In our ongoing series of CIMdata articles on engineering.com, we have focused primarily on the digital (aka "virtual") and physical aspects of digital transformation. Our discussion of these digital and physical elements has centered on what needs to be done with (and to) information as competitive and innovative new products, systems, services and assets are developed, produced and supported.
In the past two years, these articles have addressed almost everything being done to create and manage data and information throughout product lifecycles, within business units, and by suppliers and contractors who keep the extended enterprise profitable. In this article on data governance, however, I am changing gears to address management, policies, procedures and even "people" issues related to information handling to ensure its always right for use.
I want to shift attention away from computer monitors, apps, systems and solutions to instead look at how best to keep all the moving parts in the digital enterprise from running off the rails. I will address the need for:
- Data governance amid the rapid expansion of information in models.
- Strict online privacy rules.
- Data governance implementation with viable frameworks and roadmaps.
Finally, I will discuss why these are "people issues" that are critical to digital transformations.
What is Data Governance?
Data governance is “the definition, implementation, and management of policies, procedures, structures, roles and responsibilities that outline and enforce the rules of engagement, decision rights and accountabilities for the effective management of information assets.”
Effective data governance means oversight of solution implementations that ensure the promised capabilities are working as required (that is, approved, available and usable). The same is true for upgrades and new systems.
A good illustration is in my recent engineering.com posting on model-based structures. Even if model-based structures are packed with information and illustrated with attractive and helpful engineering graphics, they are still incomplete and may be awkward for others to use. The model's information must be structured so all of its data is accessible and understandable to all potential users. In turn, this structure requires a consistent and readily accessible explanation and exposition built into the model.
In other words, a model-based structure tells users how and why it was built, by whom, what is shown and the model builder's intent. Intent includes analysis, validation and verification, test and inspection, connectivity and/or the support of design alternatives or manufacturing, field service and more. Data governance is the most effective way for builders of model-based structures and other information constructs to ensure this.
Effective data governance makes a crisp distinction between the oversight roles of people implementing it and the get-the-job-done focus of the enterprise's information users—including everyone who creates information intended for others to understand and use.
This makes the data governance issue about how much control to assert over the structure of the model and its content; it does not permit information meddling.
Data governance is the oversight of information, specifically the solutions, systems, uses and the enterprise's policies on handling information. Data governance's sole aim is to ensure that what was promised to users of information is being provided in usable forms. Its oversight starts with determining responsibility and accountability for the information, plus all the solutions and computing systems that permit access or change to the data/information.
Simply put, as part of digital transformation, data governance is about information stewardship—essentially a watchdog role—rather than creating another layer of information management.
Why: The Impacts of Models and Privacy
Data governance goals include sustainability and change management for data/information, guidance for in-house software development and analytics, as well as how to measure improvements. This is why the initial establishment of data governance should be presented as oversight only. While ensuring that data is what it is supposed to be, data governance is not about configuration management or master data management, although it does support both. As a result, it is essential to maintain a single logical version of the truth, irrespective of how it is defined.
Well implemented data governance leaves day-to-day (and overall) information management in the hands of process managers, department/business unit leaders, experienced users and IT departments. It is not merely a feel-good exercise; its oversight provides straightforward ways to verify information security and privacy constraints are in place—and remain uncompromised—which can simplify verification and audits.
A growing justification for data governance is information privacy. The European Union's General Data Protection Regulation (GDPR), for example, establishes far-reaching rights for individual privacy, including:
- The right to access personal information wherever and whenever it is stored or reused.
- The right to be informed about the contents of one's information.
- The right to be "forgotten"—having one's information permanently erased.
As far as enforcement of the quality of information goes, these are huge steps. And under GDPR, violations carry big penalties.
Data governance experts foresee demands for enforcing these rights growing in the next few years. California has enacted similar constraints, and other states are enacting or considering them. Presumably, agencies in the U.S. government and elsewhere will follow, and GDPR's data rights could become universal.
As this broad form of information protection takes hold, all sorts of sensitive information may become subject to similar constraints. Financial and confidential business information could be next; personal medical information is already highly protected. Moving information to the Cloud adds to data governance challenges. So does the endless proliferation of information in new formats and structures scattered throughout organizations, computer systems and storage devices.
Therefore, data governance is a vital response to GDPR and similar demands for assessments, audits, verifications and enforcement of data rights. These demands will eventually impact the extended enterprise, which makes PLM and end-to-end connectivity, another essential element of the Critical Dozen.
How: Start with a Framework and a Roadmap
There is no standard structure for an organization's data governance team. It can be an ad hoc committee, a small department with a few staff, or a formalized unit in large organizations. The need for oversight should be determined by size and reach. Similarly, there is no standard starting points. Start where is the pain most acute.
Data governance is not intended to control every informational model and data element or even manage their creation. I think any such hands-on approach is overkill. Instead, data governance monitors usage, addresses complaints and steps in when problems occur. Its oversight ensures that information guidelines and established policies are not violated—as opposed to trying to foresee and prevent problems. Oversight should be limited to making sure, as noted at the outset, that what was promised is still being delivered with no unpleasant surprises.
Once data governance is in place, its overseers should look for lax implementations—incorrect or incomplete data structures in any information construct regardless to who created it. In addition to user complaints about corrupted data, data governance staff must be alerted when:
- Evolving information needs are inconsistently satisfied.
- Implementation promises are not being met.
- Hidden workarounds and shortcuts are performed.
More generally, data governance implementations should be rolled out incrementally. Major considerations should include prioritizing components based on their focus, business unit, economic impacts, alignment with enterprise goals and scalability. Data governance implementations in some enterprises try to cover too much information too quickly, and big-bang debuts rarely succeed.
I have found a modified Zachman framework to be a proven way to enable a valid and trustworthy data governance practice. This framework provides detailed approaches to establishing a fundamental enterprise architecture to ensure data governance is timely, measurable, compliant, repeatable and consistent.
Also useful are the Mike2.0 Framework, the data governance Institute Framework, the IBM Data Governance Council Framework and Maturity Model, Quality Function Deployment (QFD), and a scaled down QFD. Frameworks differ, so choosing one that best fits your enterprise is important. In addition, there are data governance approaches tailored to specific industries. Most important, each data governance framework separates the responsibility for management from the execution of policies.
Because data governance is complex, I urge organizations to develop a roadmap and detailed implementation plan that spells out the vision, strategy and objectives. Every implementation has to prioritize key elements of the project for the timing and costs to be in budget. As part of data governance frameworks, roadmaps also coordinate the necessary people, stakeholders and resources while simplifying the tracking of progress.
Final Thoughts: Safeguarding the Enterprise's Information
The long and short of data governance is that it safeguards the value of the enterprise’s ever-changing information, including how it is handled in processes and enabling constantly evolving systems. Unfortunately, the value to the enterprise of that information is sometimes overlooked—largely because most collected data is never used—making it easy to assume that the enterprise's data is trustworthy.
As I noted in a webinar on November 10, 2022, "CIMdata's Critical Dozen: The Top 12 Trends & Enablers for Digital Transformation," the right set of data governance policies, procedures, structures, roles and responsibilities is essential. Without them, digital transformation will be hollowed out. Its effectiveness will be undermined, and its hopes of profitability will be at risk.
Enabled with PLM and end-to-end lifecycle connectivity, effectively implemented data governance is part of the essential underpinning of collaboration that spans business units, suppliers, customers, geography, time zones, new technologies and constant change.
Fundamentally, a data governance framework ensures the information comprehension necessary for collaboration and innovation—without which the enterprise flounders. By cleanly separating the responsibility for data governance management from the execution of data governance policies and practices, users are assured that the enterprise’s information they need is available and of maximum value—with a minimum of interference and oversight.
In a successful digital transformation, no one should have to struggle with information; struggling with information is, of course, the ultimate "people issue."