Data governance maturity models – IBM
One way of measuring the effectiveness of your data governance program is to assess it against an existing maturity model. This can help by indicating:
- where you are with the data governance program
- how you are progressing or not; and
- what are some of the steps you need to take in order to evolve your program
The existing models were developed by software vendors, consultants, or data governance professional groups, but most follow the Capability Maturity Model (CMM) methodology so you will see there are quite a few similarities between them.
If you don’t know where to start, what model to consider, and where you can find out more information, here is an introduction over some of the most well known data governance maturity models, starting with IBM’s.
IBM Data Governance Maturity Model
Overview: Published in October 2007, the model helps assess and measure progress within each of the 11 data governance domains below.
- Data Risk Management & Compliance: The methodology by which risks are identified, qualified, and quantified, avoided, accepted, mitigated or transferred out.
- Value Creation: The process by which data assets are qualified and quantified to enable the business to maximize the value created by data assets.
- Organizational Structures & Awareness: Description of the level of mutual responsibility between the business and IT, and the recognition of the fiduciary responsibility to govern data at different levels of management.
- Policy: A description of the desired organizational behavior(s).
- Stewardship: A quality control discipline designed to ensure custodial care of data for asset enhancement, risk management, and organizational control.
- Data Quality Management: Methods to measure, improve and certify the quality and integrity of production, test and archival data.
- Information Lifecycle Management: A systematic policy-based approach to information collection, use, retention, and deletion.
- Information Security & Privacy: The policies, practices and controls used by the organization to mitigate risk and protect data assets.
- Data Architecture: The architectural design of structured and unstructured data systems and applications that enable data availability and distribution to appropriate users.
- Classification & Metadata: The methods and tools used to create common semantic definitions for business and IT terms, data models, data types, and repositories. Metadata that bridge human and computer understanding.
- Audit Information, Logging & Reporting: The organizational processes for monitoring and measuring the data value, risks, and efficacy of governance.
Here are some of the characteristics of each level:
Level 1: Initial
- Little or no data processes or controls in place
- Silo-ed and ad-hoc approach for managing data
- Data management is very reactive
- No formalized tracking or management of data overall
- Budget and schedule of data project is usually exceeded
Level 2: Managed
- There is awareness of the importance of data
- Invested in several projects such as modeling of basic infrastructure or documentation of data processes
- Some repeatable processes and automation occurring, but not for all projects
- Data-related regulatory controls are documented and available
- More focus is spent on metadata
Level 3: Defined
- Data policies are better defined and unambiguous
- Some data stewardship is implemented
- Technology is used to better manage data
- Data integration is on the road-map and leveraged
- Data management practices are becoming widely shared and understood
- Risk assessment for data quality and master data management becomes part of the usual project methodology
Level 4: Quantitatively managed
- Data governance structure is at the enterprise level
- Quantitative quality goals are set for data processes and maintenance
- Enterprise data models are documented and made available
- Any project follows data governance principles
- Performance is measured consistently against stated goals
Level 5: Optimizing
- Cost of data management is easier to managed and reduced
- Processes are automated and streamlined
- Data management is consistent, rigorous, and adopted enterprise-wide
- Data governance is second nature and is a collective effort
- ROI for a data project is consistently evaluated and tracked
Take away: Each one of the 11 separate domains are individually assessed and placed within its own level, which is great as you can start with the one better suiting your business needs. Level 2 is where most organizations are when they start a data governance program. Very few organizations can achieve the 4th and 5th level at enterprise level and it’s more common for specific data domains, rather than all data domains, to be categorized in the last 2 levels.
More information: IBM Data Governance Council Maturity Model
Next, I’ll go over Stanford’s Maturity model as it uses IBM’s as a reference point and it’s not only relevant for higher education institutions.