This post outlines a maturity model for assessing the Governance Structure within an organization, focusing on the Policies and Standards dimension. It evaluates the level of documentation and implementation of data management policies and standards through five key questions.
Assessment Overview
The following sections assess the documentation, implementation, and enforcement of data management policies and standards across the organization. Each question includes maturity levels (1 to 5) with corresponding evaluation guidelines to determine your organization’s current state.
1. Are the organization’s data standards (e.g., definitions, quality rules) documented?
Level
Description
Evaluation Guideline
Level 1
No policies or standards.
No documentation exists.
Level 2
Only informal guidelines exist.
Only verbal guidelines exist.
Level 3
Some standards documented; incomplete.
Some documentation exists.
Level 4
Most standards documented.
Comprehensive documentation exists.
Level 5
Standards fully documented and updated enterprise-wide.
Regular updates are proven.
2. How is policy compliance verified?
Level
Description
Evaluation Guideline
Level 1
No compliance verification.
No checks exist.
Level 2
Manual checks; irregular.
Irregular manual checks occur.
Level 3
Basic verification process exists.
Regular checks occur.
Level 4
Regular checks; some automation.
Automation starts.
Level 5
Automated compliance monitoring.
Real-time monitoring is proven.
3. Are data governance policies distributed enterprise-wide?
Level
Description
Evaluation Guideline
Level 1
No distribution.
No evidence of distribution.
Level 2
Distributed to some departments only.
Distributed to a few departments.
Level 3
Distributed to key departments.
Distributed to key departments.
Level 4
Distributed to most departments.
Distributed to most departments.
Level 5
Fully distributed and shared enterprise-wide.
Accessible to all employees.
4. Is there a response process for policy violations?
Level
Description
Evaluation Guideline
Level 1
No response process.
No response exists.
Level 2
Informal response.
Only verbal responses occur.
Level 3
Basic response process exists.
A process is defined.
Level 4
Documented response process.
Documented and implemented.
Level 5
Automated response and improvement.
Automation is proven.
5. Do policies reflect industry standards (e.g., ISO)?
Level
Description
Evaluation Guideline
Level 1
No reflection of industry standards.
No mention of standards.
Level 2
Some standards referenced; poorly applied.
Some standards are referenced.
Level 3
Basic standard compliance.
Basic compliance exists.
Level 4
Most standards complied with.
Most standards are complied with.
Level 5
Full compliance with and exceeding industry standards.
Exceeding standards is proven.
How to Use This Model
Use the evaluation guidelines for each question to assess your organization’s maturity in data governance policies and standards. Identify gaps in documentation, compliance verification, distribution, response processes, and alignment with industry standards, then take steps to progress toward higher maturity levels.
The author has lived and breathed the life of a data steward for years, wrestling with data to keep organizations on track. Through countless hours of consulting—both giving and receiving advice—learned one thing: explaining and leading data governance is no easy feat.
