involved at the right time is to create one of those constructs that I shared with you the activity matrix or the racy matrix that helps to let the data people of the organization know when they need to get involved in the business process so my suggestion in applying governance to business process is use a tool like that for people to understand as to what exact role they play within that business process so again I think that documenting the process is the first step but then again applying the appropriate level of governance to the different steps of the process is really a main step in doing that the individuals responsible for bringing the third party data be declared data producers may the individuals responsible for bringing the third party data be declared data producers yes organization or who has the responsibility for creating the data itself in my mind could be considered a data producer I know of a lot of organizations that are getting data from third parties but they're also in those third parties might be their partners or might be their vendors or suppliers in their organization so to have a policy that's associated with the data producers to make certain that they're following the appropriate guidelines and requirements for data that's entering the organization we need to involve the data producers in data policy data management policy data governance policy so let me see if we can go into we've got a couple other questions here since technology is ahead of rules and regulations should we focus on making explicit policies should our focus be on action plans well yes and this should never be an afterthought data should be involved in the action plans that you're creating again how you're going to apply governance to specific processes and procedures are going to be more important but if you have an action plan for how your organizational transformation or you're developing or redoing creating a data lake these are major projects that have action plans associated with them so my suggestion is that by having a data governance policy or having a data management policy it almost assures again as being that backbone that we're not going to keep data as an afterthought it's going to be something that's going to be in the forethought of the strategy associated with that action plan so yes I say applying data roles and responsibilities to an action plan is very important sorry Bob, well that is the time we have for today thank you so much for another great presentation and again thanks to all of our attendees for being so fabulous and being so engaged in everything we do we just love it I hope you all can join us next month for next month's webinar and again just a reminder I'll be sending out the follow-up email by end of day Monday for this presentation with links to the slides, the recording thanks again for everybody I hope you all have a great day thanks Bob