In the last of this three-part series, we will address strategy, direction and the much misunderstood topic of policy. As with the first two posts, we’ve provided a set of questions you can answer as true or false to gain a sense of where your organisation is on your journey to information excellence.
Do we know where we are heading?
Given the majority of organisations now consider data as the most important company asset1, a well-communicated data strategy for the organisation is rarer than you might think. This doesn’t mean that no one in the organisation has given thought to data strategy, or that there aren’t strategies and plans in place; it just means that data strategies and the plans that support them often reflect the fragmented data landscape that produced them.
As such, there may well be data strategies for a particular area of IT (such as ERP), or some that are aligned to a particular business/IT initiative such as Big Data.
In the past that has not been a significant barrier to progress, however, an important part of shifting to digital business is an understanding of data across the business – particularly when it comes to thinking about capabilities development, architecture, data integration and governance.
An effective data strategy shouldn’t attempt to boil what can easily turn into an ocean with detail. Instead it should be designed to bring teams together by setting clear direction and establishing priorities for the business.
True or False Questions:
- We have a data strategy
- I understand our data strategy
- I understand our data priorities
Is good data practice common practice?
At a recent digital transformation conference we attended, one of the speakers was complaining about how hyped the term “cyber” has become. As he works in what is now called the cyber-security team, he has to explain regularly that most of his work actually involves writing effective security policies, not fending off cyber-attacks or tracking cyber criminals. He freely admitted that writing policies is not particularly exciting, but maintained that it is absolutely fundamental to good security. The same can be said of data policies – they are fundamental to data excellence. Many people tend to visualise filing cabinets of documents when the word policy is used, and therefore relegate them to a “tick box” category of relatively low importance. This is an unfortunate association, as it is extremely misleading.
As an example (which is both a data and a security policy) let’s take your data access policy. The policy statement probably reads something like this:
Access to data will be as broad as possible, consistent with the classification of the data, role(s) and responsibilities of the user, and level of training. Data will be classified according to its sensitivity to unauthorized exposure as per the standards defined in this document. This policy will be supported by ongoing development of a Data Access Matrix (with data classifications and data access roles), and training so that users can use the (organisation name’s) data both effectively and securely.
The policy shows that the organisation’s data has been classified and the roles of the users have been mapped to determine who has access to what data. The policy is enforced through the login process and is transparent to the user. In other words, the policy forms part of the day to day operation of the business. With the right tools the same can be true of retention policy, which determines how long a file or other data element should be kept and numerous other aspects of data management. Creating the policy involves an understanding of the business issues, the data, underlying infrastructure, users and their roles and in some cases applicable laws and regulations. These come together in an effective policy to embed best practice and governance in the organisation.
True or False Questions:
- We have data policies
- Our data policies are effectively implemented with a robust set of controls
- Our data policies support the governance of the organisation
1 Gartner, Modern Data Management Requires a Balance Between Collecting Data and Connecting to Data, 2017