$30 off During Our Annual Pro Sale. View Details »

Data Governance

-danny
June 18, 2020

Data Governance

Presented by Ignasius Bayu Purnomo (Data Governance Head - BFI Finance Indonesia) at a webinar by BATC, Agile BSD, and Agile Circles Indonesia.

Data Governance (DG) didefinisikan sebagai pelaksanaan wewenang dan kontrol (perencanaan, pemantauan, dan penegakan) atas pengelolaan aset data. Organisasi yang memiliki program tata kelola data, terlepas dari apakah mereka memiliki fungsi formal Data Governance, akan lebih mampu meningkatkan nilai yang mereka dapatkan dari data sebagai aset mereka.
Fungsi Data Governance memandu semua fungsi manajemen data lainnya. Tujuan Data Governance adalah untuk memastikan data dikelola dengan benar, sesuai dengan kebijakan dan best practice. Data Governance berfokus pada bagaimana keputusan dibuat tentang data dan bagaimana orang dan proses dalam organisasi diharapkan berperilaku dalam kaitannya dengan data. Cakupan program Data Governance akan tergantung pada kebutuhan organisasi, tetapi sebagian besar meliputi strategi, kebijakan, standar dan kualitas, pengawasan, kepatuhan, issue management, proyek manajemen data, dan penilaian data sebagai aset berharga.
Untuk mencapai tujuan ini, Data Governance akan mengembangkan kebijakan dan prosedur, menumbuhkan praktek pengelolaan data di berbagai tingkatan dalam organisasi, dan terlibat dalam upaya change management yang secara aktif berkomunikasi dengan seluruh lini organisasi tentang manfaat penyempurnaan tata kelola data dan perilaku yang diperlukan untuk berhasil mengelola data sebagai aset hingga timbul budaya data awareness dalam organisasi tersebut.

-danny

June 18, 2020
Tweet

More Decks by -danny

Other Decks in Technology

Transcript

  1. Ignasius Bayu Purnomo
    18 June 2020
    Data Governance

    View Slide

  2. Ignasius Bayu Purnomo
    Bayu bergabung di BFI Finance Indonesia sejak bulan Februari
    2020 sebagai Data Governance Head dan bertanggung jawab
    untuk membangun dan mengimplementasikan Data Governance.
    Sebelumnya Bayu berkarir di salah satu bank besar di Indonesia
    – Bank BNI. Di BNI, Bayu memulai karirnya sebagai seorang
    programmer lalu berkembang di bidang data analyst,
    mengimplementasikan dan membangun tim data mining dan
    data analitic; mulai dari Divisi Kartu Kredit, Divisi Customer
    Management dan Marketing, Divisi Produk Management hingga
    posisi terakhir adalah sebagai AVP Data Governance and
    Strategy di Divisi Data Management.
    Alamat email: [email protected]
    2

    View Slide

  3. Agenda
    1. Drivers Data Governance
    2. Introduction to Data Governance
    3. Alignment
    4. Element of Effective Data Governance
    5. Data Awareness Culture
    3
    Data
    Governance
    People
    Process
    Technology

    View Slide

  4. Drivers Data Governance
    4
    Data is a strategic assets
    New data consumers
    Increasing data-centric regulations
    Growing volume and type of data

    View Slide

  5. Cuplikan Permen Kominfo RI No. 20 Tahun 2016
    Peraturan Menteri Komunikasi dan Informatika Republik Indonesia Nomor 20 Tahun 2016 tentang Perlindungan
    Data Pribadi Dalam Sistem Elektronik

    View Slide

  6. Cuplikan SE OJK No. 14 SEOJK.07/2014
    Surat Edaran Otoritas Jasa Keuangan Nomor 14 SEOJK.07/2014 tentang Kerahasiaan dan Keamanan Data
    dan/atau Informasi Pribadi Konsumen
    I. Ketentuan Umum
    1. Data dan/atau Informasi Pribadi Konsumen adalah data dan/atau informasi, yang mencakup sebagai berikut:
    a. perseorangan:
    1) nama;
    2) alamat;
    3) tanggal lahir dan/atau umur;
    4) nomor telepon; dan/atau
    5) nama ibu kandung.
    b. korporasi:
    1) nama;
    2) alamat;
    3) nomor telepon;
    4) susunan direksi dan komisaris termasuk dokumen identitas berupa Kartu Tanda Penduduk/paspor/ijin tinggal; dan/atau
    5) susunan pemegang saham.
    II. PERLINDUNGAN DATA DAN/ATAU INFORMASI PRIBADI KONSUMEN
    1. PUJK dilarang dengan cara apapun, memberikan data dan/atau informasi pribadi mengenai Konsumennya kepada pihak ketiga.
    2. Larangan sebagaimana dimaksud pada angka 1 dikecualikan dalam hal:
    a. Konsumen memberikan persetujuan tertulis; dan/atau
    b. diwajibkan oleh peraturan perundang-undangan.
    3. Dalam hal Konsumen memberikan persetujuan tertulis sebagaimana dimaksud pada angka 2 huruf a, PUJK dapat memberikan Data dan/atau Informasi Prib
    adi Konsumen dengan
    kewajiban memastikan pihak ketiga dimaksud tidak memberikan dan/atau menggunakan Data dan/atau Informasi Pribadi Konsumen untuk tujuan selain ya
    ng disepakati antara
    PUJK dengan pihak ketiga.

    View Slide

  7. Data Governance
    • Definition: The exercise of authority, control and shared decision-making (planning, monitoring
    and enforcement) over the management of data assets.
    • Goals:
    1. Enable an organization to manage its data as an asset.
    2. Define, approve, communicate and implement principles, policies, procedures, metric, tools and responsibilities for data
    management.
    3. Monitor and guide policy compliance, data usage and management activities.
    7

    View Slide

  8. Data Governance Alignment
    CDO or Executive
    Sponsor
    Executive Data Steward
    Committee
    Data Governance Coordinator
    Data Owner & Steward (BU)
    Data Producer & Delivery (IT + BU)
    8
    Policy, Initiatives,
    Guidelines
    Operation, issues
    Data
    Governance
    Discover
    Define
    Apply
    Measure
    & Monitor

    View Slide

  9. Elements of Effective Data Governance
    9
    Outcomes
    Data Risk Management & Compliance Value Creation
    Enablers
    Organizational Structure & Awareness
    Policy Stewardship
    Supports
    Data Quality Management Data Lifecycle Management
    Data Security
    Master Data Management
    Data Architecture Classification & Metadata
    Audit Data Logging & Reporting

    View Slide

  10. Data Quality Management
    10
    • Definition: The planning, implementation, and control of activities that apply quality manage-
    ment techniques to data, in order to assure it is fit for consumption and meets the needs of d
    ata consumers.
    • Goals:
    1. Develop a governed approach to make data fit for purpose base on data consumers’ requirements.
    2. Define standards, requirements, and specifications for data quality controls as part of the data lifecycle.
    3. Define and implement processes to measure, monitor, and report on data quality levels.
    4. Identify and advocate for opportunities to improve the quality of data, through process and system improvements.

    View Slide

  11. Master Data Management (MDM)
    11
    • Definition: Managing shared data to meet organizational goals, reduce risks associated with
    data redundancy, ensure higher quality, and reduce the costs of data integrations.
    • Goals:
    1. Enable sharing of information assets across business domains and applications within an organization.
    2. Provide authoritative source of reconciled and quality-assessed master and reference data.
    3. Lower cost and complexity through use of standards, common data models, and integration patters.

    View Slide

  12. Data Architecture
    12
    Data architecture defines information flows in an organization, and how they are controlled. A dat
    a architect is responsible for understanding business objectives and the existing data infrastructure
    and assets; defining data architecture principles; and shaping the enterprise data architecture to pr
    ovide greater benefits to the organization.
    A few basic concepts in data architecture:
    1. Conceptual / business data model—shows data entities such as customer, product and transaction, and their
    semantics.
    2. Logical/system model—defines the data in as much detail as possible, including relations between data elements, but
    without considering how data is stored or managed.
    3. Physical/technology data model—defines how the data is represented and stored, for example in a flat file, database,
    data warehouse, key-value store.

    View Slide

  13. Data Lifecycle Management
    Collection
    • Data Acquisition – use of existing data that had been produced by organization outside the company
    • Data Entry – create new data values for the companies by human or devices that produce data for companies.
    Maintenance
    • involves tasks such as movement, integration, cleansing, enrichment, retrieval of changed data, as well as known extract-transform-load processes
    Synthesis
    • an analytic arena that uses modeling, as found in risk modeling, actuarial modeling, and modeling for investment decisions
    Usage
    • Data use has special Data Governance challenges. One of them is whether it is legal to use data the way business people want it to. This is referred to as “permitted data usage”
    Publication
    • This can be defined as sending data to locations outside the company
    Storage
    • data archives are places where data is stored
    Delete
    • Once the data is no longer useful in any way for the company, the data should be deleted. This process must be carried out properly to ensure good data management.
    13

    View Slide

  14. Data Security
    14
    • Definition: Definition, planning, development, and execution of security policies and procedures
    to provide proper authentication, authorization, access, and auditing of data and information
    assets.
    • Goals:
    1. Enable appropriate, and prevent inappropriate, access to enterprise data assets.
    2. Understand and comply with all relevant regulations and policies for privacy, protection, and confidentiality.
    3. Ensure that the privacy and confidentiality needs of all stakeholders are enforced and audited.
    Effective data security policies and procedures ensure that the right people can use and
    update data in the right way, and that all inappropriate access and update is restricted.

    View Slide

  15. Data Classification
    15
    Data classification is broadly defined as the process of organizing data by
    relevant categories so that it may be used and protected more efficiently.
    Data classification is of particular importance when it comes to risk
    management, compliance, and data security.
    Example
    •Represents the most sensitive data with the highest security classification
    1. Restricted
    •All data that is not explicitly classified as Restricted or Public data should be treated as Private data.
    A reasonable level of security controls should be applied to Private data.
    2. Private
    •Represent the least-sensitive data with the lowest security requirements
    3. Public

    View Slide

  16. Metadata Management
    Business Metadata
    • Definition and description of data sets, tables, and
    columns
    • Business rules, transformation rules, calculations, and
    derivations
    • Data models
    • Data quality rules and measurement results
    • Schedules by which data is updated
    • Data provenance and data lineage
    • Data standards
    • Valid value constraints
    • Stakeholder contact information (e.g., data owners, data
    stewards)
    • Security/privacy level of data
    • Known issues with data
    • Data usage notes
    Technical Metadata
    • Physical database table and column names
    • Column property
    • Database object properties
    • Access permissions
    • Data CRUD (create, replace, update and delete) rules
    • Physical data models, including data table names, keys
    and indexes
    • Documented relationships between the data models and
    the physical assets
    • ETL job detail
    • File format schema definitions
    • Source-to-target mapping documentation
    • Data lineage documentation, including upstream and
    downstream change impact information
    • Program and application names and descriptions
    • Content update cycle jobs schedules and dependencies
    • Recovery and backup rules
    • Data access rights, groups, roles
    Operational Metadata
    • Logs of job execution for batch programs
    • History of extracts and results
    • Schedule anomalies
    • Results of audit, balance, control measurements
    • Error logs
    • Reports and query access patterns, frequency and
    execution time
    • Patches and Version maintenance plan and execution,
    current patching level
    • Backup, retention, date created, disaster recovery
    provisions
    • SLA requirements and provisions
    • Volumetric and usage patterns
    • Data archiving and retention rules, related archives
    • Purge criteria
    • Data sharing rules and agreements
    • Technical roles and responsibilities, contacts
    16

    View Slide

  17. Audit Data Logging & Reporting
    17
    Logging provides a record of events related to data lifecycle. Each recorded event is a log entry, denoting information
    such as what occurred, when it occurred, and who or what caused it.
    Logs providing the data record through which managers can examine data lifecycle. Managers monitor logs to look for
    state changes, exceptions, and other significant events. If monitoring produces records, those are also logs that might be
    subject to further analysis or simply fulfill a compliance documentation requirement.
    Reporting refers to the generation (automatic or manual) of reports that indicate the status of data lifecycle to meet
    compliance goals. Reporting is intermeshed with both monitoring and logging, since reports can be based on the
    output of both monitoring and logging activities. Some authorities—such as ISO 27002—require management to report
    on the effectiveness of reporting and monitoring controls.

    View Slide

  18. Data Awareness Culture
    18
    1. Implement data governance operationalization
    2. Socialization of data governance, data quality, data security and data utilization
    3. Create in-depth training for data producers, data modifiers, data consumers and data owners
    4. Create data awareness program regularly
    5. Create KPIs for data-related staff or unit.
    Data awareness culture will maintain and improve data quality, data security
    and data utilization that add value to business processes.
    Several ways to build data awareness culture

    View Slide

  19. Thank You
    19

    View Slide

  20. Appendix
    20

    View Slide

  21. Roles of Data Architecture
    • Data architect (sometimes called big data architects)—defines the data vision based
    on business requirements, translates it to technology requirements, and defines data sta
    ndards and principles.
    • Project manager—oversees projects that modify data flows or create new data flows.
    • Solution architect—designs data systems to meet business requirements.
    • Cloud architect or data center engineer—prepares the infrastructure on which data sys
    tems will run, including storage solutions.
    • DBA or data engineer—builds data systems, populates them with data and takes care
    of data quality.
    • Data analyst—an end-user of the data architecture, uses it to create reports and manag
    e an ongoing data feed for the business.
    • Data scientists—also a user of the data architecture, leveraging it to mine organizationa
    l data for fresh insights.
    21

    View Slide

  22. ISO 27002
    ISO 27002—Section 9.7.2.3 of the international data securi
    ty standard requires the organization to monitor logs to
    identify security events. Section 10.10 addresses the need
    for audit logs and system activity logs, log information
    and communication faults, and the protection of “logging
    facilities and log information.”
    22

    View Slide