Successful and Sustainable Data Policies: A Guide for Enabling Data Governance at Scale, by Malcolm Chisholm Ph.D.
Apply data policies to make data governance work for the long term.
Where We Are Today
The Purpose of This Book
Why Institutionalization?
Good Governance and Institutionalization
Why a Policy Lifecycle?
Audience
Conventions Used in This Book
Directives
Directive Definitions
Policies
Policies vs. Policy Statements
What a Data Policy Is Not
Problems with the Word “Policy”
Relationships of Policies, Standards, Practices, and Procedures
How Did We Get Here?
The Mainframe Revolution
Complexity and the Rise of Databases
Relational Databases and Data Modeling
The Rise and First Fall of IT Departments
The Return of IT
The Rise of Data
The Appearance of Data Administration
The Internet, Second Fall of IT, and Extinction of DA
The Dark Age and Emergence of Data-Centric Specializations
The Ascent of Data Governance
Data and the Global Financial Crisis (GFC)
The Appearance of The Cloud
Data-Centricity Arrives
Data Governance 2.0
Covid and Artificial Intelligence
What Does It All Mean?
Why Do We Need Any Policies for Data?
Why Do Data Policies Need to be Centralized?
Data Governance Leadership
Overview of the Policy Lifecycle
Preparation for the Policy Lifecycle
RACI for Policy Lifecycle
Example of a Policy Lifecycle RACI Matrix
Checking The Validity of the Data Policy Lifecycle
Who Designs the Data Lifecycle?
Who Writes the Policy of Policies?
Regulation and Corporate Governance
The Scope of Data Policies
Accountable Organizational Unit
Conferring of Authority for Data Policies
The Policy Lifecycle and Operating Model
Approval and Review
Policy of Policies vs. Data Governance Charter
The “Data Governance Policy”
Additional Details
Final Approval
The Data Policy Oversight Committee
Composition of the Data Policy Oversight Committee
Additional Data Policy Oversight Committee Considerations
The Data Governance Committee/Council
Data Policy Oversight Committee Operational Details
The Data Policy Operations Committee
What is a Principle?
The Reality of Principles
Relationship of Principles to Policies
Analysis of Principles
Scope of Data Principles
Guiding Principles
Should There be a Data Principles Campaign?
Principles Statements
Formulating Principles
Living by the Data Principles
Updates to Principles
Planning the Policy Portfolio
Managing the Policy Portfolio
Suggestions for Initial Policy Portfolio
Basic Structure of the Policy Portfolio
Implementing the Policy Portfolio Table
Metadata for Managing the Policy Lifecycle
Metadata for Efficiency Reporting
Expanded Policy Metadata
Current State Assessment
Policy Review
Policy Analysis
Whole Policies and Partner Organizations
Citation-Level Transfer
Involvement of the Data Policy Oversight Committee
Traceability of Policies and Citations
Dealing with Uncooperative Units
Why Manage Policy Requests Formally?
Policy Request Log
Policy Requests from Outside Data Governance
Policy Requests from Inside Data Governance
Policy Gap Analysis
Processing of Policy Requests
Reporting of Policy Request Processing
Implications for the Policy of Policies
Actioning a Policy Request
Drafting the Policy
Stakeholder Review
Alternatives to Stakeholder Review
Processing Stakeholder Feedback
Committee Approval
Policy Formulation Effort
Common and Specialized Terms
Centralized Business Glossary
Adding Policy Terms to a Centralized Business Glossary
Access and Security for Policy Business Terms
Interpretation of Business Terms
Author Once, Publish Anywhere
Problems with Policy Format
Policy Header
What Is Not in the Policy Header
Policy Prologue
Policy Statements
Glossary
Related Documents
Support
Confidentiality and Security Markings
Other Format Elements
Definitions of Information Elements
Implications for Policy of Policies
Policy Style Guide
Style Resources
Style Checklist
Policy Harmonization Process
Dealing with Inconsistencies
Data Policies vs. Non-Data Policies
Policy Coordination
Finalizing Policy Harmonization
Who Approves a Data Policy?
Preparing for Approval
What Gets Approved?
Disbanding the Working Group
Updating the Policy Portfolio
Conclusion
What Has to be Communicated
Where to Publish a Policy
Posting a Data Policy on an Intranet Site
The Policy Bulletin
General Promulgation Actions
Targeted Promulgation Actions
Promulgation Planning
Training
Promulgation Log
Non-Operationalization
Operationalization Support
Tracking Support Requests
Preparing for Data Policy Administration
Strategy for Policy Operationalization
Reason for Policy Variances
Mandate for Policy Variances
The Data Policy Variance Procedure
Consideration of the Variance Request
Policy Variance Request Follow-Up
Closing Policy Variances
Policy Impact of Variances
Coordination with Other Units
Variance Metadata
Planning for Variances
Attestation
Attestation Software
Attestation and Personally Oriented Policies
Attestation at the Business Unit Level
Internal Audits
External Auditors
Data Surveillance
Data Surveillance and Separation of Duties
Whistleblowers
Reporting about Compliance
Internal Audit Findings
External Audit Findings
Findings by Regulators
Reactions to Compliance Issues with Data Policies
Scheduling Reviews
Metadata Requirements for Policy Reviews
Uniform Review Procedure
Simple Policy Changes
Material Changes to a Policy
New Policy Version and Policy Bulletin
Higher Level Process Reviews
Policy Discontinuation Criteria
Policy Review and Discontinuation
Approval of Discontinuation
Promulgation of a Discontinuation
Operationalization of Discontinuation
End of the Policy Lifecycle
Data policies are the most powerful instrument a Data Governance unit has for achieving good data management practices across an entire enterprise. Yet, all too often, Data Governance units encounter difficulties as they embark on policy work. Simply drafting a data policy is only a small part of what is required. Policies have to be governed and managed across an entire lifecycle consisting of many different phases, each with its own unique needs and concerns, and must be sustained for years.
This book presents a detailed end-to-end methodology for implementing successful and sustainable data policies that will bring positive results over the long run. It goes deeply into the entire policy lifecycle, describing how each phase must be carried out, including roles, responsibilities, and metadata management requirements. In addition, the book outlines a set of permanent governance structures for institutionalizing data policy work. Such structures are critically important for data policy sustainability, since relying on specific individuals to drive the work is inherently unstable.
Readers of the book will find detailed guidance not only on the specific data policy work, but also on how Data Governance can take a leadership role in the policy area. Learn how to apply practical steps for Data Governance to achieve coordination with other corporate functions such as Risk, Legal, and Internal Audit. These corporate functions have a strong interest in data policies and need to be kept in alignment with Data Governance.
The vision of the book is to equip readers with a complete, detailed framework that they can use to implement successful and sustainable data policies for the benefit of their enterprises.
Malcolm Chisholm is a well-known thought leader in the data industry. He has been an independent consultant for 25 years, working in many aspects of data, including data governance, metadata management, database design, master data management, and data and AI privacy. During this time, Malcolm worked in a variety of sectors, including the UN system, financial services, defense and intelligence, retail, pharmaceuticals, and more. Malcolm is the recipient of the prestigious DAMA Lifetime Achievement Award, and is a frequent conference presenter, also publishing content about data in a variety of platforms. On the personal side, Malcolm has a Ph.D. in zoology, and enjoys gardening, fishing, beekeeping, and foraging to keep in touch with the natural world.
This workbook is a companion to Successful and Sustainable Data Policies, which is a detailed and comprehensive guide to data policies. As a companion, it is intended to provide readers with a high-level framework to speed up planning for building or strengthening data policy capabilities in their organization.
The Workbook consists of sets of questions that need to be answered. Each set corresponds to a chapter in the main book, and is intended to cover the major points in that chapter. The reader captures their answers in the workbook, and can then turn to the corresponding chapter in the main book to customize their planning at a more detailed level. Additionally, the exercise of answering the questions will help readers better understand the content of the chapter concerned.
Readers do not have to go through the Workbook in any particular order, and should feel free to focus on the chapters that are their priorities. Each chapter also has space for readers to add their own specific questions and notes, as the detailed situation at every organization cannot be fully anticipated.
It is strongly recommended that teams use the Workbook. Each team member can complete one or more sections in their Workbook and then the team can come together to discuss their answers and develop an optimal synthesis for their organization.
Readers should be aware that there is a structure to the Workbook, with Chapters 1-3 being about the general way in which policies are handled in their organization, and general attitudes to data. These set the stage for assessing the overall ease or difficulty that is likely to be encountered as data policy work gets going. From Chapter 4 onwards the questions are specifically about data policies, with a few exceptions.
The questions are structured to orient answers away from the theoretical and towards the situation at hand. They contain the phrase “in my organization” or ask about the Data Governance unit to make sure the reader understands that the answers need to be about the real practicalities and not some ideal state that can probably never be attained.
It is the hope of the author that this Workbook will improve the speed and ease with which data policy work can be performed. Although it comes from a high-level perspective, starting at a high level and then dealing with the detail can be considerably less frustrating than doing things the other way round. Data policies are more important than ever in the modern world, and we need our Data Governance teams to be able to respond effectively to this challenge.
Please complete all fields.
