A Guide to Data Governance
24
Copyright © Microsoft Corporation, 2020
Data Governance Maturity Model
Looking at the data governance challenge, you may be wondering how mature you are in
terms of covering all aspects of this across your data landscape. In order to assess that, the
following data governance maturity model is provided.
Ungoverned Stage 1 Stage 2 Fully governed
People
No stakeholder executive sponsor Stakeholder sponsor in place Stakeholder sponsor in place Stakeholder sponsor in place
No roles and responsibilities
dened
Roles and responsibilities dened Roles and responsibilities dened Roles and responsibilities dened
No DG control board DG control board in place but no
ability
DG control board in place with data DG control board in place with data
No DG working groups No DG working groups Some DG working groups in place All DG working groups in place
No data owners accountable for
data
No data owners accountable for
data
Some data owners in place All data owners in place
No data stewards appointed with
responsibility for data quality
Some data stewards in place for
DQ but scope too broad e.g. whole
dept
Data stewards in place and
assigned to DG working groups for
specic data
Data stewards in place assigned
to DG working groups for specic
data
No one accountable for data
privacy
No one accountable for data
privacy
CPO accountable for privacy (no
tools)
CPO accountable for privacy with
tools
No one accountable for access
security
IT accountable for access security IT Sec accountable for access
security
IT Sec accountable for access
security & responsible for enforcing
privacy
No one to produce trusted data
assets
Data publisher identied and
accountable for producing trusted
data
Data publisher identied and
accountable for producing trusted
data
Data publisher identied and
accountable for producing trusted
data
No SMEs identied for data entities Some SMEs identied but not
engaged
SMEs identied & in DG working
groups
SMEs identied & in DG working
groups
Process
No common business vocabulary Common biz vocabulary started in
a glossary
Common business vocabulary
established
Common business vocabulary
complete
No way to know where data is
located, its data quality or if it is
sensitive data
Data catalog auto data discovery,
proling & sensitive data detection
on some systems
Data catalog auto data discovery,
proling & sensitive data detection
on all structured data
Data catalog auto data discovery,
proling & sensitive data detection
on structured & unstructured in all
systems w/ full auto tagging
No process to govern authoring or
maintenance of policies and rules
Governance of data access security
policy authoring & maintenance on
some systems
Governance of data access
security, privacy & retention policy
authoring & maintenance
Governance of data access
security, privacy & retention policy
authoring & maintenance
No way to enforce policies & rules Piecemeal enforcement of data
access security policies & rules
across systems with no catalog
integration
Enforcement of data access
security and privacy policies and
rules across systems with catalog
integration
Enforcement of data access
security, privacy & retention
policies and rules across all systems
No processes to monitor data
quality, data privacy or data access
security
Some ability to monitor data
quality
Some ability to monitor privacy
(e.g. queries)
Monitoring and stewardship of DQ
& data privacy on core systems
with DBMS masking
Monitoring and stewardship of DQ
& data privacy on all systems with
dynamic masking
No availability of fully trusted data
assets
Dev started on a small set of
trusted data assets using data
fabric software
Several core trusted data assets
created using data fabric
Continuous delivery of trusted
data assets with enterprise data
marketplace
No way to know if a policy violation
occurred or process to act if it did
Data access security violation
detection in some systems
Data access security violation
detection in all systems
Data access security violation
detection in all systems
No vulnerability testing process Limited vulnerability testing
process
Vulnerability testing process on all
systems
Vulnerability testing process on all
systems
No common process for master
data creation, maintenance & sync
MDM with common master data
CRUD & sync processes for single
entity
MDM with common master data
CRUD & sync processes for some
data entities
MDM with common master data
CRUD & sync processes for all
master data entities complete
Benchmark your
company on this data
governance maturity
model to gauge your
progress