Information policies are a crucial deliverable from any data governance program. Whether they recognize it or not, organizations grapple with five important processes relating to information policies:
- Documenting policies relating to data quality, metadata, privacy, and information lifecycle management. For example, an information policy might state that call center agents need to search for a customer name before creating a new record.
- Assigning roles and responsibilities such as data stewards, data sponsors, and data custodians.
- Monitoring compliance with the information policy. In the abovementioned example, the organization might measure the number of duplicate customer records to monitor adherence by call center agents to the information policy.
- Defining acceptable thresholds for data issues. In the example, the data governance team may determine that three percent duplicates are an acceptable threshold for customer data quality because it is uneconomical to pursue issue resolution when the percentage of duplicates falls below that level.
- Managing issues especially those that are long-lived and affect multiple functions and lines of business. Taking the example further, the data governance team may create a number of trouble tickets so that the customer data stewards can eliminate duplicate records.
Most organizations have a manual approach to information policy management. This approach may work well at the start but quickly becomes unstainable as the number of information policies increases.
Several software vendors have been trying to offer tools to automate the process of managing policy for all types of information. The functionality of these tools depends on their heritage. We classify these tools into the following categories:
- Standalone tools – Kalido Data Governance Director would be noteworthy in this category.
- Tools with a business glossary heritage – Collibra Business Semantics Glossary and IBM InfoSphere Business Glossary are primarily focused on managing business terms. However, the functionality of these tools around stewardship, categories and workflows means that they can also be extended to managing information policies.
- Enterprise applications – Enterprise applications offer a mechanism to manage information policies in the context of key business processes. I have been writing extensively about this topic. http://bit.ly/QfnM5N
As an example, SAP BusinessObjects Information Steward provides targeted capabilities for data stewards to manage and monitor data quality scorecards, data validation business rules, business definitions, and metadata. In addition, SAP Master Data Governance provides capabilities to enforce information policies in the context of business processes.
- GRC tools – Many organizations have made significant investments in Governance, Risk and Compliance (GRC) platforms like IBM OpenPages and EMC RSA Archer eGRC. These organizations may also elect to extend these tools to document operational controls and to monitor compliance with information policies.
- Issue management platforms – I know of at least one organization may also choose to use an existing issue management tool like BMC Remedy to track data-related issues although these tools are not specifically targeted at this problem domain.
I intend to write more about this topic. Have I missed anything? Please comment.