 Shannon Kemp and I'm the Chief Digital Manager of Data Diversity. We'd like to thank you for joining the current installment of the Monthly Data Diversity Webinar Series, Real World Data Governance, with Bob Siner. Today, Bob will be discussing Data Governance versus Information Governance. Just a couple of points to get us started. Due to a large number of people that attend these sessions, he will be muted during the webinar. If you'd like to chat with us or with each other, we certainly encourage you to do so. Just click the chat icon in the bottom middle of your screen for that feature. For questions, you'll be collecting them via the Q&A in the bottom right-hand corner of your screen. Or, if you'd like to tweet, we encourage you to share highlights or questions via Twitter using hashtag RWDG. And if you'd like to engage more with Bob and continue the conversations after the webinar, you can go to the Data Diversity Community at community.dativersity.net. As always, we will send a follow-up email within two business days, containing links to the slides, the recording of the session, and additional information requested throughout the webinar. Now, let me introduce you, our speaker for the series, Bob Siner. Bob is the President and Principal of KIK Consulting and Educational Services and the publisher of the Data Administration newsletter, teedown.com. Bob has been a recipient of the Damon Professional Award for significant and demonstrable contributions to the data management industry. Bob specializes in non-invasive data governance, data stewardship, and metadata management solutions. And with that, I will go to the floor to Bob to get today's webinar started. Hello and welcome. Hi, Shannon. Hi, everybody. I hope everybody's having a great day. I really love this subject, so I'm looking forward to talking to you about data governance and information governance. And like I said, thanks for joining us today. I really wish that I could see each of you and I could ask how many of you call your programs data governance and how many of you call your programs information governance. And actually, I'm wondering why you would make that decision and how you differentiate between the two, how you differentiate the difference between data and information. This should be an interesting webinar today. We're going to talk about this in terms of governance. I'm going to introduce some new subjects as well, one being records management, records and information management. And if I have time at the end of the webinar, I want to share with you a quick case study of an organization that's calling it information governance rather than data governance and they'll share or at least I'll show you why they decided to name it that way. Before we get started, I just want to run through a quick summary of some of the things that are coming up. As you know, we do the real-world data governance webinar on the Thursday of each month. Next month, I'll be talking about staying non-invasive in your approach to data governance. If you're interested in learning more about non-invasive data governance, and I talk about that subject a lot, there's a book on the subject. I'll also be speaking at a couple of data-versity events coming up. One coming up quickly in October, the Data Architecture Summit, and then the new data governance vision event in December. I also have two classes available or learning plans available through the Data-Versity Training Center. One's on non-invasive data governance, the other on non-invasive metadata governance. As Shannon mentioned, I've been publishing the data administration newsletter, T-Dan, for many years, many years with assistance from Data-Versity as well. And last but not least, there's KIK Consulting and Educational Services. KIK stands for Knowledge is King. So you can find out anything that you want to know about non-invasive governance at that site. So let's jump into what we're going to talk about today. So typically, I outline the five subjects I'm going to address. I'd also hope to spend a little bit of time talking about that information governance case study as well. We're going to talk about, first of all, what it really means to govern something. What does governed data look like? People want to know what the end result is going to be, and I think that's something that we could use to sell to our management. What does the data look like that's governed versus the ungoverned data? We'll spend a little bit of time talking about the governance definition, and it really depends upon the context of what you are governing. We'll talk about differences between the data governance and information governance using a framework that I share often about the core components of data governance. Talk about how to select what you call your program and whether or not what you call your program really matters in the long run. It really matters as to what we're doing and the success that we're having with governing information assets in our organization. I want to start out with when I'm describing what it means to govern something, my definition of data governance. I word it very strongly, and I do that for a purpose. I want people to understand that in order to govern data at the end of the day, they need to execute and enforce authority. Some organizations decide to tone that down a little bit. Some organizations like to keep it exactly as it is. They say formalized behavior, formalized guide. I like the idea of executing and enforcing authority, and it's worded quite strongly for that purpose. It makes people sit forward in their chair to want to know what do we mean by executing and enforcing authority. Let's look at my definition of data stewardship, which basically uses the same expression. It says that data stewardship is the formalization of accountability over the management of data and data-related resources. If you think about it, you could exchange the word data for the word information. You could change it for her records. You could change it to whatever it is, processes, if you're going to be governing your processes. Those are good definitions to start with when it comes to data governance and stewardship. We need to execute and enforce authority, and if we take the approach that we're formalizing accountability, rather than handing it to people as something new, the feeling is that this is less invasive to what their present work experience is all about. A quick definition of non-invasive data governance basically ties those two definitions together. We're going to apply governance to process rather than redefine all of our processes. We're going to do it using non-invasive roles. We're going to make certain that we are defining, producing, and using data or records or information the way that it needs to be defined, produced, and used. Really, the bottom line of non-invasive data governance is that we're trying to be transparent and supportive and collaborative. Non-invasive really describes how governance is applied to the organization. Rather than being about command and control or taking a traditional, if you build it, they will come approach. The idea is to say, well, you're already doing this to a certain extent. If we can formalize that, that may help you to accept the principles of governing data a little bit better. I went to the dictionary and I said, well, how does the dictionary define the word govern? I highlighted in red on this slide all the different words that they use just within the top three lines and how they're defining what it means to govern. They say to direct and control and sort of direct the actions and regulate by authority. There's a lot of very descriptive words there. At the end of the day, what we're trying to do is make certain that something gets accomplished. We need to do these things. Let's take those words highlighted in red and just look at them individually and say, it's direct control, regulate, influence, and force that are all pretty strong words. That's some justification as to why I use the definition that I use. I say that data governance is really the execution and enforcement of authority. And again, wording it strongly because at the end of the day, we need to be able to make decisions around the data. We need to determine what's right and what's wrong. We need to define standards. We need to follow the rules when it comes to protecting information that's classified in such a way that you need to be careful as to how you handle it. So again, I like with the definition that we put some words in there that are going to be forceful because really at the end of the day, if we can't execute and enforce authority, what do we have? I mean, we're just going around in circles. We need to have an escalation path. We need to have a way of deciding what it is that we want to accomplish with our data or information or records. And so the other part of that is really what it means to govern something and that is what is the thing that you're governing? So we can be governing data or information. We'll talk about the differences between those records. You see a lot of people focusing on records and information management these days. In fact, I'll be giving a presentation at Data Governance Vision in December on records management and how that applies to data governance. It can be content. It can be metadata. As I mentioned when we started the webinar, I have a class available through Data Diversity on non-invasive metadata governance. And the tagline that I use from that is that the metadata is not going to govern itself. None of these things on the screen right now will govern themselves. We need to have people responsible for it. In fact, I say we formalize accountability as my definition of stewardship. We need to have stewards for these things if we want them to be beneficial and useful to the organization. So there's the two pieces. What is it that we're trying to govern and what do we mean by governing it? Well, it really becomes confusing. I mean, I've seen organizations define its information governance because it hasn't worked as being called data governance for silly reasons like that. I've seen organizations call it something that doesn't even have the word governance in it, like information asset management or data asset management. Now, the truth is what we're governing when we put governance in place is people's behavior. In fact, a good friend of mine, Len Silverstone, I've had a guest on my webinar series, was the one who at least I first heard it from who said we should call this people governance because the data is going to do what we tell it to do. If we define it poorly, it's going to be defined poorly. If we don't produce it to have high quality data, what can we expect? It's not going to be high quality data. If people don't understand how the data can be used and can't be used, then they're not going to follow rules because they're not going to be aware of the rules. What we're really doing is we're governing people's behavior. So I've yet to see it called people governance anywhere. Typically people are somewhere between data governance and information governance. So I'm going to talk about data versus information in a minute. And as I said before, the things that we need to think about when we are labeling what we call this is what is the asset that we are governing? In some organizations, they think of information as being more of an umbrella term for a lot of different types of data within the organization. But we'll get into that a little bit more in a second here. We want to know how people define the assets. What is the information that people use to do their job? Do they consider it to be work products? Do they consider it to be information products or objects? We could label it with any of those things if we're governing it. And like I said, I had one organization that decided to call it information governance. And when I asked them why, they said, well, we tried it a half dozen times calling it data governance, and it didn't work. And that wasn't so we didn't want to call it data governance anymore. I suggest that's not a very good reason for calling it information governance. Expect that if you call it information governance, you're going to have people call you on that and ask you, what do you mean by information versus data? There's actually a whole community now, a publication focused on information governance. It's really data governance. It's the same type of discipline. But again, it really depends on what it is that we're governing. This slide is really important, at least I think it's really important. You might want to be able to answer the question of, well, what does governed data actually look like? And I looked to try to create a word, which is an acronym that keeps these seven different traits of what governed data looks like. If you can find one in it, please help me out with it because I can't find it. But the first aspect of it is that the data is known. People in the organization know what data exists. They know where it is. They know how to get to it. But the first idea is that they know. You've heard of catalogs and dictionaries and glossaries. But catalogs are oftentimes inventories of what data exists within the organization, what data is being used, or what information is being used by different parts of the organization. The second trait is understood. If people understand the data, if they can state the definition of the data that they're using, that's a great thing. But if people want to know what governed data looks like, well, the first thing is needs to be known. And the second thing is people need to understand it. It needs to be owned, meaning somebody in the organization should have some level of authority or responsibility. I personally don't like the word owned because it implies that they really own it rather than the organization owning it. But we need to know who is responsible and accountable for making the decisions associated with specific types of data in the organization. Another trait is that it's handled. People know how to share the data, what they can do, what they can't do. They have confidence in the data. They have trust in the data, meaning that they may understand and feel that the data is accurate. It's accessible. It's protected. I could spend probably a whole webinar talking about this. But the idea is that we need to share with management what the governed asset is going to look like and how it's different from the way the asset is being governed presently. So again, I think that's an important slide, but somebody can come up with an acronym so we can remember it. That would be very helpful to me. So the way that I differentiate, typically data and information, is that when you add metadata or you add context to the data, you add meaning to the data, it becomes information. So data, if I gave you a figure like 1500, you wouldn't know if that's a count, a dollar amount, an address, a location. You wouldn't know unless we added some context to it. So once you've taken the strict, the pure data itself, the raw data, and you've added some context to it, that becomes information. So there are some organizations that call their data governance program, information governance, because they're talking about the data and the metadata, and the resulting data that now has context to it that can be used by the organization. There are other organizations that call it information governance, and their entire focus is on unstructured data. So that would be content management would be a good example of that. And there's a lot of tools that you can use to govern your unstructured data, like documents or records or any types of images or audio or visuals that you have could be unstructured data. The example I'm going to share with you at the end of the webinar is where information governance really became an offshoot and kind of overtook records and information management. So information management can also be considered records management within an organization. So information governance could be the governance of unstructured data. It could be records and information management. As I said, the way that we define what governance is is going to depend on the context of what it is that we are looking to govern. And so in the different contexts, we can just fill in the blanks, basically, from the definition that I gave earlier of data governance, when it becomes the execution and enforcement of authority over the management of information and information-related assets, or records and records-related assets, or data and data-related assets, which is what I shared with my original definition. So again, the definition of information governance or data governance is really going to depend on those assets that we're finding important, that we want to place formal accountability and guide behavior associated with. So that could be data, it could be records, it could be information, it could be content. I'll share with you some other things that people have called it as well. So I've introduced the idea of record. And a lot of you may be familiar with record and record management and RIM managers. A lot of organizations have actually been doing records and information management longer than we've been doing data governance. There's an organization I'm going to talk about here briefly in a quick moment that does a lot of what DAMA International does for us practitioners in the data world. There's an association that focuses on records management. But when you go to some place as simple as the Bing dictionary to get a definition of what a record is, you see that they use a lot of words. If you read through that, it says, a thing constituting a piece of evidence from the past, the sum of past achievements. It seems to be data, it seems to be information, it seems to be documentation. So the truth is that if you go throughout the definition anywhere of what a record is, it's very difficult to define what a record is without using the term data or documentation or recording or information. As I'm going to show you here in a minute, that organization that I was talking about. So we know about DAMA, DAMA International. But there's also an organization called ARMA International. ARMA used to be called, and everybody seems to be moving away from what the acronyms mean these days. It formerly was called the Association of Records Managers and Administrators. Everywhere that I see an arm are referred to these days, they say that's what it used to be called. So I'm not sure why they don't just call it that anyway. But it's a not-for-profit professional organization that focuses on records and information managers. So like I said before, the people in the organization that are doing records and information management have been doing it for a long time. Think of the librarian in your library. Think of the librarian in your organization that is capturing all of the important records so that people have access to them. They're categorizing those records, they're adding metadata to those records to make them understandable. The reality is that records and information management has been around longer than data governance and information governance by name. So this group specifically, they provide educational opportunities associated with records management. But when you get into what their vision and mission are, it's all about information. So I'm not going to try to define to you the difference between records and information at this point. So I am suggesting again that the way that you define the governance program in your organization should be focused on the assets that you are going to be governing. So whether that's data or records or whatever you want to call it, you need to define that and you need to provide a definition that has teeth behind it that people will understand. So let me share with you a couple different words that are used in terms of data governance and information governance and records management. You'll see that oftentimes in a data governance program, and this has been my experience, is that they call it a data governance manager, but in information governance they call it an administrator more often, and then in records management they seem to talk about the RIM manager. Each of these different focuses or contexts have names that they call their stewards, nice names. So data stewards, information stewards, oftentimes in records management, at least the people that are guiding the management of the records are librarians. They all need metadata. We need to describe that asset that we're trying to turn into information so that people can use it. So you can see the terminology is not exactly the same from one discipline to the next. At the bottom of the screen here, I listed several of the things that oftentimes come with records management, but they also have to do with information management and data management, too, the legal issues, regulatory compliance. You know, all of these things that we need to be thinking about with data, we also need to be thinking about them in terms of the information and the records. All right, so let's spend a little bit of time talking about the specific differences between data governance and information governance. And I think you're going to find that they're similar in a lot of ways. And the way that I went about doing it was I used the framework that I've described in other webinars, basically across the top of the framework, I have what I consider to be the critical components of a successful data governance program or data governance framework. And those are data roles, processes, communications, metrics, and tools. And I'm not going to remove those items from in front of the matrix that you see on the screen, but if you think about it, if you could take each of those components and cross-reference it from the perspective of the individuals on the left-hand side or the levels of the organization, executive, strategic, tactical, operational, and support. You know, that's when we flush out the data governance framework and it becomes non-invasive is when we fill in the terms that go into each of those empty blocks to say this is the perspective that we're using when we are addressing this as part of our data governance program. So I felt that this would be an appropriate place to start. If we're going to compare data governance to information governance, let's use these components that I talk about all the time. So the first one is data. And you can see on the left side versus the right side, data governance versus information governance. You know, I'd be real curious as to whether your experience has been the same or has been something different. Now in data governance, we talk about subject areas or domains of data. We talk about critical data elements and things like that. We talk about metadata and packages and BI and analytics and what we want to do with the data. On the information governance side, at least from a lot of the organizations that I see in the way that they define it in information governance, they're focusing on content and records and emails and documents and things that are stored to your desktop on your computer. Basically they're considering data that's at rest and being stored somewhere within the organization or data that's in motion, whether it's being transmitted or being loaded onto a personal device or being printed. Those are things that need to be considered, especially when you're talking about information governance from a data perspective. So now let's look at the roles. And if you notice, the roles are identical or at least from my experience, a lot of the time the roles are identical when it comes to data governance and information governance. You could have a data governance manager. I've seen them called data governance administrators as well. But you're going to need an executive level, a steering committee that supports sponsors and understands what you're doing. You're going to need a council to make decisions at the strategic level when decisions get escalated that high. You're going to need subject matter experts and stewards. And there's already people in the organization that are governing data who want to identify what they're doing and leverage what they're doing rather than trying to replace it with whatever form of governance we're putting into place. Let's look at it from a process perspective. In data governance, there's typically certain purposes that organizations use to implement their data governance programs. They're looking to improve data quality and data standardization. They're looking to certify data and give people quicker access to data, improve the understanding, improve how easy it is to integrate data from one place to the next. They have formal process in place for issue resolution so we can improve our data quality that way. But when you look at it from an information governance perspective, a lot of the processes are focused around organization of the information. Again, access to the information, making certain that we're disposing of information that we don't need, retaining the information that we do and that we're told that we need to retain by law. There's classification of the information. There's handling and protection. So there's differences in some of the processes. They're not necessarily focusing on the same thing. So the question is, are you doing information governance and doing some of the main activities that are covered by data governance or vice versa? Again, what I'm trying to do is get you to think about the fact of what you're calling your program and whether there is room for you to expand into another context, another type of data within your organization. When it comes to communications, it's the same thing from one type of governance to the next. We're going to need to orient people to what we're doing. We're going to need to onboard them and help them to understand what it is that we're expecting of them and what they can expect in return from being engaged in data governance. Then there's ongoing communications awareness and education and training. All those things seem to be the same from data governance and information governance perspective. Same thing holds true for the metrics. We're looking at the quality of the data or the quality of the information, the understanding, the accessibility, all of these things. So there's a lot of similarities. There's a lot of parallels between how data governance and information governance is applied in organizations from a metrics perspective. We want to make certain that we've educated everybody in the organization on the standards and what that means to them and how they need to follow the standards. A lot of the things that need to be communicated and the deep dives that we do with these folks to understand what data it is that they use and that they have responsibility for is very similar when it comes to data governance and information governance. When you look at the tools, however, in data governance, a lot of organizations will talk about business glossaries and data dictionaries and catalogs like I spoke of before. Having some type of an inventory of what data is available, a metadata repository, that is, from my early years in data management, I started as a metadata repository administrator. Metadata management is extremely important to data management and data governance. In fact, in most organizations, you won't be successful with governance unless you at least have some inkling of metadata management taking place in your organization. Lineage, data governance and process tools, when you look on the right side, a lot of the tools are content management tools, record management tools, encryption, decryption, all of the things that are focused on the different type of asset that it is that you're governing within your organization. So now let's spend a little bit of time talking about how to select what we should call our program. And so what we, and you probably already decided that and you're already, the training has left the station and you have a name for what it is that you're doing, and that's fine. But for those of you that are just getting started, you might want to consider, do we want to call it data governance, information governance, records management, what's the right thing? So again, the considerations are the asset that's being governed, people's understanding of what you mean by data and what you mean by information. I talk a lot about in best practices, one of the first things that we should define for our data governance program are the goals, scope, expectations of success, the roles and responsibilities. You know, also provide the understanding of what data is versus information. Maybe you're using those terms interchangeably, as you'll see here in a minute, one of the websites that basically those comparisons between things. I looked up a comparison of data to information and they said that they're used interchangeably a lot of times. I think we all know that. So, you know, so it's the asset being governed, it's the understanding and my suggestion is take a look at the existing levels of governance that take place within your organization. And I think what you're going to find is that there are things that are governing that aren't called data governance. I'm going to share with you a pretty long list of what some of those items must be. So, if it's not for the asset being governed, the understanding of what's being governed and the existing levels of governance around that, I'm not sure it matters. I've worked with organizations that have called it information governance where it's really been closer to data governance and the same in reverse. So, I'm not sure that it matters, but if you're interested in what makes it different, we need to first look at the assets that are being governed. And I've given you a list of many of these before, the data, the master data, the records information processes, customer data. You know, I've worked with organizations recently that wanted to focus on supply chain data. So, they're being very specific about not only that they're looking at the data in the systems of the organization, but they're looking at a specific subject matter or our domain of data within the organization. So, the one that's on there which is people governance. I don't think I've seen anybody call it people governance, but I have seen big data governance and master data governance and process governance, content governance. And now I think metadata governance is an important topic that a lot of people are considering because as I mentioned before, the metadata will not govern itself. In fact, any of these assets listed here will not govern themselves. They need somebody's assistance in making certain that they're being handled properly, basically that they're being defined, produced and used properly. So, here's the name of the website that I went to that often shows you the differences between things. In fact, uniquely, it's called differencesbetween.net. And when I looked up the difference between data and information, this is what it said. It said that data is the lowest level of knowledge. That's the raw data, basically. And information is the second level. And to me, that's when we add the context. Data by itself, just a figure, is not significant. But when it becomes information by adding the context, now it becomes significant. It says observations and recordings are done to obtain data while analysis is done to obtain information. So, they're drawing a pretty clean distinction between data and information. And then I took a quote from that website as well that they said that the frequency of the use of these terms becomes an issue. They're very highly used in our life. And it says even that depending on the context, they can be different, they can be the same. A lot of organizations use these terms interchangeably. My suggestion is that we're very specific about what we are saying we are governing and let people know that when we're defining the scope goals, expectations for our data governance program or information governance program. The last thing I want to talk about how to select what you're going to call your program is look in your organization to what levels of governance already exist. And you might not find anything that's called governance. You might find data management, data administration. You might find EIM, records management, information security, risk management, regulatory and compliance. Well, the truth is all of these are focused on the data and they're all a level of governance associated with the data. So, when I give a presentation at a data diversity conference and the first question I ask is how many of your organizations are governing your data? You know, I see some of the hands go up but then I tell people I'm going to ask that question again and I want to see everybody's hand go up. The fact is there is governance taking place in the organization. So, they are already governing their data. Oftentimes they're doing it very informally, inefficiently, ineffectively and the idea is to put efficiency and effectiveness through formality of your governance program. So, let me share with you a couple other examples of existing governance within an organization. Change management, project management. You all have those things. Access management, metadata management. You know, these are forms of level or these are levels of governance within your organization. Let's not duplicate in our name of what we're calling our program something that already exists but let's take into consideration that some of these things do exist and we want to make certain that we're, they're a partner of ours rather than somebody that's doing something that conflicts with what we're doing or having multiple parts of the organization working on the same thing which always drives organizations crazy. So, when you think about it, there's existing levels of governance taking place in your organization. We may need to look for them. You might want to call them out and say we've got this level of governance taking place. We need to put the same level of governance in place around data as we're doing it around these other things that are so important to our organization. So, why would you call your program matters or really does it? You're going to describe what you're governing. You want to make sure you're not stepping on other activities within the organization. You want to make certain that whatever you call your program answers more questions than it raises to people. So, if you're going to call it something very unique and special to your industry, that's fine. But realize that it's not going to be as well understood as some of these common names like data governance, information governance, and records management. So, think about what already exists and make sure that you're answering the question of people, what do we mean by data governance? What does it mean to govern something and what does the governed result look like? Those are all things that I shared earlier in the presentation. So, be clear on the asset you're managing. Communicate the differences between data and information if you're going to make a selection of one or the other. And when people ask you the question is, well, what's the difference? You have an answer ready for them. And the most important thing is to be consistent in your use of terminology. If some people call it data governance, some people call it information governance, there's going to be confusion. So, just make certain that people are kind of on the same page. They're being consistent in the use of terminology as they're defining these things. So, I've got a few minutes left here. I know I kind of went through the things very quickly, but I hope that the information was valuable. I wanted to spend the last few minutes talking about an actual information governance case study. And so, let me just start out by describing the organization. It's a financial institution that actually an audit report told them that they had to protect classified information. So, they decided they'd call that information governance and that the focus of the information governance program was on the protection of classified information. Well, now the question is, do we really need to protect all data that's classified because some data could be classified as being public data or not being sensitive data and being shared? We still kept that as basically being the mantra or the outcome or the purpose of the information governance program was to protect classified information and that meant that if it was classified as private or confidential, it needed to be handled a certain way. When this organization put together the information governance program, it was actually a combination of three different disciplines that were already taking place in the organization. Records management, in fact, the RIM manager is probably on this webinar right now. She is the one that was guiding the information governance initiative. IT security to make certain that the rules were documented and shared. Risk management. These were three areas that were basically partners in the development of the information governance program at this organization. And what we did was we did a best practice assessment to begin with. We developed a roadmap, policies and standards. We did a gap analysis of how data is being handled now in the organization and what it means to follow the standard. So the interesting thing there was that people can't be expected to follow the standard if a standard never existed. So we needed to simultaneously roll out a standard but also understand what the organization was doing that followed the standard and where there were gaps in what they did. So we did the gap analysis and what we found was there were basically two ways that we were going to help people within the organization. We were going to use technology, we were going to use encryption, we were going to use whatever types of technology in their content management system that they had. And we need to change behavior. So one of those two things needs to happen, or maybe both of them, they change their behavior to make use of technology that's now available to them. Ultimately, by doing all these things, we needed to also create awareness and education and training. So basically, people need to know how their data was classified, how it could be handled, and let me share with you a few of the artifacts that were developed. And I know I'm going to get through them quickly. Please let me know if you have questions about them. The first thing here is we're trying to intertwine people in process and technology with data governance, records and information management. That's the RIM that I talked about and IT governance. We started with a diagram like this that showed how these things were interwoven together and we focused on the people and the process and the technology to make certain that everything was being addressed as we rolled out information governance. We created a library of information that we were providing to the organization, and so this is just a simple snapshot of the different types of documentation that were made available. There was a policy associated with protecting classified information. There was a program document that contained all the different items that make up the program, standards for the protection of data, standard operating procedures for people to follow, and then the program also provided handling rules and reference guides for people to use. Basically, these are people that are just learning now of the standard and to be frank with you, some of the people were concerned that they could get in trouble for what they're doing because it doesn't follow the standard. Well, the fact was everybody recognized that the standard was new and that it was being rolled out. And so these documents became critical to the success of the program, also to sharing with the auditors the types of level of detail that we were going in to, we were putting together in order to make the program work. This is an important slide too. It was basically things that were shared with people that were going to be handling data in the organization, which was basically everybody in the organization. So, you know, when I say everybody is a data steward, it's a fact that if you handle data, you're a steward because you're going to have some level of formal accountability for how you handle that data. And that data could be through the way it's being stored, how you're keeping information on your desk. You may have heard of clean desk policies and things like that. There's retention. How long the documents need to be retained or data needs to be retained. When we get rid of these things, how do we get rid of them in a secured way? There's the storage locations and electronic devices, data and transit when people are transmitting it. So what we wanted to do is make it as easy as possible for these folks to govern their information to handle the information per the standards that were being shared with them. And we spent a lot of time and we will be spending a lot of time educating these people on what those standards are and what we've seen as being the difference between what they're doing and what the standard says they could be doing. I also wanted to share with you a quick process here that shows what we did. In fact, so we took the IG standards, the standards for the protection of classified information. We compared it to what was going on within the business units and we asked ourselves the question, do they follow the standards? And if they follow the standards, you follow the why arrow, no change was required. But if they don't follow the standards, then we need to look and see, well, what's the best way to help them to follow the standards? Is it going to be a performance or behavior change? Are we going to apply some level of technology? And if you do those things and then you follow the yes to the right, does the business unit approve of those changes? If they don't approve of the changes, and there's some organizations that have said, you know, if you add any steps to what we do, we're going to rebel. Well, you know what? In order to follow the law, in order to follow the standard, sometimes those behavior changes are required. So the option basically becomes if they don't accept the performance change or the technology that they need to change the standards. And that's where the bottom block of this cell here becomes really important because it becomes a conscious decision at the appropriate level of the organization, whether they're changing the standard for protecting classified information or accepting the risk of not following the standard. One last picture here just showed an example of what the activities are that we did with each of the pilot groups within this information governance program. And when the IG program team was involved, when the administrator was involved, which was all the time, and then the business unit working teams when they were involved as well. So I hope these give you an idea as to what information governance meant to one organization. And if you have other information, please share that. Go to the Data Diversity community and share information about what are you calling your program? So we talked about what it means to govern something. We talked about the definition of the governance depending on the context. We spent a little bit of time focusing on the differences between data and information. And we talked a little bit about what it makes sense to call your program. And if it really matters in the long run, whether you call it data governance or information governance. And the last thing that I did was share with you some examples from the case study. I hope this information was helpful to you. And with that, I'm going to turn it back over to Shannon. Thank you so much. A lot of great questions coming in already. If you have a question, feel free to submit it in the bottom right hand corner of your screen in the Q&A section. And to answer the most commonly asked questions, just a reminder, I will send a follow up email by end of day Monday with links to the slides, the recording and additional things that Bob has presented throughout. So diving in here on slide 10, you have a list of items that we are likely to govern, but there is no mention of document. My question there is, are you using a record to represent document as well? That's a great question. And yeah, document management is also a discipline that's been around for a long time. So I would just either include a document in a record or a document would be its own separate asset that needs to be governed. So a document could be, again, something that's in, it's a word processing document or a spreadsheet or a slide deck or something like that. Yeah, I think document is an appropriate name to asset to add to that list. And when data classification and data retention come under information governance? Well, that's the way that it happened within the organization that I mentioned in the case study. Somebody has to be thinking about retention and disposal. So if it's not somebody who is looking out for executing and enforcing authority over the asset, the data governance group, it needs to be somebody. So I do include that as part of the responsibility of data governance to make certain that the document assets that any of the different types of assets that are meaningful to the organization are being governed. And what are the critical pillars for data governance? What would they and what would they be for information governance? Well, you know what, I think they'd be the same. So I'm not going to go back to the slide, but when you get a copy of the slide deck, please take a look at it. The core components that I defined across the top, the first one, in fact, the change in the framework that I use from the previous one to the most recent release is that the first column now focuses on data. And that's where we define its data, its records and its information. All of the other components I think would be core to information governance as well. And that would be the roles, the processes, the communications, the tools and the metrics. Those would be the pillars of, I would think of any type of governance program you're putting together. And then the comment here says, hi, Bob, I'm in an enterprise data governance program and we currently have separate teams that focus on records management, information security, regulatory, et cetera. Any comments on additional comments on that, Bob? Well, when I mentioned all the different types of governance in your organization, certainly there could be some of this stuff that's already taking place. And so what you want to make certain is that it's a cooperative effort between you and those people that are doing records management. If that's been a practice, and it has been a practice within a lot of organizations for a long period of time, you want to make certain that you're not trying to go after the same things. You know, there may be things that you can learn from your records management. I can assure you that if your records management person or records and information management manager is really knowledgeable in that craft, that there's things that data governance can learn from records management. Just my suggestion is don't duplicate what they're doing, partner with them, and make sure that you're both valuing from each other's work. And, Bob, you brilliantly showed that these areas crossover when we require the same people role to do the work we need to be done, for example, the owner and the steward, et cetera. Anything you want to expand on that? Yeah, and you might hear thunder in the background here. We're getting ready to get hit with the super storm. So if we lose... Oh, fun times. You'll know what I mean. So repeat the question again. I'm sorry. I was distracted by the lightning outside my window. I'm sorry. Well, it's really more of a comment just saying that you really showed very well that these areas crossover when we require the same people role to do the work that we need done, for example, the owner of the steward, et cetera. And you know what the problem is that they're often separate activities. So they could be similar activities. The roles could be very similar. The goals for the data could be very similar too. So, yeah, there is that first picture, the one of the interweaving of people in process and technology into the different disciplines. Well, it's true because you can use... Well, first of all, you're governing people's behavior associated with whatever the asset is that you're governing. You're going to use technology to assist with that. And there's going to be formal process that's going to need to be part of your initiative as well. So, yeah, they need to be connected. We need to know... Well, first of all, of course, we want to know if another data governance initiative is taking place, if we're doing data governance. But we might ask questions that would lead us to hearing about records management and information management and those types of things. All those things on the list that I provided, even metadata, you know, this stuff needs to be governed because it's not going to do it to itself. As I said before, we need to make certain that we have responsibilities. If they're similar from one asset to the next, well, that's darn good. In fact, like I said, you can learn from each other and organizations like that. If you can leverage something that already exists within your organization, that's the whole idea of being noninvasive is to leverage what exists. And address opportunities to improve. So it makes a lot of sense. So along that same thought, Bob, any suggestions on how to address these people that are in demand or how we can approach our targeted roles and people so we don't step on the toes of the other teams who also need these people's attention? Well, the interesting thing about not being noninvasive, instead of assigning people into roles or identifying them into roles as the thunder roles in the background, they're really being recognized for what they do presently. So somebody certainly could be a data steward if they use data that is classified a certain way. They can also be an information steward. So it's not like they need to be one versus the other. It's really the asset that they're managing. So, you know, I know that there's people who are in hot demand in a lot of organizations and that resources are a difficult thing. The fact is that the approach that the noninvasive approach takes is that, hey, you're already doing this. These people are already defining, producing and using data. We're going to help them to do it better instead of redefining what it is they're doing. And do you have any tips for gaining program buy-in when these functions existing already throughout the organization, compliance, risk, IT security, et cetera? Well, my suggestion is to suggest to people that we're already governing our data. If your organization's been around for years, if you have a data warehouse, if you're doing master data, if you developed your own systems or even if you acquire packages, there are people that have responsibility for the data in these things. So that's my first suggestion when we talk to management is say, you know what, we're doing some of these very informally to put governance in place. We just need to formalize these things. And yes, somebody needs to be responsible for it. But that's the pitch that I would take in is that instead of them thinking that it's this huge, complex thing that we're not doing, let them know that you are doing it and that there's some inefficiencies in what you're doing. And oftentimes that leads to a lot of questions that can, you know, lead to confidence, their confidence in what you're doing. So Bob, should the data policies be at the domain level or at the enterprise level? That's an interesting question. For my experience, they've most often been at the enterprise level. I have seen parts of the organization that have had policies around vendor data or around customer data. But for the most part, I guess to quickly answer that question, I've seen them more be at the enterprise level than at the domain level. But that doesn't mean that domain level policies don't exist. And why would you do one and not the other data governance and information governance? Both should be done, correct? I think so, certainly. A lot of the people on the call would be thinking that they both need to be done. The truth is that organizations oftentimes start in data governance and then they may expand into information governance. When you're starting in data governance, you may want to investigate if there is records in information management taking place in your organization. Because as I said before, that can be a big asset to your success moving forward. So, yeah, they all need to be done, but we recognize that organizations typically don't have two programs. They have one program. Information governance tends to cover both data and information and data, you know, again, it depends on how you define the context of what you're governing. I'm sorry. I love it. And we have a few minutes left here to answer some questions. If you have questions, feel free to submit them in the bottom right hand corner of your screen in the Q&A section. In any questions, we don't have time to get to just a reminder. I will get the answers to those and Bob will write them up in the follow-up email that'll go out by end of day Monday. So, Bob, how does information management fit with information governance? That's another good question, because where does data management fit with data governance? I hate to answer. I hate it when people answer questions with questions. But, you know what, they're the same way the data governance and data management are related. Well, first of all, think of it in terms of, and we'll just think of it in something that a lot of people know of, the data management body of knowledge or book of knowledge, the demo wheel. The demo wheel is for data management. There's a lot of different knowledge areas and disciplines associated with data management, but smack dab in the middle of that wheel is data governance. And the way I kind of try to read that model, that wheel, is that wherever something borders on something else, there's a relationship there that needs to be addressed. And governance happens to border up with every aspect of the data management discipline. So, when we apply that to information, I would think that information governance would be a component of information management if somebody pressed me for an answer to that. All right, and there was a question that came in early in the chat section. What is your definition of metadata and master data? Master data, I'm not sure I have as easy a definition for master data, but that's typically a subject matter of data. So you would have customer master data, product master data, vendor supplier, whatever it is, students master data. And metadata is the information about the data. So, you know, the most commonly used definition of metadata is the data about data. My definition of metadata is that it's data stored in it tools that improves both the business and technical understanding of data and data related assets. I know that's a mouthful, but it's really metadata is the supporting documentation for the data. And it's an asset. It is actually a form of data and somebody needs to govern it. So this other question that came in early, I just love it. You know, is BI the point where at which data transforms to information? Well, be I can if it has metadata there to support it, meaning that if the context is added to turn that data into information, then yeah, it could be the place where it's turned into information. But I've seen a lot of data warehouses and data lakes, and you may have heard me affectionately refer to them as data swamps. The reason that they become data swamps is that that understanding of the data is not there. So, yes, it can be the place where data turns into information, but only if the metadata is there and is applied to that data. And is it important to have data or information governance in somebody's title? Did you hear that? You know what? It's not. It's not required to have it in somebody's title. It's nice to if it can start conversations around governance. But, you know, I've seen it included in some people's titles and in others, I've seen them called data asset managers, information asset managers, rather than being called data governance managers. Well, mother nature is just showing off for us today. I can't even see across the street from my house. So, these questions are great. They are great questions. Where does the business taxonomy fit in the data information landscape and where does data privacy specifically GDPR and CCPA regulations integrate with governance? Well, you know what? They are forms of governance in their own right. So, they all fit into governance. You know, it depends on how you define governance and how it's going to work for your organization. I think that's your shortest answer ever. I'm getting washed away here. All right. Well, I will just ask one more question just here really quickly. How do you see data and information governance expanding to AI machine learning and robotics? Well, they're all focused on data. And if they're going to be focused on the quality of the valve and the value in the understanding of the data and data governance is going to be included in all of those things. AI is very data centric. So, and data analytics and BI and any of the disciplines big data, they're all data centric master data. And they need somebody who has responsibility for them. So, that's where I suggest, you know, be noninvasive in your approach, but look for people that already have accountability and leverage those first. All right, Bob. Well, thank you so much for another fantastic presentation that is all the time we have for thanks for two mother nature for joining in on the conversation. They're much appreciated. And thanks to all of our attendees for being so engaged and all the great questions. Like I say, if you have more questions, feel free to submit them in. I will get those over to Bob and we'll get, include those answers in the follow up email, which will go to all registrants by end of day Monday with links to the slides and links to the recording as well. Thanks everybody so much Bob. Thanks again. Thank you very much and everybody have a great day.