Data Governance and/ or Data Quality are often seen as being driven by IT, which is always in symbiosis with the business side, providing services in exchange of accommodation and food (aka budget). Data Governance and Data Quality are one of the areas where business expects services from IT.
But IT is a complex creature and not all of its parts are always synchronized. Moreover, sometimes some parts of IT forget to benefit from the services offered to business. As most know very well, often the development part of IT is not quite synchronized with the IT administration. Many functions from IT, like business analysis, project management or data governance/ data quality are closer to the business than to its administration functions, especially those administrating the infrastructure. But, as well known from folklore: „ the blacksmith’s mare and the shoemaker’s children are the worst shod ”. Does anyone know this proverb?
Out of many IT dedicated functions, I consider two of them to be the foundation for any effective management and security. These are IT Asset Management and Accounts and Privilege Management. Neither IT management nor cybersecurity cannot be effective without accuracy in these areas. These areas are also strongly linked to core business processes from HR and Finance.
These areas, more than many others from IT could benefit a lot from data governance and data quality… but usually don’t get to. To my experience, most of the basic principles of data governance are absent or partially implemented in most organizations. At this point 90% of those responsible would tend to strongly disagree. I’m curious to see how many would maintain their opinion at the end. Based on my last 20 years, working within, with or close to these areas I can definitely affirm that I can demonstrate this in almost any organization, small or large (including or especially in corporations).
Back to the point, I’ll start to highlight some areas which are overlooked on these domains and types of problems I noticed. Since the solutions to fixing these problems can be unique to your own environment, I’ll tell you where you can look to find these problems instead.
Determining your IT Asset Management status
The lists of assets are reference data used by many other processes of IT and not only, so any inaccuracy would impact many other activities. Now some questions to ask yourself, or your IT department:
- The easiest one: Do you have a list with all your hardware equipment, containing all the information to properly identify them physically (for the inventory), and operationally (status, location, allocation and role), in on the networks ?
2. Referring to question 1, does this list contain (being identifiable):
- The spare, the broken, and the discarded equipment?
- The personal equipment allowed to be used for business purposes?
- The mobile equipment, including the personal ones?
- The test equipment or those used for non-operational purposes, including the development, test, or IT administration purposes?
- The equipment owned by other parties, which are part of your systems or have access to your systems?
3. Do you have a list of the software used in your organization and this list has all the relevant information about their roles, purpose, versions, producers, licenses, etc….?
4. Does this list include the external and online IT services used by your company’s employees or systems or interfaces to them?
5. Do you know the support and maintenance status and details of your systems, equipment and software?
6. Do you know each software installed on each equipment, at least for your IT infrastructure, or at least the critical ones?
7. Do you have a “criticality” defined for your systems, equipment, and software?
Here’s how you can create an inventory of your data sources
Having all these recorded is good, but not enough, especially (but not only) for larger organizations where there are different roles for different tasks. Usually there are several different lists (or records in a system) which relevant information for a certain role, but can all these lists be linked together?
Another critical question (bonus): “Is each relevant information easily understood by all the parties involved?”. Are you sure that even the names used for critical systems have the same meaning for IT as they do for relevant business people (management, departments or process owners…)?
Now, assuming you have all these recorded, in a way or another, at an acceptable level, are these updated properly? If you would compare with information from HR on new hires, leaving employees or changes of roles/departments would you find a correlation?
So, where is Data governance and/or data quality in all these? Shortly, everywhere. If you would start building these information considering data governance principles, most of these questions would have easy responses. A business glossary, an involvement of all relevant stakeholders, a data dictionary and proper master data management, plus some data quality processes around would be the response to all these and many others.