MADE, Inc.
Back to Articles

Data Governance Maturity Models

July 18, 2018

All organizations have an imperative to manage their customer, transactional, and operational data in a responsible way. One need only look at the scope and breadth of public and regulatory expectations around GDPR, PCI DSS, and HIPAA for evidence of this shift. As your organization grows, so does the need to have a firm understanding of the principles of data governance and a maturity model that can help you take control of your organization's data, making regulatory compliance as easy as possible.

One approach is to take on each regulatory challenge as its own discrete project, managing requirements and sweeping changes to policy, procedures, and infrastructure as you go. While that is ultimately how things get done, the first step in our opinion is to adopt a data governance maturity model to guide your organization through problems common to any compliance initiative. What's left for each of your downstream projects will be a much tighter list!

For my money, there's nothing like the Stanford Guiding Questions, an interrogative framework that moves across three dimensions: type, area and component.

Types

  • Foundational
  • Project

Areas

  • People
  • Policies
  • Capabilities

Components

  • Awareness
  • Formalization
  • Metadata
  • Stewardship
  • Data Quality
  • Master Data Management

We first establish for each Type and Area the level of the organization's maturity. It's not uncommon on a scale of five to have a number of 2s and 3s; I call this phase "adolescence." The general goal is higher numbers for each, establishing focuses for remediation of lower scores. It's very important not to be optimistic in this phase, and to gather a realistic ranking by polling across the organization's management. If you get 5s on everything, you can just stop reading here. (Spoiler: You're not going to get all 5s...)

Now for the hard part: Asking whether your organization is executing specific activities to merit each maturity level. These take the form of qualitative and quantitative aspects in each Area for every Component-dimension. This initiative alone has 160 individual points, a pretty exhaustive framework (reminiscent of COBIT if you've had audit experience with that beast).

There are many other frameworks out there from proprietary to standards-based models, right down to analyst firms that eschew any such approach. What's right for your organization will become evident as you start. And starting, above all else, is the most important part of the endeavor.

Ready to Get Started?

Get in TouchBook a Consultation