A question was recently posted on a Kalido Blog “A Brief History of Data Governance” written by Winston Chen back in 2010. The question posed by “neha” asks: “How long does it take to come up with a strong data governance policy in the organization?”
The short answer here is that there is no “right” answer. There are so many variables that play significant roles in the efficiency, effectiveness, and adoption of data governance and associated policies that no accurate estimate can be given without gathering a great deal of information. Some of those variables may be small and subtle while others are monumental in their influence. Take some of these for example:
- Organizational dynamics and readiness for data governance
- How process oriented is the organization to be impacted
- How broad reaching is the policy
- How are you defining a policy: as a broad generalized set of principles or with a level of specificity including quality standards and validations or somewhere in between
- How many people are involved in the creation of the policy (across how many aspects of the company)
- Are the right people involved in making the decisions regarding the policy content
- Is the policy being created to make a current practice more formally established or is it to cause sweeping business process changes
- What is the perceived criticality and urgency of the policy
- Is the policy being created in response to a legal mandate with specific parameters already defined or are you starting with a blank slate
- Can the benefit of policy compliance be easily conveyed to those impacted
The list of questions goes on and on, and I’m sure that those that have lived and breathed in this space have their own list of questions and variables to contribute. But, I don’t think that there is much argument that before setting out to create a data governance policy, an effort should be undertaken to assess the organizational readiness to adopt data governance policies. Creating policies for policy sake can end up being an exercise in futility if the culture of the organization isn’t ready to accept the level of governance being put forth and the subsequent procedural changes that come along with it.
In my own experiences, I have seen from one extreme to the other and many points in between. Some organizations are very governance-oriented and thus policy creation, implementation, compliance and enforcement are part of the everyday culture, have a well-defined process for their creation and see policies simply as a cost of doing business. Others rely on tribal knowledge, self-policing, and loosely-defined practices and thus have almost no capability to agree on what a policy should contain.
I realize that this doesn’t provide a direct answer to neha’s question, but I hope that it provides some guidance on what to consider before attempting to assemble a working group and determine how and how long to expect to take to create a data governance policy.