Resources
Business Data Governance (BDG) Quick Assessment
This high-level assessment seeks to capture your subjective and honest evaluation of where you see your organisation’s current Business Data Governance maturity levels with respect to the statements presented. Entity will provide considered feedback on the outcome and our recommendations for the way forward. To get more value out of this assessment, we would strongly recommend that you get three or more of your colleagues to do the assessment (all on the same day if possible) … More scoring always produces better insights. Entity will then anonymously aggregate the scores in the feedback report.
The assessment statements are grouped and each relate to one of the following governance dimensions:
Data Ownership – The formal assignment and acceptance of ownership and accountability by line-of-business management for governing the purpose/meaning, quality, security, compliance, access, usage, sharing and control of data under their management
Data Definition/Description – The defining of each data attribute and concept in terms of its meaning, business purpose and relevance, normally in the form of a business glossary or similar artefact
Data Quality – The development of overarching policies and the setting of quality standards & targets for all key data – and executing on this to ensure that all data created (or procured), modified and analysed conforms and is accordingly fit for purpose
Data Security & Access – Governing the access to, and security of data and maintaining user profiles and access rules. IT accordingly implements and manage these on behalf of business
Regulatory Compliance – Governing the compliance readiness of personal data and related transaction data with respect to compliance with the requirements of personal data protection & privacy and commercial consumer protection legislation and regulations
Usage and Sharing – The governance by business of the correct usage and sharing rules and protocols of data according to its classification and business and information needs
Data Control – The degree of awareness and management exercised on the impact on data by changes to systems and/or processes, and how issues around trust, quality, single-view, content, context and validity of data is managed and resolved.
CMMI Scale
Please familiarise yourself with the BDG CMMI scale below before starting the assessment – this will provide more context to your considerations.
Scoring
Apply your mind to each statement and score where you think your organisation currently presents relative to that statement. Should you assess that the score is between two levels then select both the lower and higher of these levels.
| CMMI Level | CMMI Reference Table |
|---|---|
| 1. Initial | Maturity/Capability: The adoption of standard processes and the existence of data related policies and procedures is often ad hoc or non-existent. The business ownership of data, the definition of data and the management of data quality is informal and addressed sporadically if at all. The rules governing data usage and sharing are intuitively in place (more a natural outcome of role assignment etc.) but not governed in any way. Success is normally attained through individual effort and experience and issues around data quality for example are dealt with on an ad hoc basis. Extent/Evidence: Little to none, strongly disagree, very weak. |
| 2. Repeatable | Some formality in processes and roles, outcomes and processes are sometimes audited and consistency in processes, outcomes is frequent. Successful outcomes more dependent on communal knowledge and forums. Some governance processes are in place. Extent/Evidence: Some or more but in silos, disagree, weak in many case. |
| 3. Defined | Maturity/Capability: Governance and policies are in place and enforced across the enterprise. Data Management (by IT) is well formalised and controlled and aligned to business data governance requirements. Business data ownership, quality standards and a business data glossary is in place – data access and security is in place and compliance to POPIA/GDPR and other regulatory requirements is in place. Extent/Evidence: Mostly or always across the organisation, agree, fairly strong overall. |
| 4. Quantitatively Managed | Maturity/Capability: Everything in level 3 is in place and is being quantitively measured and managed. Business is being held accountable for data ownership, data definition, regulatory compliance and actively managing the rules around data quality, data security and access, data usage and sharing and control. Extent/Evidence: Definitely across the organisation, strongly agree, strong overall, fully evidenced. |
| 5. Optimising | Maturity/Capability: Level 4 is fully attained and the culture and DNA of the organisation is to seek continuous improvement and repeatable excellence in data across all governance domains. Extent/Evidence: Manifest in operational culture, totally agree, fully inclusive, continuously seeking improvement, absolutely true. |