Intelligence and compliance ­depend on data governance

June 2018 Editor's Choice, Information Security, Security Services & Risk Management

Data governance is nothing new, it is simply the process of managing your data in a way that is convenient and accessible to you. Data governance is why a company sorts its documents alphabetically in a filing cabinet or buys a CRM (customer relationship management) system to manage its customer data.

Gartner defines data governance as: “The specification of decision rights and an accountability framework to encourage desirable behaviour in the valuation, creation, storage, use, archiving and deletion of information. It includes the processes, roles, standards and metrics that ensure the effective and efficient use of information in enabling an organisation to achieve its goals.”

Today, data governance is also increasingly being forced on organisations and even individuals by legislation designed to ensure the safe and legal capture, storage and use of data. Unfortunately, the growth of data in all its forms caused data governance to become increasingly complex, to the point where it is a skill in itself.

Maureen Grosvenor.
Maureen Grosvenor.

APPSolve is a technology consultancy offering advisory and technology services to clients, including in the business intelligence (BI) space. APPSolve director, Maureen Grosvenor, says that over the years the company has been in operation, it has always included data governance in its services as it’s a necessity if you want to obtain good BI from your data.

Of late, however, Grosvenor says governance has become a service on its own because of the amount of data companies collect and the challenges in structuring it in a way that delivers value. Data governance is not simply a technical issue, but more of a business issue that requires planning and strategising to ensure your data is collected, stored, accessed, archived and deleted in a manner that supports the business and meets legal requirements.

It’s an asset

Data today is no longer seen as something you collect while doing business, but most companies recognise the ‘gold mine’ they have in their data and see it as an asset. How you handle this asset will impact on the performance of your company as it relates to running the business, and impacts customers, staff and suppliers. The old cliché of ‘garbage in, garbage out’ is more relevant than ever, and the consequences of ‘garbage data’ today translates directly to the bottom line.

APPSolve’s Tessa Lillie, who is currently doing a PhD in data governance, explains that there are different approaches to governance. In the financial market, for example, the primary goal may be regulatory compliance, which has been a growing challenge since 2008 when the Basel Accord regulations were updated (known as Basel III).

And while the Basel III stipulations go far beyond data governance, the risk management demands require effective management of financial companies’ data. And to repeat, while IT plays a large role in data governance, the technology must be led by business-risk considerations.

Lillie says data governance requires a strategy, approved by the highest ranks in the company, that determines how data is used in an integrated manner across the board in the organisation. In most companies this does not exist and each department will have its own silo of data that it collects and uses for its purposes. The starting point for data governance is therefore finding out what data you have, what format it is in, and then devising a strategy to integrate it and manage it effectively.

Getting it done

The process of implementing your data governance strategy is far from simple. As noted, each company has various silos of data, some structured and therefore easier to manage, and some unstructured. Unstructured data could be the data individuals store in spreadsheets on their computers, or it could be social media data collected to determine market trends, for example.

The initial discovery phase should be used to find all of it, decide what data is important to the business and then work out ways to ‘clean’ the data and integrate it into a better and more manageable solution. By cleaning data, we mean getting your data consistent. For example, ensuring that city and customer names are spelled correctly, that identity numbers all have 13 numbers that correspond to the official structure of these numbers and so on.

Grosvenor adds that you can’t do it all, meaning that unless you are a small company, you can’t incorporate all the data in a business in the governance project. You have to decide what is necessary and required and start with that. Perhaps one could start on financial systems and the related data and ensure it is all 100% before moving onto the next department?

This, according to Lillie, means it is vital that you understand the value and meaning of the data to your business. The data architecture designed should then marry the data’s value to the business requirements while also tying the technology used to the business value attainable from the information.

A key element of data governance is not simply to make the data look nice at one particular stage of the company’s existence, but to align business and IT to ensure that data collected in the future will be captured and treated according to the new rules – data governance is a huge project and you don’t want to have to start at the beginning every few years. This means aligning the strategic, tactical and operational levels of your data strategy and keeping them aligned.

As an example, she says that companies often have a well-managed database of information, but then someone would pull data from the database to populate a spreadsheet they are working on. Data would be changed or added, but not updated back to the main data store, leaving two sets of different data – starting the problem all over again.

Everybody needs a data governance strategy

While the financial industry has its own set of regulations it needs to comply to, the same can be said for every company in South Africa that collects information. The GDPR, for one, requires every company dealing with EU residents to have a handle on their data to ensure the personal data of residents is secured according to the legislation’s guidelines.

On the local front, the Protection of Personal Information Act (PoPIA) will also require similar data standards to be in place, and these rules apply to everyone in South Africa (as well as juristic persons) and failure to observe them can result in stiff fines or even incarceration.

Unfortunately, Grosvenor notes that PoPIA is going to be a data wake-up call for many South African businesses as they discover how out of control their data governance processes actually are. In fact, some companies may choose to pay the fines as they would be less than the cost of getting their data under control (did we mention that data governance is a huge task?).

On a journey

Grosvenor concludes that data governance is not a simple project, but a journey. The more data you have stored in different places and formats, the tougher the process will be. The key is to devise a strategy and get on with it. You may not get it all done at once, but you need to start and follow a strategic process to get it done over time, ensuring that the wins you have attained are maintained as you integrate new data and data sources.

For more information, contact APPSolve, +27 (0)12 743 5115, enquiries@appsolve.co.za, www.appsolve.co.za



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Digital transformation in mines
NEC XON Technews Publishing Mining (Industry)
Digital transformation has been hyped to death, but is a reality all companies in all industries need to address, including the mining sector. BCX and NEC XON weigh in on the challenges mines face.

Read more...
Fire safety in mining
Technews Publishing Mining (Industry)
Clinton Hodgson, Head of the Industrial Fire & Life Safety Division at FS Systems International, provides SMART Security Solutions with his insights into fire safety risks and solutions as they pertain to the mining industry.

Read more...
Cybersecurity in mining
Technews Publishing Mining (Industry)
One does not usually associate mining with cybersecurity, but as big technology users (including some legacy technology that was not designed for cyber risks), mines are at risk from cyber threats in several areas.

Read more...
Data security and privacy in global mobility
Risk Management & Resilience Information Security
Data security and privacy in today’s interconnected world is of paramount importance. In the realm of global mobility, where individuals and organisations traverse borders for various reasons, safeguarding sensitive information becomes an even more critical imperative.

Read more...
Sophos celebrates partners and cybersecurity innovation at annual conference
News & Events Information Security
[Sponsored] Sun City hosted Sophos' annual partner event this year, which took place from 12 to 14 March. Sophos’ South African cybersecurity distributors and resellers gathered for an engaging two-day conference.

Read more...
Mines require proof of performance
Technews Publishing Mining (Industry)
The relatively hostile environment and remote locations of mining establishments mean that any electronic/technical implementations have to be easily installed, require little or no maintenance and, once commissioned, require no adjustment.

Read more...
From the Editor's Desk: Something old and something new
Technews Publishing News & Events
      Welcome to the 2024 edition of SMART Security Solutions’ Mining Handbook. Mining is a challenging industry for security professionals, although security is a challenge on this continent, no matter your ...

Read more...
Enhance control rooms with surveillance and intelligence
Leaderware Editor's Choice Surveillance Mining (Industry)
Dr Craig Donald advocates the use of intelligence and smart surveillance to assist control rooms in dealing with the challenges of the size and dispersed nature common in all mining environments.

Read more...
A long career in mining security
Technews Publishing Editor's Choice Mining (Industry) Risk Management & Resilience
Nash Lutchman recently retired from a security and law enforcement career, initially as a police officer, and for the past 16 years as a leader of risk and security operations in the mining industry.

Read more...
A constant armed struggle
Technews Publishing XtraVision Editor's Choice Integrated Solutions Mining (Industry) IoT & Automation
SMART Security Solutions asked a few people involved in servicing mines to join us for a virtual round table and give us their insights into mine security today. A podcast of the discussion will be released shortly-stay tuned.

Read more...