Master data governance with comprehensive concept definitions, hierarchies, compliance frameworks, RACI matrices, and industry best practices.
Select any governance concept below to see a realistic Banking industry example with sample data, attributes, and relationships.
The complete data governance object model showing how concepts relate hierarchically.
How governance concepts connect from top-level strategy down to individual data fields.
originating_platform.originating_table.originating_column → adal_data_mart.adal_mart_table.adal_mart_column
An industry classifies the economic sector in which a company operates. It sets the context for all downstream governance objects including value chains, capabilities, and regulatory requirements.
A business capability represents WHAT a company can do, independent of how it is done or who does it. Capabilities are stable over time and form the foundation for mapping data needs to business outcomes.
Capability = WHAT a company can do (e.g., "Customer Management")
Value Chain = HOW activities flow to deliver value (e.g., "Order-to-Cash")
Function = WHO performs the work (e.g., "Sales Department")
| Lens | Question | Example |
|---|---|---|
| Capability | What can we do? | Customer Onboarding |
| Value Chain | How does value flow? | Lead-to-Customer |
| Function | Who does it? | Sales Operations |
A sub-capability is a more granular decomposition of a business capability, typically at Level 2 or Level 3. Sub-capabilities help organizations map specific data needs to fine-grained business functions.
A value chain describes the end-to-end sequence of activities that deliver value to a customer or stakeholder. Business functions are organizational units that perform activities within the value chain.
WHAT we can do
HOW value flows end-to-end
WHO performs the work
| Value Chain | Stage | Functions Involved | Key Data Domains |
|---|---|---|---|
| Order-to-Cash | Order Entry | Sales, Finance | Customer, Order, Product |
| Procure-to-Pay | Vendor Selection | Procurement, Legal | Vendor, Contract, Payment |
| Hire-to-Retire | Recruitment | HR, Compliance | Employee, Benefits, Payroll |
A data domain is a high-level subject area that groups related data logically by business context. Domains form the primary organizing principle for data governance and ownership.
| Domain | Description | Example Sub-Domains |
|---|---|---|
| Customer | All data about customers and prospects | Customer Profile, Customer Interaction, Customer Segmentation |
| Product | Product catalog and specifications | Product Master, Pricing, Inventory |
| Finance | Financial transactions and reporting | General Ledger, Accounts Payable, Accounts Receivable |
| Employee | Human resource and workforce data | Employee Profile, Payroll, Benefits |
A data sub-domain further partitions a data domain into more manageable, logically cohesive groupings of business entities.
| Domain | Sub-Domain | Key Entities |
|---|---|---|
| Customer | Customer Profile | Customer, Address, Contact |
| Customer | Customer Interaction | Case, Complaint, Feedback |
| Product | Product Master | Product, Category, Specification |
| Finance | General Ledger | Account, Journal Entry, Cost Center |
A business data entity is a fundamental business concept that is represented as a data object. It is the logical equivalent of a table in a database but defined from a business perspective.
| Entity | Sub-Domain | Key Attributes | CDEs |
|---|---|---|---|
| Customer | Customer Profile | Name, ID, Type, Status | Customer ID, Tax ID |
| Order | Order Management | Order ID, Date, Total, Status | Order ID, Order Amount |
| Employee | Employee Profile | Employee ID, Name, Role | Employee ID, SSN |
An entity attribute is a specific data field or property of a business data entity. Attributes describe the characteristics of an entity and carry the actual data values.
A Critical Data Element is an attribute that is essential for business operations, regulatory compliance, or decision-making. CDEs receive heightened governance attention including stricter quality rules and monitoring.
Authoritative Data Origin Point - The system where data is first created or captured. The "source of truth" for data creation.
Authoritative Data Access Layer - The governed, curated layer from which consumers should access data. The "golden copy."
| CDE | Entity | ADOP | ADAL | DQ Rules |
|---|---|---|---|---|
| Customer ID | Customer | CRM System | Customer MDM | Uniqueness, Format |
| Account Balance | Account | Core Banking | Finance Data Lake | Completeness, Accuracy |
A data quality rule is a measurable validation criterion applied to data elements to ensure they meet defined quality standards. Rules are the executable expressions of data quality expectations.
Data certification is a formal attestation process where a data steward or owner confirms that a dataset meets defined quality standards, business definitions, and compliance requirements.
A regulatory requirement captures specific legal, regulatory, or industry mandates that govern how data must be collected, stored, processed, and shared. Each requirement maps to governance controls.
A business glossary is a curated collection of business terms with standardized definitions, providing a common vocabulary across the organization. It eliminates ambiguity and ensures consistent understanding.
A business term is a single entry in the business glossary that provides the official business definition for a concept. Terms are linked to data entities and attributes to bridge business and technical understanding.
A governance scorecard aggregates data quality metrics, compliance scores, and governance KPIs into a single view. It provides leadership visibility into the health of data governance across domains.
A governance metric is a specific, measurable indicator that tracks the performance or health of a data governance activity. Metrics feed into scorecards and KPIs.
Data stewardship is the practice of managing and overseeing data assets to ensure data quality, compliance, and proper usage. Data stewards are the operational arm of data governance.
A company is the organizational entity that operates within an industry and owns the data governance program. It provides the top-level context for all governance activities.
A persona represents a type of user or stakeholder in the data governance ecosystem. Personas help define access levels, responsibilities, and interface requirements.
A business process is a structured set of activities that produces a specific output for a customer or stakeholder. Processes consume and produce data, making them key to understanding data flow.
A data policy is a formal document that establishes the rules, standards, and guidelines for managing data within an organization. Policies are the authoritative source for data governance rules.
A business rule is a specific, actionable statement that defines or constrains some aspect of data or process behavior. Business rules implement data policies at an operational level.
A System of Record is the authoritative system where a data entity is officially created, maintained, and governed. It is the single source of truth for that data.
A data product is a curated, self-describing, and reusable dataset that is managed as a product with defined SLAs, ownership, and consumer contracts. Data products enable data mesh architectures.
A data contract is a formal agreement between a data producer and consumer that specifies the schema, quality guarantees, SLAs, and terms of data delivery.
A data sharing agreement is a legal/governance document that formalizes the terms under which data is shared between internal departments, external partners, or third parties.
A data impact assessment evaluates the potential effects of proposed changes to data assets, policies, or systems. It ensures that risks are identified and mitigated before changes are implemented.
A change request is a formal proposal to modify a governed data asset, policy, schema, or rule. Change requests follow an approval workflow to ensure governance oversight.
A data transformation is a documented operation that converts data from one format, structure, or value set to another. Transformations are key components of data lineage.
Data profiling is the process of examining data to collect statistics, discover patterns, and assess quality. Profiling provides the factual basis for data quality rules and governance decisions.
A KPI is a high-level metric that measures the overall effectiveness of the data governance program. KPIs are reported to executive leadership and drive strategic decisions.
A consent record captures an individual's explicit permission for how their personal data may be collected, processed, and shared. Consent records are critical for GDPR, CCPA, and similar regulations.
A Privacy Impact Assessment evaluates how a project, system, or process collects, uses, and protects personal data. PIAs identify privacy risks and recommend mitigations.
A cross-border data transfer is the movement of personal or regulated data across national boundaries. Transfers require legal mechanisms and governance controls to comply with data sovereignty laws.
Data classification is the process of categorizing data based on its sensitivity, regulatory requirements, and business value. Classification determines security controls, access policies, and handling procedures.
Data lineage tracks the origin, movement, and transformation of data as it flows through systems. It provides transparency into where data comes from, how it is transformed, and where it is consumed.
A reference data set is a standardized set of permissible values used to classify or categorize other data. Reference data ensures consistency across systems (e.g., country codes, currency codes, status values).
A data quality dimension is a measurable aspect of data quality. The six standard dimensions are Accuracy, Completeness, Consistency, Timeliness, Uniqueness, and Validity.
Data ownership assigns accountability for data assets to specific individuals or roles. Owners are responsible for data quality, access policies, and lifecycle management within their domain.
An approval workflow defines the sequence of review and approval steps required before a change to a governed data asset can be implemented. Workflows ensure proper oversight and audit trails.
Audit trails and access logs provide a complete record of who accessed, modified, or approved data governance objects. They are essential for compliance, security, and accountability.
Map regulations (GDPR, CCPA, HIPAA, SOX) to data domains, entities, and CDEs. Define controls and monitor compliance scores.
Manage consent, data subject rights, privacy impact assessments, and data minimization across all personal data processing.
Govern data sharing through formal agreements, contracts, and cross-border transfer mechanisms with full audit trails.
| Term | Definition |
|---|---|
| Data Governance | The framework of policies, processes, and standards that ensure data is managed as a strategic enterprise asset. |
| Data Steward | A role responsible for the day-to-day management of data quality, definitions, and compliance within a domain. |
| Data Owner | A senior business leader accountable for data quality, security, and compliance within their domain. |
| Data Custodian | An IT role responsible for the technical management, storage, and security of data assets. |
| Data Mesh | A decentralized data architecture that organizes data by business domains with domain-owned data products. |
| Data Fabric | An architecture that provides a unified, intelligent data integration layer across heterogeneous environments. |
| Data Catalog | A searchable inventory of data assets with metadata, lineage, quality scores, and governance information. |
| Metadata | Data about data - includes technical (schema, types), business (definitions, owners), and operational (lineage, quality) metadata. |
| Master Data | The core business entities (Customer, Product, Employee) that are shared across multiple business processes and systems. |
| Golden Record | The single, authoritative version of a master data entity created by merging and deduplicating data from multiple sources. |
| Data Lifecycle | The stages data passes through: Creation, Storage, Processing, Sharing, Archiving, and Destruction. |
| Data Democratization | Making data accessible to all authorized users without requiring IT intermediaries, while maintaining governance. |
| Data Literacy | The ability to read, understand, create, and communicate data as information in context. |
| SLA (Service Level Agreement) | A formal commitment defining expected quality levels, response times, and availability for data services. |
| ADOP | Authoritative Data Origin Point - The system where data is first created; the source of truth for data creation. |
| ADAL | Authoritative Data Access Layer - The governed layer from which consumers access curated, quality-assured data. |
| ETL/ELT | Extract-Transform-Load / Extract-Load-Transform - Data integration patterns for moving and transforming data between systems. |
| Data Observability | The ability to understand the health and state of data in a system through monitoring, alerting, and lineage tracking. |
| Compliance Control | A specific measure implemented to meet a regulatory requirement and reduce risk. |
| Data Residency | Requirements specifying the geographic location where data must be physically stored. |
| Data Sovereignty | Legal requirements that data is subject to the laws of the country in which it is collected or processed. |
| Right to Erasure | A data subject right (GDPR Art. 17) to request deletion of their personal data under certain conditions. |
| Data Minimization | The principle of collecting and retaining only the minimum personal data necessary for a specific purpose. |
| Purpose Limitation | The principle that data collected for one purpose should not be used for a different, incompatible purpose. |
Start by identifying your industry, company, and the value chains your organization operates. This establishes the business architecture foundation.
Learn more →Identify 6-10 high-level data domains aligned to business capabilities. Assign domain owners and data stewards for each.
Learn more →Within each domain, catalog business data entities and flag critical data elements (CDEs) that drive decisions and compliance.
Learn more →Define data quality rules for each CDE across all six quality dimensions. Set thresholds and monitoring frequency.
Learn more →Map regulatory requirements to CDEs and establish compliance controls. Conduct privacy impact assessments for personal data.
Learn more →Build governance scorecards to track quality, compliance, and stewardship KPIs. Review regularly with stakeholders.
Learn more →No formal governance. Data management is ad hoc. Quality issues are discovered reactively. No defined roles or policies. Data quality is unknown and unmonitored.
Basic governance in some areas. Some data domains have stewards. Quality rules exist for critical systems. Policies are documented but inconsistently enforced.
Enterprise-wide governance framework established. All domains have stewards and owners. DQ rules cover all CDEs. Scorecards are published regularly.
Governance is metrics-driven. KPIs track program effectiveness. Automated monitoring and alerting. Continuous improvement processes in place.
Governance is embedded in culture. Self-service data with automated controls. AI-driven quality management. Industry-leading practices and innovation.
Begin with one domain and 5-10 CDEs. Prove value before scaling across the enterprise.
Invest in steward training and executive sponsorship. Technology alone cannot drive governance.
Connect governance KPIs to business outcomes. Show how quality improvements reduce cost and risk.
| Activity | CDO / DG Council | Data Owner | Data Steward | DQ Analyst | Compliance | IT / Engineering |
|---|---|---|---|---|---|---|
| Define Data Domains | C | A | R | I | C | I |
| Identify CDEs | I | A | R | R | C | C |
| Create DQ Rules | I | A | R | R | I | C |
| Build Business Glossary | A | C | R | R | C | I |
| Map Data Lineage (ADOP→ADAL) | I | A | C | C | I | R |
| Regulatory Compliance Mapping | A | C | C | I | R | I |
| Certify Data Domains | A | R | R | C | C | I |
| Data Access & Privacy Reviews | A | C | R | I | R | R |
| Monitor Governance Scorecards | A | C | R | R | I | I |
| Approve Change Requests | A | R | C | I | C | C |
| Area | Best Practice | Anti-Pattern |
|---|---|---|
| Organization | Establish a federated governance model with central standards and domain-level execution | Create a centralized, top-down-only governance team disconnected from business domains |
| Data Quality | Implement automated DQ monitoring with proactive alerts and root cause analysis | Rely solely on manual, periodic data audits with no automation or continuous monitoring |
| Metadata | Maintain a living data catalog with automated metadata harvesting and lineage | Document metadata in spreadsheets that quickly become outdated and inconsistent |
| Stewardship | Embed stewardship in daily workflows with clear accountability and measurable KPIs | Assign stewardship as a part-time afterthought with no dedicated time or metrics |
| Compliance | Map regulations to specific CDEs with automated compliance monitoring and evidence | Treat compliance as a periodic checkbox exercise disconnected from daily governance |
| Communication | Use scorecards and dashboards to communicate governance value to executives regularly | Keep governance metrics hidden within IT with no executive visibility or business context |
| Technology | Select tools that integrate with existing stack and support automation and self-service | Buy expensive tools without clear requirements or integration strategy, leading to shelfware |
| Acronym | Full Name | Description |
|---|---|---|
| ADOP | Authoritative Data Origination Point | The originating/source system, table, and column where a data element is first created or captured |
| ADAL | Analytical Data Access Layer | The analytical data mart, table, and column where governed data is consumed for reporting/analytics |
| BAU | Business As Usual | Ongoing day-to-day business operations, as opposed to project or change activities |
| BCBS | Basel Committee on Banking Supervision | International banking standards body (Basel III/IV risk data requirements) |
| BCR | Binding Corporate Rules | Internal rules for multinational companies to transfer personal data across borders within the group |
| BDE | Business Data Entity / Element | A logical data object representing a business concept (e.g., Customer, Account, Policy) |
| CBDT | Cross-Border Data Transfer | Movement of personal or regulated data between countries or jurisdictions |
| CCPA | California Consumer Privacy Act | US state-level data privacy law granting consumer rights over personal data |
| CDE | Critical Data Element | A high-impact data field requiring enhanced governance, quality monitoring, and lineage tracking |
| CDO | Chief Data Officer | Executive accountable for the organization's data strategy, governance, and analytics |
| CMMI | Capability Maturity Model Integration | Framework for process improvement and maturity assessment across an organization |
| DAMA | Data Management Association | International professional organization for data management practitioners |
| DCAM | Data Management Capability Assessment Model | EDM Council framework for measuring data management maturity |
| DCAT | Data Catalog Vocabulary | W3C standard for publishing machine-readable data catalogs |
| DG | Data Governance | The framework of policies, roles, standards, and metrics for managing data assets |
| DIA | Data Impact Assessment | Analysis of how proposed changes affect data assets, quality, and downstream systems |
| DMBOK | Data Management Body of Knowledge | DAMA International reference guide for data management disciplines |
| DPO | Data Protection Officer | Role required by GDPR to oversee data protection strategy and compliance |
| DPIA | Data Protection Impact Assessment | GDPR term for Privacy Impact Assessment — required for high-risk processing |
| DQ | Data Quality | The degree to which data meets defined business rules across dimensions like accuracy, completeness, timeliness |
| DSA | Data Sharing Agreement | Legal document governing data exchange between parties |
| DSR | Data Subject Request | Request from a data subject to exercise privacy rights (access, erasure, portability) |
| ELT | Extract, Load, Transform | Modern data integration pattern where transformation happens in the target system |
| ETL | Extract, Transform, Load | Process of moving data from source systems to analytical platforms with transformations |
| GDPR | General Data Protection Regulation | EU regulation on personal data protection and privacy (effective May 2018) |
| GICS | Global Industry Classification Standard | Industry classification standard developed by MSCI and S&P for financial markets |
| HIPAA | Health Insurance Portability and Accountability Act | US healthcare data privacy and security law |
| KPI | Key Performance Indicator | Quantifiable measure of governance effectiveness (e.g., DQ score, certification coverage) |
| LoBs | Lines of Business | Major business divisions or segments within a company |
| MDM | Master Data Management | Processes ensuring consistent, accurate master data (customers, products, etc.) across systems |
| NAICS | North American Industry Classification System | Standard used by US/Canada/Mexico for classifying business establishments |
| NIC | National Industrial Classification | Indian industry classification system used for regulatory reporting |
| PCI-DSS | Payment Card Industry Data Security Standard | Security standard for organizations handling credit card data |
| PHI | Protected Health Information | Health data protected under HIPAA regulations |
| PIA | Privacy Impact Assessment | Analysis of how personal data is collected, used, shared, and protected |
| PII | Personally Identifiable Information | Data that can identify an individual (name, SSN, email, phone, etc.) |
| RACI | Responsible, Accountable, Consulted, Informed | Governance accountability matrix defining roles for each activity |
| RBI | Reserve Bank of India | Indian central bank with data localization and governance requirements |
| RPO | Recovery Point Objective | Maximum acceptable data loss measured in time (how far back to recover) |
| RTO | Recovery Time Objective | Maximum acceptable time to restore data/service after a disruption |
| SCC | Standard Contractual Clauses | EU-approved contractual terms for cross-border personal data transfers |
| SIC | Standard Industrial Classification | 4-digit code system for classifying industries (predecessor to NAICS) |
| SLA | Service Level Agreement | Agreed-upon thresholds for data quality, availability, and freshness |
| SoR | System of Record | The authoritative source system for a specific data domain or entity |
| SOX | Sarbanes-Oxley Act | US law on financial reporting accuracy and internal controls |
Data governance is the framework of policies, processes, roles, and standards that ensure data is managed as a strategic enterprise asset. It matters because it improves data quality, enables regulatory compliance, builds trust in data, reduces risk, and empowers better decision-making across the organization.
Start with your business capabilities and value chains. Each major business area typically maps to a data domain. Common domains include Customer, Product, Finance, Employee, and Supplier. Domains should be business-oriented (not system-oriented), mutually exclusive, and collectively exhaustive. Aim for 6-12 top-level domains.
A Data Owner is a senior business leader who is accountable for data quality, security, and compliance within a domain. They make strategic decisions and approve policies. A Data Steward is an operational role that manages day-to-day data quality, resolves issues, and enforces policies. Owners are accountable; Stewards are responsible.
CDEs are data attributes essential for business operations, regulatory compliance, or decision-making. Identify them by asking: Would errors in this field cause regulatory penalties? Would incorrect values disrupt critical processes? Is this field used in financial reporting? Is it required for key business decisions?
ADOP (Authoritative Data Origin Point) is the system where data is first created - the source of truth for data creation. ADAL (Authoritative Data Access Layer) is the governed, curated layer from which consumers should access data - the 'golden copy.' Data flows from ADOP through transformations to ADAL.
1) Identify your CDEs and their quality dimensions (Accuracy, Completeness, Consistency, Timeliness, Uniqueness, Validity). 2) Define measurable DQ rules for each dimension. 3) Set target thresholds (e.g., 99.5% completeness). 4) Automate measurement. 5) Aggregate scores by entity, domain, and enterprise level. 6) Publish regularly.
Popular frameworks include DAMA DMBOK2, EDM Council DCAM, and the DG Institute Framework. Most organizations adopt a hybrid approach. Key components: governance council, policies, roles (CDO, Owner, Steward), data catalog, quality management, compliance mapping, and maturity assessment.
In Data Mesh, governance is federated: each domain team owns their data products with local governance. A central team sets global standards, interoperability rules, and shared policies. Use data contracts to formalize producer-consumer agreements. Self-serve platforms enforce governance guardrails automatically.
A Business Capability describes WHAT an organization can do (e.g., Customer Management). A Value Chain describes HOW activities flow end-to-end to deliver value (e.g., Order-to-Cash). Capabilities are realized through value chain activities. A single capability may support multiple value chains.
Map all personal data processing activities. Implement consent management with full lifecycle tracking. Establish data subject rights (DSR) processes. Conduct Privacy Impact Assessments for new processing. Ensure cross-border transfer mechanisms (SCCs, BCRs). Maintain audit trails and appoint a DPO.
The six standard dimensions: Accuracy (data reflects reality), Completeness (no missing values), Consistency (same values across systems), Timeliness (data is current), Uniqueness (no duplicates), and Validity (data conforms to rules/formats). Some frameworks add Integrity and Relevance.
Track: reduction in data-related incidents, time saved in data preparation, regulatory fine avoidance, improvement in decision-making speed, reduction in duplicate data management costs, and customer satisfaction improvements. Compare governance program costs against quantified benefits in these areas.
A Data Contract is a formal agreement between a data producer and consumer specifying schema, quality guarantees, SLAs, and delivery terms. You need one when sharing data across domains, with external partners, or when data products have multiple consumers. Contracts prevent breaking changes and ensure quality expectations.
1) Quantify the cost of poor data quality (re-work, fines, lost revenue). 2) Show quick wins with a pilot domain. 3) Connect governance KPIs to business outcomes. 4) Use regulatory compliance as a driver. 5) Benchmark against industry peers. 6) Present a phased roadmap with clear milestones and resource requirements.
Use these industry-specific starting points to accelerate your governance setup. Each template provides typical value chains, domains, entities, and CDEs.
Typical domains: Customer, Account, Transaction, Loan, Risk, Compliance
Typical domains: Patient, Provider, Claim, Clinical, Pharmacy, Research
Typical domains: Policy, Claim, Customer, Agent, Underwriting, Reinsurance
Typical domains: Customer, Product, Order, Inventory, Supply Chain, Marketing
Typical domains: Customer, Network, Billing, Service, Device, Usage
Typical domains: Product, Material, Production, Quality, Supply Chain, Asset
Thank you for subscribing!