Data Governance Glossary

Access Management
A discipline that focuses on ensuring that only approved roles are able to create, read, update, or delete data – and only using appropriate and controlled methods. Data Governance programs often focus on supporting Access Management by aligning the requirements and constraints posed by  Governance, Risk Management, Compliance, Security, and Privacy efforts.

Assurance
Activities designed to reach a measure of confidence. Assurance is different from audit, which is more concerned with compliance to formal standards or requirements.

Audit
An independent examination of an effort to determine its compliance with a set of requirements. An audit may be carried out by internal or external groups.

Audit Trail
A record that can be interpreted by auditors to establish that an activity has taken place. Often, a chronological record of system activities to enable the reconstruction and examination of the sequence of events and/or changes in an event. An audit trail of system resource usage may include user login, file access, and triggers that indicate whether any actual or attempted security violations occurred.

CRUD
Create, Read, Update, Delete. Used to describe access rights for data.

Change Control
A formal process used to ensure that a process, product, service, or technology component is modified only in accordance with agreed-upon rules. Many organizations have formal Change Control Boards that review and approve proposed modifications to technology infrastructures, systems, and applications. Data Governance programs often strive to extend the scope of change control to include additions, modifications, or deletions to data models and values for reference/master data.

Compliance
A disclipline, set of practices, and/or organizational group that deals with adhering to laws, regulations, standards, and contractual  arrangements. Also, the adherence to requirements. Data Governance programs often support many types of compliance requirements: Regulatory compliance, contractual compliance, adherence to internal standards, policies, and architectures, and conformance to rules for data management, project management, and other disciplines.

Control
A means of managing a risk or ensuring that an objective is achieved. Controls can be preventative, detective, or corrective and can be fully automated, procedural, or technology-assisted human-initiated activites. They can include actions, devices, procedures, techniques, or other measures.

Customer Data Integration
An approach to managing multiple records containing information about an organization’s customers. In this approach, instead of combining all information into a single repository, a combination of technologies, processes and services are used to align information in multiple repositories.

DGO
see Data Governance Office

Data Architecture
A discipline, process, and program focusing on integrating sets of information. One of the four Enterprise Architectures (with Application Architecture, Busines Architecture, and System Architecture). See also Data Modeling

Data Dictionary
A database about data and database structures. A catalog of all data elements, containing their names, structures, and information about their usage, for the benefit of programmers and others interested in the data elements and their usage.

Data Element
The smallest piece of information considered meaningful and usable. A single logical data fact, the basic building block of a Logical Data Model.

Data Governance
The exercise of decision-making and authority for data-related matters. The organizational bodies, rules, decision rights, and accountabilities of people and information systems as they perform information-related processes. Data Governance determines how an organization makes decisions — how we “decide how to decide.” See also Decision Rights.

Data Governance Framework
A logical structure for organizing how we think about and communicate Data Governance concepts.

Data Governance Methodology
A logical structure providing step-by-step instructions for performing Data Governance processes.

Data Governance Office (DGO)
A centralized organizational entity responsible for facilitating and coordinating Data Governance and/or Stewardship efforts for an organization. It supports a decision-making group, such as a Data Stewardship Council.

Data Mapping
The process of assigning a source data element to a target data element.

Data Modeling
The discipline, process, and organizational group that conducts analysis of data objects used in a business or other context,entifies the relationships among these data objects, and creates models that depict those relationships. See also Data Model.

Data Privacy
The assurance that a person’s or organization’s personal and private information is not inappropriately disclosed. Ensuring Data Privacy requires Access Management, eSecurity, and other data protection efforts.

Data Stakeholders
Those who use, affect, or are affected by data. Data Stakeholders may be upstream producers, gatherers, or acquirers of information; downstream consumers of information, those who manage, transform, or store data, or those who set policies, standards, architectures, or other requirements or constraints.

Data Steward
A person with data-related responsibilities as set by a Data Governance or Data Stewardship program. Often, Data Stewards fall into multiple types. Data Quality Stewards, Data Definition Stewards, Data Usage Stewards, etc.

Decision Rights
The system of determining who makes a decision, and when, and how, and under what circumstances. Formalizing Decision Rights is a key function of Data Governance.

Enterprise Architecture
Enterprise Architecture (EA) is a comprehensive framework used to manage and align an organization’s business processes, information technology (IT) software and hardware, local and wide area networks, people, operations and projects with the organization’s overall strategy. (DMReview definition) Enterprise Archiecture is often subdivided into four architectural domain: Application Architecture, Business Architecture, Data Architecture, and Systems Architecture. Other types of architectures (security, compliance, controls, etc.) may be considered as part of EA, or they may be aligned with EA. In some organizations, EA is primarily focused on Business Architectures and Business Process Management.

GRC
An acronym for Governance, Risk, and Compliance used often by management in financial institutions to acknowledge the interdependencies of these three disciplines in setting policy. See also GRC-SQ and Risk Management.

GRC-SQ
An acronym for Governance, Risk Management, Compliance, Security, and Data Quality, used often by Data Governance and Data Quality programs to acknowledge the interdependencies of these five disciplines in managing data.

IT Governance
ITGI (The IT Governance Institute) defines Information Technology governance as “the leadership, organizational structures, and processes that ensure that the enterprise’s IT sustains and extends the enterprise’s strategies and objectives.”

IT Infrastructure Library (ITIL)
A series of publications providing  Best Practice guidance for IT Service Management.

IT Portfolio Management
A key function of IT Governance, IT portfolio management is the formal process for managing IT assets such as software, hardware, middleware, an IT project, internal staff, an application or external consulting.

IT Service Management (ITSM)
The implementation and management of Quality IT Services that meet the needs of the Business. IT Service Management is performed by IT Service Providers through an appropriate mix of people, Process and Information Technology. (Baseline IT definition)

Information Architecture
In its broadest definition, a discipline, process, and/or program focusing on on the design and organization of data, unstructured information, and documents.In the context of Enterprise Architecture, it is a synonym for Data Architecture, which is one of the four Enterprise Architectures (with Application Architecture, Business Architecture, and System Architecture). In the context of designing documents and web pages, it is the structuring of large sets of information, as opposed to the development of the content of any content unit within the larger set.

Issue Framing
A process for scoping and defining a problem prior to solving it. How a decision is framed limits the possible choices that are seriously considered.

Issue Resolution
A structured process for reaching a solution to a problem while considering the needs of all stakeholders.Most Data Governance programs acknowledge that successful resolution of data-related issues requires politically-neutral facilitation of the decision-making process, with participation by Data Stakeholders.

Master Data
Master Data are the “nouns” upon which business transactions take action. Master Data describes core entities of an enterprise that are used by multiple business process and IT systems. Examples are parties (e.g., customers, employees, vendors, suppliers), places (e.g., locations, sales territories, offices), and things (e.g., accounts, products, assets, document sets). 

Master Data Management (MDM)
A structured approach to defining and managing an organization’s Master Data.

Metadata
Data about data. The definition and scope of metadata depends upon context. In the context of Information Management, metadata is generally thought of as providing information (what database stores it? what data type is it? how long is the field? etc.) about a data element. Within the context of Data Governance, the term also includes “business” metadata such as the names and roles of Data Stewards. Metadata repositories are employed to store and report on metadata.

Post-Compliance Paradigm Shift
Change in expectations that says that it’s no longer acceptable to simply “do” work. Instead, for work that exists in an environment with compliance requirements, the work is not complete until you 1. Do it, 2. Control it, 3. Document it, and 4. Prove compliance.

Risk Management
In a broad sense, to assess, minimize, and prevent negative consequences posed by a potential threat. The term “Risk Management” has significantly different meanings that can affect Data Governance programs. At an enterprise level, “risk” refers to many types of risk (operational, financial, compliance, etc.); managing risk is a key responsibility of Corporate Boards and Executive Teams. Within financial institutions (or in the context of a GRC program), Risk Management may be a boundary-spanning department that focuses on risk to investments, loans, or mortgages. At a project level, “Risk Management” is an effort that should be undertaken as part of Project Management, focusing on risks to the successful completion of the project. From a Compliance/Auditing/ Controls perspective, “Risk Assessments” and “Risk Management” are high-effort activities included in the COSO, and COBIT frameworks and required by Sarbanes-Oxley and other compliance efforts. Data Governance programs may be asked to support any of these Risk Management efforts, and may need input from these efforts to resolve data-related issues.

Rogue Data Usage
Accessing or using information in an manner that is not authorized or proper.

Sensitive Data
Data that is private, personal, or proprietary and must be protected from unauthorized access.

Tone From the Top
Explicit or implicit messages sent by an organization’s leadership. To be successful, compliance and governance programs generally require a strong tone from the top about expectations for participation.

Workflow
The movement of data, documents, or tasks through a work process; generally used in the context of technologies that automate workflows. Data Governance programs often strive to address workflows by embedding governance controls (e.g., approvals, decision steps) or by providing loop-outs to governance processes (e.g., issue resolution, change control)