A Data Professionals Community

The Data Governance Story: How to Develop Policies & Rules

If information is paramount, it becomes our collective responsibility to nurture, develop, secure and protect information. One should nurture and develop information so that it is well formed, mature and timely; and secure and protect information so that it is valued and guarded, not shared or misused.


The importance of policies and rules

Thus, applying governance through an established set of policies and rules, is the basic tenet for any information. This is much like the historical evolution of governance where kings were responsible for their subjects, to today, where an enterprise is responsible for their information and its dissemination. A greater focus is now placed by an enterprise on their information for analytics and growth. Thus, the development, maintenance and enactment of policies and rules are not only critical, but must be incorporated into the business culture, and processes. All employees must be aware and adhere to such policies, even as those policies continually evolve and adapt to reflect alterations and growth of varied corporate or regulatory requirements. Policies therefore require a novel approach of management and continued support and funding from executive leadership and the IT organization, often driven by the office of the Chief Data Officer (CDO).

The Dodd-Frank Act, Health Insurance Portability and Accountability Act (HIPPA) and Basel Committee on Banking Supervision (BCBS-239) are all examples of such regulatory bodies and requirements, that drive uniform policies for the protection, privacy or mitigation of risk of the related information and require a system to document, share and review such policies across the enterprise domain.

Policies and rules are therefore the vehicle by which an enterprise can establish, declare and make known the basic requirements for the general structure, format, identity, ownership, usage and access for all information within the enterprise. They thus aide in the conformation of standards and the mitigation of risk, and are further delivered and enacted through the establishment of operational rules and applications.

Figure 1: IBM InfoSphere Information Governance Catalog allows users to search and explore through the foundational policies, understand their definitions and requirements in natural language. One can further explore the associated operational rules and enacted data sources.

Policies and rules are a building block of any governance solution. Let’s now look at what they mean for a data governance program in detail.


Policies define the parameters for the operational activities and storage of information. They are considered a documented set of guidelines for ensuring the proper management and usage of information. They reflect upon the accountability and allowed or intended usage of information. Policies are generally exacting and purposeful, aligned with campaigns such as Data SecurityData Transformation or Life Cycle Management within the context of a regulatory requirement.

Within the enterprise, the data governance team should initially establish abstract policies that reflect such campaigns and core set of requirements, then expand upon such areas or requirements with a more refined and exacting set of policies.  A hierarchy of policies and references establishes the domain and specificity for each.

Source Continue Reading

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More