Data Governance Maturity models: Which one to choose?

Payal Wadhwa

Payal Wadhwa

Jul 22, 2024

According to a recent study, about 60% of Chief Development Officers are said to prioritize data governance in 2024 because of the return on investment they receive. The benefits include increased funding, opportunity generation, and enhanced security. In fact, many organizations are now shifting data governance left, which involves early testing of data and ensuring its quality right from the outset.

“While always critical for Regulatory, Legal, and Corporate governance initiatives, the role of data governance has expanded to become a foundation for driving Business Growth initiatives.” – Oracle

Efficient data governance ultimately helps organizations achieve higher levels of data maturity, a cornerstone of sharper decision-making and strategic alignment. However, this is a long-drawn process that involves gradual progression. This is precisely what the data governance maturity model explains.

In this blog, we take a closer look at the data governance maturity model and some key interpretations of it. We also discuss how selecting the right interpretation can benefit your organization.

TL,DR:
What is a data governance maturity model? Data governance maturity models are frameworks that help organizations understand their level of data maturity and implement initiatives that take them to the next level.
Types and interpretations of the maturity modelThere are various data maturity models that you can seek guidance from including the ones from IBM, Gartner and Oracle
Key variables and considerations The choice of the data governance maturity model depends on the current state of maturity, the model cost and flexibility and alignment with other frameworks

What is the data governance maturity model?

The Data Governance maturity model is a framework that explains the maturity levels of an organization’s data governance program and helps them in progressing to the next level. The model template helps you assess your current state and provides a baseline to reach the desired state of data maturity.

Every data governance maturity model template has levels or milestones that indicate the stage of data maturity. Here’s an example of the broad data governance maturity levels that exist:

  • Unaware: The organization is ignorant about the data governance concept
  • Aware: The organization understands the concept of data governance while the leadership embraces the governance vision
  • Initial implementation: Organization starts small on data governance initiatives and one department starts tracking key metrics
  • Broader deployment: Data governance implementation expands to other departments and there’s better management of data through dashboards
  • Scaling and optimization: Data governance initiatives expand as organization begins to see the business value of it through KPIs
  • Full integration of governance: Governance is integrated as a key business function and centralized data is available for access to the right people

Types of Data Governance Maturity Model

There are several interpretations of the data governance maturity models made by companies, such as IBM, Gartner, Oracle, Stanford etc. and standards like CMMI and DAMA-DMBOK. With that in mind, here are the 3 most well-known interpretations of the model.

IBM data governance maturity model

IBM created an IBM Data Governance Council comprising some of the finest data governance practitioners from leading companies in 2004. After discussing the major challenges and curating data governance best practices, the IBM data governance maturity model was published in 2007.

The model is based on Software Engineering Institute (SEI) Capability Maturity Model (CMM)

We have broken down each of these 11 disciplines below:

Organizational Awareness:  An understanding of the responsibility of managing data between business and IT. Other levels of management must also act in their best interest to protect sensitive information.

Stewardship: A discipline to ensure quality of data to improve its value, minimize risks, and ensure organizational control.

Policy: A written document to outline how the organizational members must behave.

Value Creation: A discipline that measures data and assesses its quality to make the most of data assets and maximize business value.

Data risk management: A component to identify and assess risks to minimize, mitigate or transfer them

Security/Privacy/ Compliance: The policies or controls to minimize risks.

Data Architecture: The system designs that manage structured and unstructured data to ensure their availability and distribution.

Data Quality: Measures to assess and improve the quality and integrity of data at various stages of its lifecycle.

Business Glossary/Metadata: A list of standardized definitions for business and IT terms and key concepts. Metadata provides relevant information about this data to manage data assets.

Information Lifecycle Management: A policy-driven approach to manage information throughout its lifecycle.

Audit and Reporting: An assessment of data governance and a documented statement on its effectiveness.

Each of these disciples are interrelated. The business outcomes ie. Data risk management and compliance and value creation require enablers such as organization structure and awareness, policy and data stewards. These enablers are further strengthened by core and supporting disciplines.

Integrate Governance and Compliance with Sprinto

The 5 data governance maturity levels under IBM Data Governance Maturity Model include:

Level 1: Initial

  • Organizations with level 1 data maturity have unstructured or no strong data practices in place. 
  • They follow a reactive or ad-hoc approach to data management where tasks are undertaken when problems arise. This further leads to resource inefficiency and level 1 organizations exceed the budgets and timelines for projects.

Level 2: Managed

  • Organizations with level 2 data maturity are slightly better off because they realize the strategic significance of data.
  • These organizations have some structured processes in place but the standardization is not for all projects. While these businesses follow written plans for several projects, they still carry risks of resource inefficiency because of inconsistent practices.

Level 3: Defined

  • Level 3 data maturity indicates that the organization has well-defined and consistent processes.
  • Projects have SOPs and documentation that can be customized according to business unit requirements. The organization is starting to incorporate stewardship, where data quality is ensured to maximize business value.

Level 4: Quantitatively Managed

  • At this level, data governance is integrated across all business units. 
  • Quantitative metrics assess whether the desired quality of the data is achieved. Statistical techniques are applied to measure performance against the set goals, and there’s better organizational control.

Level 5: Optimizing 

  • Level 5 is the highest level of data maturity, where improvement processes are established for quantitatively managed data.
  • Everything is well-tracked and the processes are continuously updated as per changing business objectives.

Gartner data governance maturity model

The Gartner data governance maturity model, also known as the Gartner Enterprise Information Management maturity model was introduced in 2008. It guides organizations on how to protect their information assets and has 5 major goals:

  • Unified Content
  • Integrated master data domains
  • Seamless Information flows
  • Metadata Management and Semantic Reconciliatio
  • Data Integration across the IT portfolio

According to the Gartner data governance maturity model, there are 6 data governance maturity levels, along with action items specified for each level.

Level 0: Unaware

At this stage, there is no awareness about data governance so the strategic decisions are not well-informed.

  • There is little to no formal structure in place for information governance, sharing, and security
  • A lack of data ownership and accountability exists as people do not realize the importance of data governance.
  • Employees do not understand metadata and other data governance vocabulary

Action item: Arrange for a training session to educate leaders and architecture staff on the importance of data governance and the risks of non-compliance and inadequate measures.

Level 1: Aware

At Level 1, there is an awareness of the importance of data governance, but there is a lack of processes to support enterprise information management.

  • The lack of data ownership and accountability still exists
  • Quality issues are understood, and people acknowledge the need for standardized processes to govern data.
  • Employees are aware of the risks involved in mismanagement of information assets.

Action item: Develop and communicate an effective EIM strategy that aligns with the business objectives and information architecture.

Level 2: Reactive

Level 2 organizations understand the value of data, and interdepartmental data sharing is in its early stages.

  • Any data quality issues are dealt with as and when they arise (reactive practices)
  • The integration landscape is complex and there is no centralized data management
  • The organization starts gathering metrics to understand the current data quality and data management practices

Action item: Encourage cross-functional adoption of EIM strategies and facilitate a better understanding of the business advantage of effective data governance to close the gaps.

Level 3: Proactive

Level 3 organizations view information governance as key to making well-informed decisions and enhancing performance.

  • There is better cross-functional collaboration to support broader organizational goals with clear lines of authority and data ownership
  • A solid Enterprise information architecture guides the data governance program
  • Data security and compliance considerations are incorporated right from the beginning for any system development

Action item: Present a business case for EIM to management and key stakeholders to leverage more opportunities for data governance within departments.

Level 4: Managed

At level 4, the critical nature of data is widely accepted across the enterprise.

  • There are policies and SOPs in place to consistently manage data and these are distributed and acknowledged org-wide
  • A data governance body is created to enhance cross-functional collaboration on information management
  • Data metrics related to productivity and business value are developed 

Action item: Start documenting information management activities and aligning them to the overarching EIM strategy. Measure performance regularly using a balanced scorecard, a tool for measuring progress from various perspectives.

Level 5: Effective

Level 5 organizations effectively use information assets to maximize business value and support strategic decisions

  • Information assets are seen as a competitive differentiator and the organization makes it a process to create Service Level Agreements (SLAs)
  • It focuses on two key goals linked to data governance that is productivity and risk management
  • There is a formalized EIM function that coordinates data governance activities across the organization

Action item: Ensure implementation of technical measures to maintain effective information management that sustains regardless of any significant changes.

Try the next-gen GRC automation tool

Oracle Data governance maturity model

The Oracle Data governance maturity model, which was developed by Oracle, advocates for an iterative approach to enhance data governance practices. Each iteration has incremental improvements to enable the organization to move closer to data maturity. The model talks about 6 levels or milestones for organizations:

Milestone One: None

  • At this level, there is no formal data governance program in place. 
  • Data is only generated as a result of application activities such as transactions, user interactions etc.

Milestone Two: Initial

  • The IT department has some control over data at this level. However, business processes do not value the impact of data and hence there is limited influence of IT over business decisions.
  • The collaboration across IT and business functions is inconsistent and project-based
  • Every line of business has individuals with a strong understanding of data that help bridge the gap between IT and business processes.

Milestone Three: Managed

  • Level 3 organizations have data owners defined and there is some degree of data stewardship ie. enforcement of data policies
  • There are processes around data management but they lack clarity and consistency.
  • Data problems are addressed on an ad-hoc basis as reactive responses exist
  • The organization is in the early stages of standardization

Milestone Four: Standardized

  • At level 4, cross-functional teams are actively involved in overseeing data governance efforts
  • The responsibilities of data stewards implementing the data policies are clearly defined
  • There are standardized processes across business functions
  • The organization has a well-established and centralized hub for data policies
  • Data quality activities are regularly tracked and improved

Milestone Five: Advanced

  • At level 5, data governance becomes a critical function of the organization and is well-integrated across functions
  • The business actively maintains and implements data policies 
  • Quantitative goals are established to measure data quality processes and maintenance efforts

Milestone Six: Optimized

At this level, data governance becomes fundamental to business processes and projects.

Key business decisions are made after considering costs, benefits and risks involved

There are quantitative targets for process improvement and regular process updates to ensure alignment with business objectives

Oracle model also talks about a three-phased approach to enhance data maturity over time. The 3 phases are:

Explore

Goal: To build a foundation for data governance and establish the roles and responsibilities of data governance executives.

Key tasks:

  • Assess and prioritize data governance needs. For implementation, adopt a targeted approach and start with critical assets that would derive the most benefit from data governance activities.
  • Choose a data governance framework based on organization’s needs and objectives and create an implementation roadmap. Include vision, mission, strat