Kate Carruthers, UNSW Australia, Focus Day, Presentation at Chief Data & Analytics Officer Forum, Melbourne

1. 1. Data Governance for the Value-Oriented Organisation Kate Carruthers Classification: Public
2. 2. The brief 1. Implement an institution-wide data and information strategy, including data governance, control, and policy development 2. Include information protection, information and data governance, and data quality processes, and data life cycle management 3. Work collaboratively across the institution to enable the exploitation of data assets to create business value 12/09/2016 Data & Information Governance Office 2
3. 3. Ensure that the institution has the right information to support key strategic initiatives 12/09/2016 Data & Information Governance Office 3
4. 4. 12/09/2016 Data & Information Governance Office 4 Data Quality Management Data Warehouse, Business Intelligence & Big Data Reference & Master Data Management Data Architecture & Modelling Data Governance DATA & INFORMATION GOVERNANCE • Appropriate use • Business value • Information meaning • Data transparency • Data lineage • Data Quality Information Governance Data Governance • Data Security • Change Impact • Service Levels • Information Life–cycle • Information Ownership • Privacy
5. 5. Definition "Data governance is the organization and implementation of policies, procedures, structure, roles, and responsibilities which outline an enforce rules of engagement, decision rights, and accountabilities for the effective management of information assets." (John Ladley, Data Governance: How to Design, Deploy and Sustain an Effective Data Governance Program, 2012) 12/09/2016 Data & Information Governance Office 5
6. 6. Baseline Principles • Data & information governance –is a business driven activity –is a framework to enable the business to better manage information and data quality • No data or information governance activities will be undertaken without business buy-in and leadership • Decision making rights need to be determined 12/09/2016 Data & Information Governance Office 6
7. 7. The 4 dimensions Framework: • provides enterprise wide roles and responsibilities to be accountable for decisions related to data assets • establishes policies & procedures to manage the data assets • provides diverse tools for managing operational data tasks UNSW Data Governance Framework focuses on the oversight, guidance and quality of enterprise data assets enabled through People, Policies, Procedures and Tools 1 Policies are high level statements that provide context for strategic decisions relating to the data assets People can be members of UNSW governance bodies, which hold the authority for decision relating to data assets Tools are pre-prepared objects that support people carrying out procedures Procedures are specific instructions designed to ensure policy is followed and outcomes are measurable Workflow for Approval Checklists Issues Register Data Profiling Data Sharing Data Reporting Regulatory Compliance Data Asset Prioritisation Data Exchange Agreements Data Process Flow Data Integration Data Security Strategic Drivers Dimensions Enterprise Oversight of Data Enterprise Guidance on Data Enterprise Quality of Data Performance Metrics Policies Procedures Tools Data Executives Data Owners Data Stewards People Data Creators/ Data Specialists 1 2 3 4 12/09/2016 Data & Information Governance Office 7
8. 8. Data & Information Governance Model 12/09/2016 Data & Information Governance Office 8 Policy Framework Coordinating Committees • Data Governance Steering Committee • Business Intelligence Steering Committee • Information Security Steering Group Data Ownership & Management • Data Areas • Data Executives • Data Owners • Data Stewards • Data Governance Policy • Data Classification Standard • Data Handling Guidelines • Information Security Management System
9. 9. Data Creator / Data SpecialistsSupport Strategic Tactical Operational Data Executive Data Owner Data Stewards • Provides leadership in data quality and in resolving conflict regarding data assets • Provides direction and priorities in specific Data Area • Takes leadership support for the data quality principles, policies and standards across the Data Area • Ownership of the Data Area on day-to-day basis – accountable for checking the Data Quality • Provide managerial support to the data governance program and develop data management artefacts • Provide operational help around planning and issues resolution • Represent functional areas across the University • Identify and fix data issues within their respective business areas • Document and log data quality issues for resolution in source systems • Provide defined processes for conformance of data to acceptable levels • Business SMEs • IT /source System/Application SMEs • Database Admin, System Admin, Application specialist, Developers, • Business Analysts, etc. • Researchers and Academics Data Ownership and Management 12/09/2016 Data & Information Governance Office 3 Role High Level Definition These roles are aligned to provide strategic leadership, tactical and operational excellence to manage the Data Assets
10. 10. The beginning… • Tactical and reactive approaches • Ad-hoc delivery • No finalised documentation • No data or information governance • No set roles or responsibilities • No policies or procedures • Not linked to IT Security 12/09/2016 Data & Information Governance Office 10
11. 11. • Provide actionable insights for business leaders • Enable leaders to understand their business operations • Build predictive models to enable strategic planning 12/09/2016 Data & Information Governance Office 11 Driver: Need to develop strategic business insight capability
12. 12. Foundations Business glossary Business metrics Tools Data sources Data quality 12/09/2016 Data & Information Governance Office 12
13. 13. 12/09/2016 Data & Information Governance Office 13 Business Intelligence Data & Info Governance People Process Agile Customer focused Repeatable Documented Reduce friction Improve response times Skilled Knowledgeable Informed Customer focused Business driven Understandable Practical Useful Informative Reliable Fast Strategic Solution oriented Predictive
14. 14. Engagement • Strong customer engagement – Business Advisory and Reference Groups established • Important role for IT • Need to build partnerships • Used agile methods 12/09/2016 Data & Information Governance Office 14
15. 15. Technology • Adopting Collibra Data Governance Centre • Starting with business glossaries • Moving toward reference data • Business case for Master Data Management • Integration tools on agenda for next year 12/09/2016 Data & Information Governance Office 15
16. 16. Data Classification – the classification process will involve appropriate risk assessment Highly Sensitive Sensitive Data that if breached owing to accidental or malicious activity would have a high impact on the University’s activities and objectives. Data that if breached owing to accidental or malicious activity would have a medium impact on the University’s activities and objectives. Data that if breached owing to accidental or malicious activity would have a low impact on the University’s activities and objectives. Data that if breached owing to accidental or malicious activity would have an insignificant impact on the University’s activities and objectives. Private Public High Medium Low • Student zID’s, passwords, UNSW IT systems login • Student personal records and admission applications • Faculty/staff employment applications, personnel files, benefits, salary, birth date, personal contact information • Unpublished research data (at data owner's discretion) • Non-public UNSW contracts, policies and policy manuals • UNSW internal memos and email, non-public reports, budgets, plans or financial information • Information authorized to be available on or through UNSW website without zID authentication • Job postings, public research data, staff details, policy or procedure manuals etc. • Public, available campus maps Classify the Data Risk AssessmentBusiness Decision As per the approved Data Classification Standard As per the UNSW IT Risk Management Policy As per agreed Data Governance Roles and Responsibilities Data Management and Operations 12/09/2016 Data & Information Governance Office 16 Identify the Data Owner Identify the Information Assets Assess data risks Apply data classification to the Information Asset Apply the controlsData classification process:
17. 17. People • Getting the right mix of skills and institutional knowledge • Not growing team too fast • Building culture and relationships • Developing technical capability 12/09/2016 Data & Information Governance Office 17
18. 18. Key Factors in Success • Data & Information Governance –needs to be a good fit for each specific Data Area and the business operations it supports –for each UNSW Data Area needs to be developed collaboratively with the stakeholders 12/09/2016 Data & Information Governance Office 18 There is no single ‘right’ answer for how to do it – the process needs to align to the business needs of each particular Data Area
19. 19. What we’ve learned so far 1. Build slowly – don’t rush 2. Bring the customers along too 3. Culture drives strategy 4. Agile approaches work 5. Collaboration matters 12/09/2016 Data & Information Governance Office 19