Data governance guideline

If you have material that is of business value to your agency, whether the term you use for it is data, information or records, then chances are it needs to be appropriately managed and therefore governed. While it may be useful to distinguish between these terms when discussing particular uses or dealing with various stakeholders, often it is not necessary or indeed practical to expend time and energy defining and differentiating between these terms.

Although data, information and records may be collected, created, used and stored for different purposes and by different stakeholders, they all require similar management processes and governance oversight. These activities will be more effective and of better quality if conducted in conjunction with business users and their requirements. Aligning data governance activities with existing or well-established agency governance roles and responsibilities where appropriate will further facilitate uptake, understanding and acceptance.

Data governance vs information governance

Data governance and information governance are similarly defined, therefore in practice they are very alike in both form and structure. The philosophy or intent that underpin both is that data and information are an asset to an organisation. By governing this asset appropriately, an organisation ensures that the value of data and information is fully maximised across the entire organisation and potentially beyond.

Many hours of thought and analysis by many authors has gone into defining the difference between data and information, however from a governance perspective, the point is to not labour the definitional differences between the two but focus on what is required to define and achieve the business objectives for your governance practice.

QGCIO defines information governance as the system by which current and future use of information and its management is directed and controlled. This definition is very similar to the DMBoK data governance definition described above.

QGCIO has long standing policy guidance regarding information governance. At the highest level, this consists of the Information governance policy that mandates agencies must implement a formal information governance practice. This policy is supported by the Implementing information governance guideline, which provides detailed descriptions of the components of effective information governance, as well as practical advice regarding their implementation.

Data governance vs. data management

Data management is the development, execution and supervision of plans, policies, programs and practices that deliver, control, protect and enhance the value of data and information assets throughout their lifecycles (DMBoK, 2017, p.17). So, while data management encompasses the broad practice and processes relating to an organisations data, data governance activities exercise authority and control over these data management processes through planning, monitoring and enforcement. Data governance guides and controls an organisations data management practice.

Therefore, data management and data governance are two separate yet interdependent activities, both of which symbiotically exist to ensure an agency can derive the maximum benefits from its data and information holdings.

Data management vs. data governance. Adapted from an image contained in the Data Management Body of Knowledge p.72.

Data governance is important because it is the mechanism by which agencies can oversee, monitor and control the effective lifecycle management of their data. It is also an indispensable tool to mitigate the risks associated with data misuse while maximising opportunities to realise the full benefit of agency data. Specific benefits accruing from implementing effective data governance are outlined below.

Enabling effective data lifecycle management

• Ensures an agency manages data as an asset through all phases of its lifecycle
• Allows authority and control over data in a planned and structured way
• Provides oversite of all other data management activities
• Provides a mechanism for stakeholders to be heard and participate in the governance process
• Minimises the likelihood of data silos developing, and the costly integration solutions required to address them
• Enables agencies to become data driven (i.e. proactively considering data as part of strategy development, program planning and technological implementation)
• Ensures agencies maximise the value of data and deliver benefits to Queenslanders, particularly in relation to creating customer focused services free from privacy breaches
• Underpins good business decisions potentially based on insights gained from analytics
• Maximises opportunities such as innovation, insights, data driven transformation and prioritising workloads
• Effective data governance assists in making data accessible, secure and trusted
• Facilitates appropriate access to data so that the right people have access to the right data at the right time
• Ensuring data is managed in accordance with polices and best practice
• Defines how people and processes are expected to behave in relation to data
• Informs appropriate and reliable data use, release and reuse practices
• Manages the risks associated with data misuse including:
• inefficient and inconsistent practices resulting in poor decision making
• legislative non-compliance and data breaches
• ad-hoc decision making and unreliable analytics based on poor metrics
• missed opportunities for appropriate re-use (both within and across agencies)
• Supports both data security and privacy protection

Maximising the value of data and information

• Enables agencies to become data driven (i.e. proactively considering data as part of strategy development, program planning and technological implementation)
• Ensures agencies maximise the value of data and deliver benefits to Queenslanders, particularly in relation to creating customer focused services free from privacy breaches
• Underpins good business decisions potentially based on insights gained from analytics
• Maximises opportunities such as innovation, insights, data driven transformation and prioritising workloads
• Effective data governance assists in making data accessible, secure and trusted
• Facilitates appropriate access to data so that the right people have access to the right data at the right time

Facilitating risk management and compliance

• Ensuring data is managed in accordance with polices and best practice
• Defines how people and processes are expected to behave in relation to data
• Informs appropriate and reliable data use, release and reuse practices
• Manages the risks associated with data misuse including:
• inefficient and inconsistent practices resulting in poor decision making
• legislative non-compliance and data breaches
• ad-hoc decision making and unreliable analytics based on poor metrics
• missed opportunities for appropriate re-use (both within and across agencies)
• Supports both data security and privacy protection

The central premise of data governance is that data is governed for the sake of the business - it is therefore crucial that the business plays a central role in its development. This will help ensure that an appropriate level of governance is implemented which helps rather than hinders the desired business outcomes. Specific data governance drivers for your agency may include:

• Legislative compliance: in some cases, legislative requirements determine how agency data must be managed, particularly in relation to data privacy and protection.
• Alignment with W-o-G strategic direction: initiatives such as Our Future State require agencies to be data driven and able to demonstrate outcomes based on reliable data and repeatable techniques.
• Strategic and corporate requirements: aligning how data is governed with broader governance requirements and agency strategies and policies
• Trust: data governance helps to build trust in the data and assurances that it is being accessed and used appropriately
• Data availability: data that is trusted, secure and available to approved users when its needed in the format required
• Repeatability and reuse: ensuring that the same data problems don't keep arising to be dealt with separately by each new project or business unit
• Creating a holistic view of agency data: regardless of where data is stored (e.g. cloud or on premises, database or data lake)

Data governance is not an end to itself and is not a set and forget activity. Any data governance policy should be driven by the business needs of your agency, clearly aligned with its strategic and business plans and compatible with the cultural context. It may not be necessary to adopt a new approach  if governance is well developed in other areas, then the principles can be applied to data. Data governance should take into consideration organisational and cultural issues as well as any specific data challenges and opportunities.

When planning your approach, don't forget to factor in some soft skills which will help to ensure that stakeholders understand the benefits of data governance as well as their role in the process. This may include fostering collaboration between data stewards, policy and process owners, IT staff and of course the business. It is also important to consider change management and leadership sponsorship to address cultural challenges and potential pockets of resistance. Both the selected approach and the data governance strategy itself need to be adaptable to keep pace with changes and remain relevant in a rapidly evolving environment.

The core components of effective data governance comprise the following elements, prioritisation of which will be dependent upon your agency's unique business requirements:

• Strategy: defining, communicating and driving execution
• Policy: setting and enforcing policies such as data and metadata management, access, usage and security
• Standards: setting and enforcing data quality and architecture standards
• Oversight: review, audit, monitoring and improvement of quality, policy and management
• Compliance: meeting regulatory and policy compliance requirements
• Issue management: identifying, defining, escalating and resolving data issues
• Data management projects: efforts to improve data management practices

Further information regarding these elements can be found in section 7.5 Plan your data governance response.

Implementing a data governance process can seem like a daunting task for any organisation. Data related problems are potentially numerous, business drivers can be diverse, executives may not understand the value of data and the resources (both human and financial) are likely to be limited.

As with many large and complex projects, the key to success is to start small, address a well-defined business problem, build on your achievements and take an incremental and repeatable approach. This should allow you to prove the value of the selected data governance approach to the business (and executive) without trying to implement an approach which overreaches existing skills, resources and organisational capabilities.

An approach that first seeks small, tactical wins that make a difference to the business, then iterates to scale up from there (with the ultimate aim being enterprise wide data governance) provides the greatest chance of success. To support this guideline and demonstrate the implementation process, a number of scenarios have been developed to demonstrate how data governance may be established to suit a variety of circumstances.

The diagram provides an overview of the process of implementing data governance outlined in this guideline.

The key to implementing successful data governance is to tie it closely to a specific strategic business problem whose resolution can bring tangible benefits to the organisation in the short term. It is likely that most organisations will have a long list of these type of problems to choose from. Typically, there are three stakeholder groups within your agency who can help identify and define data related opportunities:

Business users

Because business users work closely with data and systems on a daily basis, this group is likely to be a rich source of business-related data issues and opportunities which can be used to formulate an initial data governance strategy. Business users will be intimately familiar with what data is involved in the process, how it is managed and used within the organisation and also an awareness of the key stakeholders involved. They are also likely to be able to clearly articulate current issues or opportunities, as well as some potential solutions which could be employed.

Information management, technology or other specialist staff

These groups work closely with data, information, technology, legal, risk or security related issues across the agency and therefore may have insights into broader data related issues and opportunities. Information management, information technology and specialist staff have probably been called upon by business users to address some of the issues in question, and therefore may also have a detailed understanding of the problem or opportunity at hand.

Executive leadership group

The Executive leadership group is likely to see data related issues from a higher level or strategic perspective. Because part of their role is setting the strategic and policy direction of the organisation, they are well placed to see the linkages between business and data priorities and identify areas where an improvement in data governance may assist in achieving an organisations strategic objectives. In addition, the Executive leadership group has a role in managing risk and determining the overall risk tolerance of an agency, which can assist with the identification of data related opportunities. Issues identified by this group are likely to achieve strong support from the outset.

Identifying key business drivers will add additional context to the business problem or opportunity and facilitate the development of targeted data governance activities. Some key business drivers may include:

• increasing operational efficiency
• a strategic desire to become a data driven organisation
• compliance with policy and legislation
• deriving insights from analytics to make better operational and strategic decisions
• reducing costs due to lost or duplicated data
• to support the achievement of broader agency digital strategies.

Once a suitable problem has been identified, and the business drivers for rectifying that problem are well defined, it is useful to undertake a current state or maturity assessment of data practice in order to understand the environmental context in which the problem is occurring. Not only does this identify focus areas for your data governance practice, but it may also help identify areas where your organisation has existing skills, capabilities or resources which can be leveraged as part of the implementation process.

For example, if your agency has experienced information asset custodians or well-established governance bodies in place, then these resources should be incorporated into your broader data governance initiative, rather than developing a new set of roles, processes or committees. There is no need to re-invent the wheel when existing resources can be re-used or re-purposed to support data governance objectives.

Depending on the business problem which has been identified and the associated business drivers, a current state assessment may involve developing an understanding of:

• the nature of the opportunity or problem
• the key stakeholders involved or that are required to be involved
• what systems, applications, data and business processes are involved
• the capabilities and skillsets of staff available to support data governance objectives
• data holdings across the organisation  including their strengths and weaknesses
• what existing governance structures are in place including roles, responsibilities and escalation paths
• the broader skill set of staff

Now that you understand the business drivers, the data related business problem or opportunity and the context in which it occurs, it should be clear which data management activities to prioritise in order to have the greatest impact on your organisation. Because data flows through business processes, units and systems, these activities do not happen in isolation (either from each other or from organisational functions) and therefore it is likely that you will need to action more than one focus area to address your business problem. The critical step is to understand which focus area/s will provide the greatest value and prioritise accordingly.

• Data quality is concerned with implementing techniques to improve the quality (e.g. completeness, consistency, conformity, accuracy, integrity and timeliness) of data to ensure it is fit for its intended purpose. For more information see the Information quality framework guideline.
• Metadata management ensuring that data is comprehensively and consistently defined allowing both technical and business users to locate, understand and appropriately use data and information. For further information see the Metadata management principles.
• Data Warehousing and Business Intelligence (BI) - is about managing data that supports business decision making and increasing the value of data through improved analysis and reporting.
• Reference and Master Data creating and maintaining a core shared data repository (single source of truth) for use across critical business systems.
• Document and Content Management the lifecycle management of unstructured data and information to support legal and regulatory compliance. For further information see the Records governance policy.
• Data integration and interoperability processes to facilitate data consolidation and movement between systems, applications and business units.
• Data security assessing the confidentiality, availability and integrity of data and ensuring that it is appropriately accessed and used. For further guidance see the Information security policy (IS18:2018).
• Data storage and operations maximising the value of stored data and supporting its lifecycle management from planning through to disposal.
• Data modelling and design creating conceptual representations of data objects and their relationships using formal techniques to promote consistency and help implement business rules.
• Data architecture defining overall data requirements and providing a strategic blueprint for meeting these requirements.

The data management activities you implement to address the business problem or realise the identified opportunity will be dependent upon the information you have gathered as a result of conducting the preliminary activities outlined above. In addition, other factors, such as agency risk appetite, strategic direction, funding availability, organisational culture and executive support may directly influence what can and will be done to address the identified business problem.

Regardless of which focus areas have been selected to address the identified data related business problem, it is essential that a data governance component be implemented as part of the response. The structure, guidance and authority provided by data governance practice will ensure that any action taken will have the best chance of success.

Importantly, it is this data governance approach, developed to oversee a set of defined data management activities in relation to a specific business problem that can potentially form the basis for an organisation wide data governance practice, once it has been refined through subsequent iterations and expanded to cover additional data management activities. Data governance should not be a project-based activity  the aim should be to embed it as normal, everyday practice within an organisation. The following section outlines the core components of data governance which may assist your initiative to achieve its data related outcomes.

A data governance program will provide guidance, cultivate data ownership and facilitate cultural change under the direction of an executive level sponsor through the components outlined below.

Strategy

This includes alignment with the overall data strategy of the organisation and where necessary incorporating ethical data handling and analysis. The development of appropriate metrics to facilitate measurement of success should be included as part of any strategy. Data governance oversees the execution of this strategy and plays a role in communicating the importance of data to staff at all levels. Strategy is an effective tool to champion the change to becoming a data driven organisation.

Policy

Policies are about setting and enforcing data related activities such as metadata management, access, use, quality and security. Policies should not only focus on achieving an agency's business goals but should also align with broader W-o-G data strategies. Leverage existing agency polices and roles where possible.

Oversight and compliance

The terms of reference of oversight and compliance should be outlined as part of the overall data strategy. Oversight and compliance will ensure requirements are met through audit and measurement of overall data management activities against clearly defined metrics.

Standards and quality

This may include defining quality rules and metrics (e.g. is the data fit for its intended purpose?) and architecture standards as well as data models and determining requirements for data dictionaries (for examples of data dictionary templates see HPW data dictionary and QUT data dictionary - government employees only) and business glossaries.

Issue management

This includes identifying, defining and resolving data management issues. Data governance facilitates the resolution of data-related issues by providing a clear escalation path, including defining relevant roles and their associated responsibilities.

Data management projects/initiatives

These should be business driven and may be identified throughout project implementation or as part of the current state analysis. Projects and initiatives should be prioritised by the data governance oversight body. They can be used to expand data governance incrementally throughout the organisation as well as providing learnings which can be fed back into the overall data strategy.

Similarly to the data it is designed to control, data governance activities must be fit for their intended purpose there is no one size fits all approach. Too few controls may mean poor oversight and lack of co-ordinated data management activities which increases risk exposure and the likelihood of failure in achieving the desired outcomes. Too much data governance may result in an over resourcing of both human and financial capital, which creates the perception of data governance being an expensive overhead that delivers limited value.

To determine how much data governance your data management initiative requires, your plan has considered how many people, business units, datasets and systems are involved, the sensitivity of the data and whether there are existing governance processes and bodies which can be leveraged. It is now time to operationalise your plan and start governing the data. This requires monitoring, control and evaluation of the data management activities by the people, processes and governance bodies outlined during the planning stage.

An important part of the implementation project is measuring outcomes against the metrics developed during the planning phase. This helps not only to demonstrate the value of data governance to the organisation, but also track compliance against data governance requirements and measure the progress of the initiative. Recognising that data governance implementation is likely to involve significant cultural and organisational change, implementation should also include ongoing change management and communication activities to influence the required behavioural changes.

How an organisation conducts its data management depends on its goals, size, resources, complexity and the perception of how critical data is to support its overall strategy. Most organisations perform data management activities to some degree but do not perform activities in all of the focus areas identified in this guideline. However, understanding the wider context of data management and the role that data governance plays in its success, will enable organisations to make better decisions about where to focus limited resources for the best outcomes.

Data governance is necessary in order to control data effectively for a clear business purpose, as well as to instil an organisation wide focus on data. Choosing the best governance practices to address your particular business problem, selecting the right team members, and ensuring continued compliance with policies and procedures are the foundation for building an effective and successful data management practice.

The process outlined above is aimed at assisting your organisation to develop effective data governance over a set of specific data management activities, related to a defined business problem which will provide a solid foundation upon which to build an organisational-wide governance practice. Each organisation will need to address its own unique situations and organisational challenges, but the steps presented here represent a coordinated approach to the establishment of effective data governance.

Define the problem:

The Assistant Director-General of an agency has requested that a data strategy be developed to guide how data is used within a particular division in order to understand current and future demand for licencing and permit services and their associated costs. However in the process of developing the strategy, it was identified that existing data management issues would need to be addressed. These included low maturity of data management practice and an absence of data governance across the division.

Identify business drivers:

Because this initiative is Executive led, the business drivers are closely aligned with achieving one of the key business outcomes for the agency  more efficient and effective licencing and permit services for the people of Queensland. From a business perspective, it was identified that significant savings, both in time and effort could be realised by amalgamating data from disparate systems and undertaking data analysis to derive insights and inform decision making.

Analyse current state:

A decision was made to hire external consultants to develop a maturity assessment to assess data practices, skills, processes, systems and governance in relation to the licencing and permit process. Although the maturity assessment was initially to be conducted in relation to a discrete business unit, additional business units were flagged for inclusion in future projects. Taking a small and iterative approach, with clearly defined outcomes linked to a single business process with well understood limitations was deemed to be the best way to develop a divisional data governance proof of concept which could then inform future data governance activities across the agency.

Identify focus areas (i.e. Data management activities):

In order to realise the business requirement of enabling the licencing and permit division to become more data driven, a key action of this project was to establish a data warehouse to facilitate analytics. However, the maturity assessment conducted as part of the current state analysis identified that data was not always consistently security classified, and therefore data security issues also needed to be addressed as a matter of urgency. The activities required to address these focus areas may include:

Data warehousing:

• Develop appropriate architecture based on business requirements
• Define relevant business and technical processes
• Determine which datasets will be included in the data warehouse.

Security:

• Identify data security requirements based on relevant legislation (including the Information Privacy Act) as well as the Information security policy.
• Update agency information security policy and divisional work instructions and implement training
• Implement appropriate controls including access, authentication and auditing.

Plan your governance response:

In order to monitor and control the activities outlined above, the agency has decided to implement a localised data governance program, which will predominantly leverage existing resources. Fortunately, the agency has a well-established network of Information asset custodians who work closely with the relevant data and are well skilled in data related problem solving. There is also a strong divisional Senior Executive Leadership Team, chaired by the ADG which will act as the Data Governance Committee for this initiative. Ensuring learnings from this initiative could be scaled as required in the future, the Data Governance Committee engaged and consulted broadly as part of the divisional data governance implementation.

The Data Governance Committee, in close consultation with the relevant Information asset custodians have developed a roadmap which outlines how a targeted program of improvements will address each of the focus areas. These have been clearly linked to the broader strategic aims of the agency and the ADG has clearly demonstrated and articulated her support of the project. A review of existing information security polices, processes and training has been included in the roadmap. Consultation in relation to these polices was limited to those required for the scope of the implementation but care was taken to integrate with the existing policy development process. Key stakeholders, including data producers and users, have been identified and linked to each improvement initiative, and a communication plan has been developed to ensure all stakeholders are aware of their responsibilities. A process for managing and escalating issues in relation to the initiative has also been developed and communicated.

Govern your data:

The Data Governance Committee tracks progress of the initiative against the tasks and timeframes identified in the roadmap and deals with any issues referred to it as a result of the documented escalation process. Issues for escalation are determined by the Data Working Group (comprised of information asset custodians) which meets regularly. The Data Governance Committee oversees the progress of the initiative as a whole, but also plays a role in reviewing and endorsing the updated security policies and procedures produced by the Data Working Group. Once endorsed, the resulting policies and procedures were passed onto the ICT Steering Committee who have the delegation to approve these types of polices. The Data Governance Committee was also responsible for approving the business requirements and architectures for the new data warehouse once they had been developed and endorsed by the project board.

In addition to oversite of the initiative, the Data Governance Committee is also responsible for reporting on its progress to senior management, documenting lessons learnt for incorporation into the next data governance program of work and identifying additional opportunities for improvement. At the end of the project, data governance activities include a reassessment of the new current state against the original maturity assessment in order to measure improvements. Once the data warehouse and new security policies were implemented, the Data Governance Committee retained overall oversite of the process and remained instrumental in relation to issue resolution and prioritising additional improvement activities.

Define the problem:

Following a high-profile service delivery failure which led to significant reputational damage to an agency, a review to better understand the root cause of the failure was instigated. The review identified that poor data management practices across the agency significantly contributed to the failure. As a result, the agency commenced a broad programme to improve agency wide data management and governance practices.

Identify business drivers:

The primary business driver of this initiative was to increase operational efficiency and reduce the risks associated with lost, duplicated and poor-quality data. To achieve this, it was recognised that mature data governance practices would be crucial in setting standards, assigning roles and responsibilities as well as facilitating the cultural shift required to recognise and value data as an agency asset.

Analyse current state:

The Office of the Information Commissioner (OIC) had recently conducted a self-assessment audit into information management maturity of Queensland government departments, and provided analysis to each department on their individual assessment outcomes. A decision was made to use this as the primary tool to understand the current state of data management and governance practices of the agency. This material was supplemented with reports and statistics generated by the agency's information management unit over several years, which helped to identify key stakeholders, applications and business issues regarding data and information management practices.

Identify focus areas (i.e. Data management activities):

The primary focus area for this department was to improve data quality across the agency to ensure that all data was fit for its intended purpose/s. Having a known source of truth for use across key systems was also identified as an opportunity for reform. Therefore a decision was made to address reference and master data, in addition to data quality, as part of initial data governance implementation. Some of the activities required to address these two focus areas include:

Data quality:

• Defining what quality (i.e. fit for purpose) means for critical data sets
• Development of data quality policies, guidelines and training
• Implementing metrics to measure improvements in data quality.

Reference and master data:

• Validation of data definitions
• Adopting appropriate standards, implementing common data models and integration patterns
• Defining the overall architectural approach
• Publishing reference and master data.

Plan your governance response:

Because the data quality issues exist across many business units, a decision was made to take a federated approach to data governance. This resulted in the establishment of one data governance body coordinating activities conducted within individual business units. The benefit of this approach was that implementation of data governance could be staggered across business units according to operational readiness and organisational priority.

The overarching data governance body (drawn from senior executives from each key business unit) was tasked with developing the initial data governance strategy. Ensuring that any outcome sought in this data governance strategy aligned with broader agency objectives, the final strategy outlined several actions that were required to establish data governance practice with the agency. These included defining what policies/standards were required to be adopted, the prioritisation of compliance activities, sequencing of actions to support the achievement of the desired outcomes and ongoing monitoring and oversight of the process.

Due to the size of the organisation and the complexity of the data landscape, a decision was made to incorporate an additional layer of data governance at the divisional level. Each division established a Data Governance Council to co-ordinate and manage local data governance initiatives, in accordance with the strategic direction set by the overarching data governance body. A key responsibility of the Data Governance Councils was the development and approval of business glossaries. Issues which could not be resolved at the local level were to be escalated to the overarching data governance body for consideration and resolution.

In addition, a Data Governance Community of Interest was implemented to promote the importance and understanding of data governance across the organisation and share learnings and opportunities.

Govern your data:

An implementation roadmap illustrating the timeframes for each activity and the relationship between activities was developed to ensure effective co-ordination and staging of activities. The overarching data governance body, while accountable for oversight of the entire program of work, allocated responsibility, authority and control of divisional projects to the Data Governance Councils which provided a true federated data governance operating model.

After a defined period, a reassessment was conducted of the agency's data management practices against all dimensions of the initial OIC information management maturity model. Any changes to overall data management maturity were identified and reported to senior executives of the agency and used to inform further strategic planning activities for data management and governance within the agency.

Define the problem:

An independent review of a cross-agency service delivery event found several issues concerning the way Queensland government agencies co-ordinate their activities to deliver a service to the community. One of the recommendations of the review was to implement more efficient and effective cross agency data sharing practices.

Identify business drivers:

The review nominated a lead agency which was tasked with co-ordinating the review of current data sharing practices and implementing a cross agency working group to examine other relevant issues identified as part of the review. The working group was to focus on increasing operational efficiency in the service delivery domain context, in addition to delivering against whole-of-government strategic priority.

Analyse current state:

Fortunately, the review provided clear insights into the nature of the problem as well as identifying key stakeholders and the systems, applications and datasets involved. This information was supplemented by additional agency-sourced information including staff capabilities, data strengths and weaknesses and existing governance processes which had recently been assessed using the QGCIOs Information management maturity development resource guideline. Therefore, both the agency and cross agency current states were well documented and understood from the outset.

Identify focus areas (i.e. Data management activities):

The working group, whose members were drawn from each of the participating agencies, identified that while individual agency data management process were relatively mature, cross agency data integration and interoperability was the major area that required mediation to address the recommendations of the review. In addition, to enable integration and interoperability, the management of metadata was also identified as requiring attention in order to better understand the relevant data. Therefore, the activities required to address these focus areas potentially include:

Data integration and operability:

• Defining requirements for data integration
• Understanding data lineage
• Documenting data flows
• Drafting appropriate data sharing agreements.

Metadata management:

• Understanding business and technical requirements
• Implementing consistent metadata standards
• Ensuring interoperability between standards
• Integrating and distributing metadata.

Plan your governance response:

In order to monitor and control the activities outlined above, a decision was made that two separate governance groups would be required, both of which were to be drawn from all participating agencies. The first group was the Data Steering Committee which was comprised of decision makers who held a level of delegation within their agency which enabled them to resolve issues and implement change. The second group was a Data Governance Council comprised of key agency staff who would work more closely with both the data and stakeholders to oversee integration and metadata solutions in close consultation with business users. Alignment of activities to the cross-agency service delivery objectives was a core focus for both groups.

Because of the high-profile nature of the review which had been conducted, a decision was made to formalise the data governance approach by documenting it in an overarching Data governance strategy which was endorsed by all participating agencies. This document defined the success criteria (including metrics) for the initiative including roles and responsibilities, activities, timeframes, standards and procedures, process changes, compliance activities and escalation paths. Recognising that cultural change was instrumental to the success of the project, the data governance strategy was endorsed by key executives in each agency. Both data governance groups were also provided with professional change management and communication support. The Data Steering Committee ensured that communication regarding the initiative was provided regularly to all participating agencies and that messaging was consistent.

Govern your data:

The Data Steering Committee tracks progress of the entire initiative against the timeframes identified in the data governance strategy and deals with any issues referred to it as a result of the documented escalation process. It also ensures that communication regarding the progress of the initiative is provided regularly to all participating agencies and that messaging was consistent. The Data Governance Council tracks individual projects against the overall initiative and provides quality assurance of outcomes. Any Issues which could not be resolved by the Data Governance Council are escalated for action by the Data Steering Committee.

In addition to oversight of the initiative at hand, the Data Steering Committee is also responsible for reporting on the progress of the initiative to senior management within each agency as well as the broader cross agency working group which are co-ordinating the response to the review. At the end of the project the cross-agency data steering committee continued to play an important oversight role in relation to the ongoing review and maintenance of data maturity and quality as well as issue resolution and broader agency engagement and consultation.