 Hello, everyone, and welcome. My name is Eric Franson, and I'm stepping in for Shannon Kemp while she is on vacation this week. We would like to thank you for joining the current installment of the monthly DataVersity Webinar series, Real World Data Governance with Bob Sinner. Today, Bob will discuss writing data governance policies and procedures. Just a couple of points to get us started. Due to the very large number of people that attend these sessions, you will be muted during the webinar. If you would like to chat with us or with each other, we certainly encourage you to do so. Just click the chat icon in the upper right-hand corner of your screen to activate that feature. For questions, we will be collecting them via the Q&A module that you will find in the bottom right-hand corner of your screen. We will collect those throughout the presentation and get to as many as we can following the end of Bob's talk or if you'd like to tweet, we encourage you to share highlights or questions via Twitter using hashtag RWDG. As always, we will send a follow-up email to all registrants of today's webinar within two business days containing links to these slides, the recording of this session, yes, we are recording, and additional information requested throughout the webinar. Now, please allow me to introduce you to our speaker for today, Bob Siner. Bob is the President and Principal of KIK Consulting and Educational Services, and the publisher of the Data Administration Newsletter, which you can find at tdan.com. Bob has been a recipient of the DAMA Professional Award for significant and demonstrable contributions to the data management industry. Bob specializes in non-invasive data governance, data stewardship, and metadata management solutions. And with that, I will give the floor over to Bob to get today's webinar started. Hello, and welcome, Bob Siner. Good afternoon, good morning. I guess it depends on where you are. Hi, Eric, it's good to have you here. Great to have you filling in for Shannon. Looking forward to this webinar, the real world data governance series has been going on for many years, and I'm looking forward to keeping it going. We've got lots of great subjects to talk about. As you mentioned, we're going to be talking about writing data governance policies and procedures. Oftentimes in the webinar series, I talk about subjects that I am really, really passionate about, that I really think are going to be absolutely necessary in order to be successful with a data governance program. Writing data governance policies isn't necessarily one of those subjects that I feel that it's absolutely necessary to have a data governance policy. So I'm going to raise a bunch of questions throughout this webinar about, you know, we'll talk about what goes into a data governance policy, but why it's necessary, why it might be right, specifically for your organization. So I'm really glad to have a lot of people on the line today and hopefully provide a lot of good information for you folks about whether or not you need a data governance policy, what goes into a data governance policy, what the data governance procedures look like, and what goes into making procedures successful through the governing of those procedures. So that's a couple of quick reminders before we get started. I want to let you know about the upcoming webinar, the third Thursday of each month, as Eric mentioned. On March 17th, I'll be doing a webinar called the Data Model as a Data Governance Artifact. The data modeling webinars that I do as part of this real-world data governance series seem to be extremely popular. And a lot of people are talking about data modeling as being a past science, and there's a lot of people that are talking about it being reinvigorated in a lot of organizations. And the data model is becoming a very important part of data management in a lot of organizations. We're going to talk about the data model, specifically as an artifact that will benefit and add value to your data governance program. So I'm looking forward to having that webinar next month. And real quickly, just a couple of quick reminders. I want to remind you about the book that I wrote and was published back in September of 2014 called Non-Invasive Data Governance, The Path of Least Resistance to Greater Success. I'll suggest you to the kikconsulting.com website where you can find out a lot of information about non-invasive data governance. Also wanted to share with you a couple other data adversity events that I will be involved in. Upcoming in April will be the Enterprise Data World Conference, which is always a fantastic conference. I'll be doing an advanced data governance tutorial during that event. Also the Data Governance and Information Quality Conference, which is a data adversity event along with DevTech International. I will be doing two sessions there. One is assess your existing data governance program, and that will be a tutorial. And then I will also talk about data governance privacy and the Internet of Things in a shorter session. So hope you'll be able to make it to San Diego either in April or in late June or early July. And hopefully we will see you there. A couple other quick reminders. As Eric mentioned, the Data Administration newsletter. I do that in a partnership with the University. They are the producers of the publication. It's a monthly publication. If you're not familiar with it, please go out and take a look at it. A lot of great content from a lot of great authors, articles, columns, features, blogs, a lot of those types of things that will keep you up to date on the data management activities going on presently. And final reminder is that just a couple days left to be able to take advantage of the early burden registration for the non-invasive data governance class that I will be holding in Pittsburgh, Pennsylvania, Sheridan and Hort as historic station square. It's a two-day public class. Please contact me if you're interested in more information about non-invasive data governance and how to register for that class. So how I typically kick off these webinars is I talk about the abstract real briefly and then I jump into the content for the webinar. The abstract for this session specifically talked about data governance policy, really being a guide to making decisions and delivering rational outcomes pertaining to data in your organization. The key word here is outcomes. You're finding that in a lot of different industries that people are looking for outcomes and results from putting programs into place. So a data governance policy is really that guide to making those decisions and delivering those rational outcomes. Really, data governance delivers a formal way for us to get to those types of outcomes. When we think about writing policy and writing about associated procedures or procedures that are associated to that policy, typically those can be a backbone and can be paramount to the success of our programs. So that's what we're going to talk about today. If a data governance policy is right for your organization, if it is right, what are the things that go into writing a good data governance policy? What are some of the procedures that we need to focus on when we're starting with data governance? As usual, I'm going to share with you a bunch of the templates and tools that I use with the clients that I work with to help them to move their data governance programs forward. So I hope that you'll find value out of the things that I share with you today. Basically, we're going to talk about the components of data governance policy. We're going to focus on something that's really important called data governance principles. There are four primary principles that I'm going to discuss with you in the management to say that these principles are important to our organization, and we can get them to stand behind it, whether it's through policy or some other means, that it's going to really be a demonstration of support for governance in your organization. I'm going to share with you verbiage and diagrams that you can use to include within your data governance policies. We'll talk about why a policy may be necessary for your organization, and then we'll go into some details about the processes and procedures that support the data governance policy that you do put in place. So first things first, before we get started, I'd like to try something a little bit different here. By show of hands for all you people out there that are listening to the webinar, by show of hands, how many of your organizations have a data governance policy? A policy that is specifically focused on data governance. If you do, and I'm seeing that, it's interesting because I really didn't expect a whole lot of people to raise their hands in our, but there are a lot of people that are saying that. So if you're one of those that is raising your hand, please share with me, and I will be glad to share with everybody what you have a data governance policy for, the reason why you have the data governance policy. I'd be very interested in the things that I'm going to share with you today are similar to the things that you include within your data governance policy. So that's very interesting. I see so many people raised their hands. Data governance policies are very popular in organizations. So we'll talk a little bit more about that as we get through the session here as well. So basically what is the purpose of having a policy in the first place? So typically policies are written and then they're approved and they're intended to influence and determine decisions, actions, and other matters associated with, well whatever it is that your policy is there to put in place. So we know that we need to have it written well, we need to have it approved, and it's got to have some intentions and those intentions can be to influence and determine decisions and actions that are associated with our data governance program. So what's the purpose of specifically having a data governance policy? We use the definition that I just shared on the previous page. It's basically, it's written and it's approved and intended to influence and determine decisions, actions, and others matters that are associated with putting your data governance program in place. I've asked several of the organizations that I've worked with, do they need a policy? What would they use a policy for if they would have such a thing as a data governance policy or if they don't already have a data governance policy? And here are some of the things that they share with me. Now one of the first things is that it really spells out what data governance is for the organization. We need to have that definition. Is it necessary to have a policy in place in order to have to spell out what data governance is? Oh, it really depends on your organization, but if we're going to make it formal, it may be good to kind of spell out what your governance program is going to be and why it's important and why it's necessary in something like a data governance policy. You know, it may be in some organizations the policy basically spells out that they even have a data governance policy or that they even have a data governance program. I'm sorry. The fact is that people don't know about so one of the best ways to be able to communicate with people in the organization is to have a policy that states that we have a data governance program. In some organizations, they think that data governance, the policy should spell out how it works or who has responsibility or who supports the program. You know, those are all really good things and the question becomes, are those typically included within a policy in your organization? If they are, then let's write a policy that answers all of these questions or spells out all of these things that are listed on this page. Now we may spell out what governance will be applied, how governance is going to be enforced across the organization. There's a lot of purposes to having a data governance policy or there's a lot of purposes to spelling out the things that I've listed on this slide here. The question really becomes is, is it necessary to have a data governance policy in your organization that spells out these things or are there other mechanisms that you have to be able to share and discuss this type of information with people in your organization? So we'll look at this question two different ways real quickly before we kind of go into what makes up a data governance policy. So the first question is, does your company or do you require a data governance policy? And if you answer that question, yes. The chances are that your organization is fairly policy driven. That the precedent is that we will have a policy for our organization that spells out what data governance is and all those things that I shared for you on the prior slide. One of the things that data governance policy does is it demonstrates that you have the senior leadership support for data governance. If you've attended previous webinars of mine, you'll know that one of the very first best practices that I talk about is that senior leadership will support and sponsor and understand what you're doing with data governance. Well, if they sign a policy, typically your senior leadership is not going to sign a policy unless they have some thought about demonstrating to the organization that they support what goes into that policy. So we need to raise the level of support, sponsorship, and understanding of our senior leadership to have a policy that they stand behind and sign is often a very good thing for the organization. Oftentimes you require a policy because it outlines who's responsible and how we're going to enforce the things that we're putting forward in the policy. So in some organizations, the answer to that question of do you require a data governance policy is going to be yes. But in some organizations, that answer's going to be no. Our organization is not policy driven. Or our senior leadership demonstrates their support to us in other ways. They don't like the fact that everything needs to be drawn by a policy so they say that guidelines work better. Well, if you look up a definition of what a policy is, they use the word guideline to define what a policy is. But some organizations will say that guidelines work better. So we're going to enforce these rules through the guidelines and we'll say no, we don't require data governance policy because we already have policies in place. We have policies in place for information security, for privacy, for regulations and compliance, protection, sharing quality. You may already have a tremendous number of policies that are associated on governing your data. And they may not be called data governance policy, but they are policies that are of governing your data. And I think most people will agree that data governance has a lot to do with information security and privacy and regulations and quality and all those things that are listed here. So the organizations that say no, we don't require a data governance policy, they're probably asking the question of what will data governance policy add on top of these policies that we most likely already have in our organization. And it's something in the data governance policy to be addressed by those previous policies. So there are questions as to whether or not a policy is going to be necessary within your organization. If you say yes, a policy is absolutely necessary, there are certain key things that need to be included within that policy. Oftentimes there will be an introduction statement, a policy statement. What I'm going to focus on here in a couple of minutes is the data governance principles. The things that we, if we can get the leadership to stand behind the principles that I'm going to define, that that really becomes the main piece of what goes into your data governance policy. Obviously we need to be able to say who has responsibility, who's there to support it, how are we going to enforce it, but we need to have some principles that will become the guidelines for us to put our data governance program in place. So I'm going to share with you four key principles. And then we're going to talk about data governance dimensions here and what are the different things that we can put in place to measure the effectiveness of data governance to measure the effectiveness of the policy that we're putting in place. So without further ado, we're going to kind of jump into these different components of a data governance policy. So one of the things that we know that we want to outline any data governance policy is a purpose. What is the purpose? You can use from the previous slide that had the little redheaded guy working at his desk writing down the different things that data governance policy was going to spell out. You can use those items as part of your purpose. So I stayed here. The data governance policy is designed to manage the creation, transformation and usage of data and related information owned by or in care of the company. Okay, that's a pretty generic statement for the purpose of a data governance policy. So a couple other example purposes could be that this policy directs the development of common data definition standards requirements and processes in the organization. That's a pretty major task if we're really going to direct the development of these common things across the organization. That's a big issue for a lot of organizations that have data defined numerous different ways in different definitions across the organization. Another example purpose could be that this policy directs the enforcement of lines of authority and decision making when it comes to the data. I highlighted the last bullet on the screen on purpose because it is something that is very near and dear to me with a present client that I have. It assures that the principles that we define as part of the policy that they're fully implemented within the organization. And again, having the signature or having the backing where the support of senior leadership tells us that this is important enough now the next question is going to be how are we going to govern the data effectively within the organization. Well, if you ask me, the first thing I'm going to tell you is be non-invasive in how you implement your program because it seems to interrupt the culture or interrupt the processes of the organization less if you are less invasive or less threatening to the culture of the organization. So we know that we have to have an introduction, we need to have a scope statement within the policy. So for example, here's another generic one, this policy applies to all employees, contractors, temporary employees, consultants, agents of the company, whoever the company or the organization is. For example, scopes, you know, the policy applies to all data that's managed. The second bullet here should probably be highlighted and read because again, a recent client of mine is putting a policy in place and a statement from their CEO that states that all PII data and PHI data that is handled by people within the organization must be protected. And so that's basically the focus of their data governance program to protect PII and PHI data. Again, personally identifiable information or personal health information. Another example of a scope could be this policy applies to all internally managed data, excluding certain data that is not in scope for whatever you're doing whether it's a pilot or a proof of concept within your organization. Your scope may evolve over time but we know we need to define the scope of the data that is going to be embraced by data governance as we put data governance into place. Violations, what happens if somebody does not follow the rules or the guidelines that are set up for the data? The last bullet on this slide here is really important that violations of the policy are considered breaches of trust and that they can result in disciplinary action. You know, that's not something that happens in the organization these days but if somebody breaks the rules and shares data when they shouldn't share data or they do something that basically goes against things that are defined as policy for the organization, there has to be some level of repercussion. And so defining or spelling out what the violations are for going against policy may be something that you put within the policy itself as well. And here's an example. So it is a policy of our company to require that all data defined, produced, and used by or in care of the company be governed as a corporate asset through defined governance standards and procedures. Again, pretty generic but that is a purpose statement. That is a data governance policy statement that can be used if you tweak it a little bit to things that are very specific to your organization. And then kind of coming back to those principles that I mentioned earlier, data governance policy will be implemented to formalize how people of the company behave and that's really what we're doing is we're governing people's behavior that is consistent with the defined data governance principles that are represented on what people have said to me they call the graphic. So what does the graphic look like? And again, if you're familiar with the real-world data governance webinar series you've probably seen this diagram several times. Basically this outlines what went into a client's data governance policy several years ago. They said we need to have a policy statement and that is and let's see if I can get the handy pointer here. That is what you see on your left hand side of your screen is we need a governance policy statement. We need something that says what the purpose of the program is, what the violations are, all of the things that I laid out before you. We also need a way to be able to measure the success of the program. And how are we going to do that? What we are going to do is we are going to start by defining several principles. We don't want too many principles. We don't want too few principles. We want a just right number of principles and we can outline what those principles are through our data governance policy. That is even better. What we are going to do is in the next couple of minutes is we are going to focus on those principles that are right down the middle of this diagram. If you notice something that is neat about this diagram that each of those core principles has kind of a talking point or a statement associated to it that makes it real for people within the community. The data must be recognized as a valued asset that we must have clearly defined accountability. We must follow the rules. Those things sound very strict and very determined. But if we tell the organization that we want to move from my data, from people having their own versions of the data, to kind of an organizational version of the data, or the data governance is everyone's responsibility, or that we always choose, that makes the policy statements, the principle statements, down the middle of this diagram even more digestible for people across the organization. So in the next couple of minutes talking about each of these four principles and how they will be very important to putting a data governance policy into place. So we are going to talk about these principles, how data governance, and this really goes back to how data governance is and so I rarely do this. Do I put in the middle of the slide that this is a very important slide. And the things that I talk about in the next several slides are important as well. But again, if we can get our senior leadership to support and sign off on the fact that each of these principles are the way that we want to act as an organization when it comes to governing data, we have now have a way of being able to understand how we are going to do this across the organization. I'm not going to be able to address all of those things in the 45 minutes to 50 minutes that I have on the webinar today. But we want to understand at least what those core principles are that we can get our senior leadership to back them, then we really are making great strides towards getting them to understand that data is important and that data governance is important in our work. And I would be curious how these compare to the principles that you say that you put into your data governance policy or whether you even have principles that you use as part of your data governance policy. And the first one is one that we hear all the time. It is the data governance or the data is recognized as a valued and strategic enterprise asset. People have been talking about data as an asset for many years. And the fact is that data can have a positive value for the organization or it can have a negative value for the organization. I have even seen organizations that have attempted to put data on their balance sheets. I think we all know about some of the positive values that data can have on the organization and we can make better decisions. We are protecting the data. People know what the system of record is for the data and access and how we share that information. Those are all positive things that can come from governing data or managing data as an asset. What are some of the things we want to think about when it comes to negative value? If we don't get the data right to the people who are making these key decisions for our organization, that data has a negative value. Or if we don't explain to each and every person in the organization that handles PII data, the rules associated with protecting that PII data, then that data can have a negative value to the organization. If somebody shares it in the wrong way and that information becomes public, it can be very damaging to your organization. We are talking about recognizing data as a value in strategic enterprise asset. That means that the definition of that asset, the definition of the data, must be governed. We must have the appropriate people involved at the definition of the data of the organization. The production of the data, the production of that asset must be governed. The people that are on the front lines and entering data in need to know that we want to be very certain that the data is accurate as it's being entered in, whether it's through a system, something that prevents them from adding wrong values or that they rearrange values or they leave out values that the production of that data must also be governed. The fact is that the usage of the data, we all understand that the usage of the data must be governed. There's rules associated with how people can and cannot use data across the organization. So the first principle is core, it's kind of the core to everything that we're talking about here. Data is recognized as a value in strategic enterprise asset. If we can get our senior leadership to agree to that and agree to the following principles then we're making a great step towards putting a governance program in place and, again, as I mentioned before, it opens the door for us to be able to tell them how are we going to govern the definition of data? How are we going to govern the production and the usage of data? And obviously the answer to that is we're going to take a noninvasive data governance approach. We're going to take a data governance approach. So the second principle I want to share with you is that accountability for data is clearly defined, recorded and enforced. Okay, so we know that data is an asset. Now we're going to identify who in the organization defines data, produces data and uses data. And in the past I've done webinars on everybody is a data steward get over it. The idea of being noninvasive in the approach to data governance is that if a person has a relationship to the data, then they need to be held formally accountable for that relationship to the data. And almost everybody in the organization has a relationship to data in one shape or form. They're either defining data as part of their job or producing or using data as part of their job, so we need to find a way to help them to understand how they can be responsible about the data. Again, the whole idea of accountability is really based on a person's relationship to data. And one of the tools I'm going to share with you in a little bit something I call a common data matrix that I've used before helps to outline those relationships between people and data across your organization. So I said everybody is a data steward get over it. The fact is that in a lot of organizations that are following a noninvasive approach can clearly define, record and enforce accountability for the data. And then we need to educate them on what that means and how they can go about following that level of accountability for that relationship to the data. The third principle is that data must be managed to follow internal and external rules and regulations. And the interesting thing about this principle is that it's a no brainer for organizations. You cannot opt out to external rules and regulations. Say to the government, we understand the rule, but we're not going to follow it. Or we understand that we've got PII data and we're not going to protect it. That's not an option for organizations. So really principle number three is a no brainer for organizations. Data must be managed to follow internal and external rules and regulations. There are internal business rules for how you handle data across the organization and then there's the law. And the fact is that if we don't make the law digestible to people in the organization, so they understand what the rules are and what they can and cannot do with the data, then how can we expect them to follow the law? So rules and regulations must be clearly documented so somebody in the organization has the responsibility for documenting it, taking those rules and making it accessible for people. Making them understand and see themselves in the rules so they understand if they can or cannot do a specific activity with the data that they use in the organization. They use, make them a steward so they need to make sure they follow the rules associated with that data. We need to communicate the rules to people. We need to have a way to be able to enforce the rules. We're not going to have people standing up and saying that the data that was printed out is then turned over to a person. We can't enforce it that way but we can enforce it through raising the awareness level for people throughout the organization. And the last principle is the data quality is defined and managed consistently across the data lifecycle. So we need to make data governance part of project management no matter what approach we're following to implement projects across the organization. If we're following a traditional waterfall methodology then what we need to do is we need to apply governance to the steps that we take in the waterfall methodology. The same thing holds true for an agile project. We need to make certain, and this is where a lot of organizations are struggling right now, is to blend data governance with their agile methodology. So we need to make sure that we make data governance part of project management no matter what approach we're following. If we put governance in place as kind of a reactive issue resolution process then we need to apply governance to that as well. So what we really need to do is we need to focus on data quality and manage it consistently across the lifecycle whether it's in the definition phase, in the production phase or the usage phase of data in the organization. So those are the four principles that we talked about that we need to manage it as an asset, have clearly defined accountability, follow the rules and be consistent in the way that we do it across the organization. If you remember the graphic that I shared with you a little bit earlier, it also had on the far right side different dimensions that we can use to follow or to measure whether or not we're following the principles. I don't know if I'm on these dimensions but you might want to outline them in your policy so they are the accessibility to the data, how accurate the data is which requires that we have standards to compare the data to, completeness of the data, consistency in the data, those are just several of the dimensions that you can use to measure governance, the relevance of the data, the timeliness and the uniqueness of the data. We know how to measure the things that we put in place around our data governance and around our data governance policy. We have core principles that we need our leadership to sign off on and we need to be able to demonstrate to them that we have a way of being able to measure the success of our program. A couple other things that I've shared in webinars before are messages that I suggest that we share with our management governing data. The fact is that we're doing it informally. Maybe having a data governance policy will help to formalize the fact that you're governing data. The fact is that in all those different policies and things that I mentioned earlier there are levels of governance taking place at your organization but overall governance is being done typically in a lot of organizations very informally. I always talk about data governance from informal to formal responsibility around data. The second message is we can formalize how we govern data by putting structure around what we're doing. Again, the policy may be the item that will help you to put the structure around how you're going to govern data in your organization. Another message for management is that policy may be necessary to improve whatever it is that is the focus of your data governance is ensuring and protecting data or whether it's improving the quality and the understanding and the usefulness around data across the organization or even if it's just to improve coordination, cooperation and communication around data in the organization. We might need in our organization to have a policy that states that these are the things that are necessary for us to move forward. A couple other things that we should consider taking a noninvasive approach to how we put governance into place. Here's a couple things that you should not tell your leadership about data governance. First of all, don't sell it to them as being this huge complicated challenge because in a lot of organizations it's not. You may be a large organization with people spread out all across the world and different business units but if we are consistent across those pieces of the organization, it doesn't have to be a huge challenge. Emphasize that governance is not a technical solution. Emphasize that you're not really governing the data, you're governing people's behavior associated with that data and that you can do governance in an evolutionary fashion rather than a revolutionary fashion. Just a couple quick messages of things that we should and shouldn't tell our leadership. Again, get through a couple different diagrams that I use fairly often and talk about them in terms of using them to support your data governance policy. I've kind of beat this one up a little bit where we've got the policy statement, we've got the principles and those are core to being successful with the data governance policy and the ways that we're going to go about measuring the success of the program. Some organizations and responsibilities are going to be defined from the organization. So if you have a framework or an operating model that defines the different roles associated with data governance in your organization, you might want to include that in your data governance policy. I share this diagram quite often but the thing I want to highlight is a lot of these things already exist in your organization. They're not even new to your organization. You might want to include this on these two areas in the middle of this diagram, the fact that we'll have a council that will resolve issues that get escalated to that level and that we'll have tactical stewards or domain stewards or enterprise subject matter experts that lie in the middle of this diagram. We want people to understand how data governance is going to work. If that becomes something that you spell out in your organization, this is another take on the diagram on the previous slide. If you look at it, it's two triangles instead of the one pyramid diagram. On the left-hand side, the organization spelled out in their policy the information about their project approach. On the right-hand side of the diagram, it talked about the program approach to the roles and responsibilities. During the project phase, the emphasis is strategic level with a further emphasis on tactical but less so on the operational stewards. Then when we get to the point where the program takes place, the emphasis is on the people that are doing the work, the people that are defining using data as part of their everyday job. The emphasis became on the operational roles and then the tactical roles and less so on the executive or strategic roles. Again, another use of a diagram that represents your data governance program that you would incorporate into your data governance policy. I share this diagram all the time. I call it the common data matrix. This is a relatively old version of that diagram. The truth is that it has remained pretty constant and pretty accessible to organizations across the globe. It really is an inventory of who does what with data across the organization. If we agree that our people that define production use data as part of their job, we want to know who those people are and we want to report it somewhere. The common data matrix is a simple two-dimensional spreadsheet that documents the different domains and subdomains of data across the organization and where that data resides and what systems and who in IT has responsibility for that data as either data subject matter expert or system subject matter expert and who in the parts of the organization define, produce, and use data across the organization. A very simple two-dimensional matrix that helps us to understand that there are multiple people with their hands on different aspects of data across the organization. We need to know who they are if we are going to formalize their accountability. First of all, we have to define what they're clearly defined accountability is and we have to communicate it to people on the way, but how are we going to know who those individuals are? We need to record it somewhere. If we don't use one of the tools available in the market to do that, then a simple spreadsheet will be something that is very valuable to you to collect that type of information. All right, so we've kind of beaten up policy a little bit. What are some of the things that should be included in policy? I'm going to spend the last couple of minutes here talking about data governance procedures. One of the things that I've said often is that I really don't like the term data governance procedures. My pet peeve is don't call them data governance procedures. Why I added it is the top bullet on this slide. I don't know. The fact is I don't like it when we call things data governance procedures because that point at data governance, it says data governance is the reason why we are following that procedure. If that is necessary in your organization, go ahead and call it data governance procedures. But the fact is that your request for access to data or your transmitting data to a second party or your handling of data or your printing of data, these are procedures or issue resolution. These are all procedures. We need to apply governance to those procedures. We do not need to label them as data governance procedures. We can refer to them as procedures that are governed and that we are going to do applied governance to procedures. Oftentimes I talk about something that I call the data governance bill of right. That is getting the right person involved at the right time for the right reason, doing the right activity to get the right result at least most of the time. If you are interested in a copy of the bill of rights, please let me know. If you are interested in applying governance to procedures, get the right person involved at the right time for the right reason and I'm going to share with you a couple of diagrams here in a minute that show how we can do that. Follow the data governance bill of rights. It really will help you to be successful with your program. We can apply the data governance bill of rights and we can apply governance to proactive processes, to reactive processes. Let me talk about those more here in a minute. What are the different types of procedures that are governed data processes? These are processes that most likely already exist in your organization to some degree. There is a data access process. Let's apply governance to that. There is a data issue resolution process. Let's apply governance to that. There is a data definition production or usage process. Or you do data modeling. You have big data. You have data coming in from everywhere. We know we have to protect data. You have processes for doing that. We don't have to call those things data governance processes but we need to apply governance to them. We follow different project methodologies. We need to retain and eliminate data. We have processes associated with a lot of different things. One of those things are even having a glossary background. Here is an example of something that an organization that I worked with spent a lot of time on. They created three different levels of understanding of their data. They had a vocabulary level. They had a dictionary level and then they had the physical data level. They spent a lot of time making sure that the business terms were defined the way they needed it to be and that the standard data names and system names between them. They had all of this information in place to help people to understand and use the data of the organization consistently across the organization. What was the first thing they did once we defined this vocabulary and we had these vetted out and approved and agreed upon dictionary. We created a process. I know this is a little bit hard to read but it is a simple process where it puts through a form, data governance manager looks at it, bounces it off the steering committee, looks at things that already exist as far as vocabulary terms, make a decision, complete the form and return it to somebody. It is a simple process that people can follow to make changes to things that the semantic layer, the business layer or the technical layer. That is a procedure that can be used to support the organization. Here is an example from an organization that selected these six processes as the ones that they wanted to apply governance to. They said they want to resolve or research information quality issues, they want to monitor risk, they want to monitor information quality. All of these things are important to this organization and they wanted to apply governance to each and every one of these different processes. For each and every one of these different processes that they defined, they clearly defined the steps necessary to complete the process and then they overlaid the different roles that were associated with their program and they put in a letter as to who is responsible, accountable, consulted and informed for each of the different steps of the process. That is a process that people can apply to. That is applying governance to a process or applying governance to a procedure. Another example of this is an organization that had a system development methodology. These are the different roles associated with governance in their organization and they were very descriptive as to what each role does during each step of the process. Again, a way of being able to apply governance to the data governance policies and procedures that were writing or that are going to go alongside the policy in our organization. Another example of the RASCII is here is for an issue resolution process, the steps that were followed to resolve issues, the different roles associated with the program, neatly color coordinated with the pyramid diagrams and if you recognize that or not, but if somebody can see themselves on the operating model diagram, they can also see themselves in the activities. I just found it to be a common way, a simple way of being consistent in the way that we communicate things across our organization. Another example of applying governance to a specific steps of a problem. The thing that I want to finish up in this webinar with are a couple of different things. We want to answer the question, is a policy necessary for your program? One of the things that I suggest that you do is evaluate the need for data governance policy versus the examples of data policy that you already have in your organization. One of the things I suggest is that you can leverage that existing policy and you can even label them as being governance. I'm not saying that you should take credit for them, but what I can say is you can demonstrate to your leadership there is already existing levels of governance in our organization that we need a data governance policy, I don't know. But we can certainly start to leverage things that are in place throughout existing processes and through existing policies that you have in your organization. I can almost assure you that you have some hidden somewhere within your organization. They may not be taken off the shelf so that people understand what policies there are and what that means to them, but that's a collection of data governance policies. Different things that are policies, let's build a collection of what those are and let's kind of represent those things together as having something to do with data governance, but we've already got policy associated with data. Maybe we need something that represents data governance, maybe we don't. I'm not really certain. It's really a specific answer that would be whether it is your system development methodology or your issue resolution log, but build a set of repeatable procedures that have governance applied to it and then start to do it. The easiest way to do that is to recognize what people are presently doing and where they're active in existing processes and just share that up a little bit rather than saying we're going to redefine all of our processes and all of our policies. Build a collection of policies, build a collection of repeatable procedures, and that will help you. Leverage the model and the matrices and the things that I shared with you in the webinar today and that I've shared with you in other webinars as part of your policy. If you need to be able to describe your roles and responsibilities or how they're shared ownership and leadership of data across the organization, you can ask them to your organization but leverage them as part of your policies that you put into place. Leverage the models and the matrices to apply governance to processes. Use those cross reference tools that I share with you, the things that I call governance activity matrices to help to understand who does what in different steps of the processes that you are governing. This is a quick reminder here and then Eric I'm going to turn it back over to you to see if there are any questions and answers. Are we not any questions? I'll be glad to provide answers. There are a lot of questions Bob. As a reminder, the next webinar is the third Thursday of March. We've talked about a couple things in this webinar. I appreciate your interest. With that, let's do it with the questions Eric. One housekeeping item here, several people have asked if they could get a copy of the Bill of Rights somehow. How would they go about doing that? Is that something we can share? You know what it is and I think it's something that Shannon has gotten used to attaching to the follow-up email for the people that have attended the webinar. If it's not there, I will make sure that it is there. There are a couple different versions of that. There's also an article out on TDAN about the data governance bill of rights. If you want quick access to it, I also have a handy-dandy poster that you can print of the Bill of Rights. It's not that handy and not that dandy. It is a poster that outlines that. The data governance bill of rights are out there and accessible. If you can't get them, then request them from me and I will get them to you. Okay, we'll do. The first question we got was about data governance standard documents. Data governance standards. I'm not sure that there really would be a difference between those two. I have never really referred to it as a data governance standards document. I've heard of data quality standards and standards for data, like data naming and data usage and those types of things. But I haven't really heard of data governance standards. I have referred to as policies and guidelines. If you want to talk a little bit more about what a data governance standard is, the person who asked that question, please reach out to me. I'd love to talk to you about that. Okay, what top two-to-three techniques do you use to be less invasive? The first one is very easy. It is rather than assigning people to be stewards. My suggestion always was that we would identify people and their relationship to the data and then they became stewards. But really, it's even better than that. I was doing work for a government agency that said we need to recognize people as being stewards. That has a positive connotation that goes with it. One of the first things that I suggested to be noninvasive, let's not think that I suggest, is that we get a thorough understanding of where people are spending their time and their relationship to the data and the pain points that they have associated with the data. We address those types of things and make sure that they are participating in the definition of the program. A third thing, just to grab a third thing real quickly, that operating model of roles and responsibilities, my suggestion to the organization into that operating model, actually use that operating model and overlay it over your present organization because you're going to see that you already have operational, tactical, strategic, executive and supporting roles. Again, if we can see what people are doing in the roles that we're defining as part of our program, that really helps you to be noninvasive because it doesn't feel to the people that now have accountability before, it just wasn't formal. But if we go about that approach, then they're not going to feel like you're giving them a heck of a lot more than they presently have. It will be less threatening to them. It will be less invasive to what they do. Those are three and I'm sure there are a lot more that would describe how being noninvasive is going to add value to your program. Next question, how often are data governance policies woven into HR policies? Good one. I think data governance policy would be woven into HR, if you have a data governance policy, it would be woven into HR activities the same way any of your other policies are. So if you have somebody who is new to the company coming or you have somebody who is signing their employee handbook every year to say that they understand the policies that I would intertwine the data governance policy within that set of policies, whether it's the orientation level that you give somebody when they join the company or whether it's through some type of education that you have, but I wouldn't make such a big thing on a data governance policy. It's just another policy that is required and that people need to be educated about, but if you're already educating them in that way, then leverage the same format that you use for that to kind of intertwine data governance policy in HR activities. Okay. The next question was actually phrased as a statement, but I think there's a really interesting nuance in here worth asking you to address. In order to get upper management buy-in that such an adventure needs to be taken, I would need to explain what data as an asset really means. They think they do treat it as an asset because we enforce a high level of security. Do you want to address that? Yeah, I do. I think that's a great statement. That's a true statement. To some degree, they do manage it as an asset. They do secure the data and in most organizations, if they're not protecting the data, they're going to protect the data. The problem is that the aspects of the asset that are not governed are the definition of the data. If you have the same data defined multiple different ways in multiple parts of your organization and you allow that practice to continue, you're not governing your data effectively from a definition perspective. If the people that are entering the data don't understand how that is going to be used and why that data is necessary, then you're not going to be successful in the program. You've got to convince your senior leadership that you're already governing data as an asset to a degree, but we're not governing it formally in all aspects of it. Securing the data is just one aspect of it. Hopefully you're doing a good job of doing that, but there are the other aspects that we spoke about, that need to be governed as well. It's not just a security thing. All right. We have time for maybe one or two more. We have identified hundreds of data groups. We have the definitions and the rules. How do we manage these? Well, that's a good question though. It's good to have those things defined and have those things defined actually put you ahead of many organizations that don't have those things defined. What you need to do is communicate effectively to people. You need to communicate to them that we do have a standard definition and we do have standard rules associated with that data. It really becomes something that we need to make certain that people understand that not only is data an asset, but it touches each. It has everything that we as an organization do. Even if we sell the world's greatest widgets, there are materials that make up those widgets. We have customers that we sell those widgets to. We've got people in the organization. We've got to govern each and every one of those aspects of it. I think it's a good statement, but we've got to take it beyond. All right, last question. How do we manage data standards documents? Are there data rules out there that we can use? I think there are tools that you can specifically use to manage those rules that you can use to govern the rules, get the appropriate people involved in the rules. Once you have the rules defined, the way to approach it in the organization is to educate people. First of all, don't hand them a set of rules that are unlikely that they're going to follow. Give them, again, something digestible for them, help them to understand it, communicate it to them, and get them to live it as part of their everyday life. The more and more that people become aware of their relationship to the data and the need to steward that relationship to the data, whether it's definition or production or whatever. Those are a lot of questions. Really good questions, Eric. Thank you to our audience for posting those. Thank you, Bob, for this great presentation and Q&A. I'm afraid that is all the time we have for today. Just to remind everyone, we will post the recorded webinar and the slide deck to Dativersity.net within two business days. All registrants of today's webinar will receive a follow-up email and links and other requested information. Don't forget that you can meet Bob in person at Enterprise Data World 2016 in San Diego, California. I will be there as well looking forward to seeing you, Bob. That takes place April 17th through 22nd. Just go to EnterpriseDataWorld.com for more information. Thank you again for attending today's webinar, everyone, and I hope you have a great day. Thank you very much for working with you again. You too, Bob. Take it out. Bye.