Documente Academic
Documente Profesional
Documente Cultură
Cover A
B
Performance.
Predictability.
Profitability.
Data Management Maturity (DMM) SM Model
Cover C
Welcome to the Data Management Maturity (DMM)SM Model
CMMI® Institute is delighted to introduce the Data Management Maturity (DMM)SM model. The DMMSM
model provides organizations with a standard set of best practices to precisely evaluate their capabili-
ties and build a unique roadmap to accelerate progress in delivering value to the business.
The DMMSM model was developed using the principles and structure of CMMI Institute’s Capability
Maturity Model Integration (CMMI)®—a proven approach to performance improvement and the gold
standard for software and systems development for more than 20 years. The DMM model helps organi-
zations become more proficient in managing critical data assets to improve operations, enable analytics
and gain competitive advantage.
In addition to providing a pathway to elevated organizational performance like the CMMI®, the DMM
model serves as a catalyst and a platform for the growth of a global community of professionals and
practitioners who are committed to advancing the state of the practice. These are people who work
every day to help communities in the workplace make things the way they ought to be. They create
innovative solutions to fix what is broken and envision new approaches to fill what is missing. They
serve as powerful accelerators for aligning the interests of lines of business with IT to ensure that their
critical data assets are strengthened, well-managed, and better utilized to achieve business goals. In the
current era of global business where information and access reign supreme, the companies that are able
to leverage their corporate data assets to the fullest are the companies where people flourish.
Over the last two decades CMMI has been adopted in over 94 countries, applied in thousands of organi-
zations, and has directly impacted the professional development of over 150,000 people. It has served
as the benchmark in organizations ranging from NASA working on manned space missions, to entre-
preneurial start-up companies in Shanghai. It is our hope that the DMM will serve the data management
needs of organizations across a similar spectrum of applications.
We are deeply grateful to the DMMSM Sponsors (Booz Allen Hamilton, Microsoft, Lockheed Martin, and
Kingland Systems) whose personal commitment and expertise has allowed us to offer the DMM
oes Here
model as a platform to the world.
We are also thankful for the early innovators (Microsoft, Fannie Mae, the Federal Reserve System
Statistics Function, Ontario Teachers’ Pension Plan and Freddie Mac) who reported significant benefits
from the use of the DMM model— including the ability to galvanize organizational change by identifying
and implementing collaborative actionable initiatives.
We appreciate the over 100 data management professionals representing 45 different organizations
who contributed to the development of the DMM and the 70 organizations who evaluated their capabil-
a/an
ities using the model during the development process.
pletion
CMMIHere
Together—individuals from a broad base of business, government and data management associations,
Institute and our DMM sponsors—have collaborated to make the Data Management Maturity
(DMM) model a catalyst for advancing data management strategy. We know from this experience, that
when DMM-based process improvements are implemented, organizations can realize significant benefits
such as controlling costs through the use of reliable and accurate data, mitigating risk, and increasing
XXXX transparency and data access for more strategic and informed business decisions.
We appreciate your support, dedication, and wisdom. If you are new to the DMM, we welcome you to
the conversation and look forward to working together.
Best regards,
Kirk Botula
CEO, CMMI Institute
iv
As the organization behind the Capability Maturity Model Integration (CMMI)®, a capability
improvement framework that guides organizations in high-performance operations, CMMI®
Institute is working to build upon the 20 years of CMMI’s success, advance the state of
the practice, accelerate the development and adoption of best practices, and provide new
and evolved solutions to meet the emerging needs of businesses around the world. CMMI
Institute supports the worldwide adoption of its technologies in small and large organiza-
tions alike in a variety of industries, including aerospace, finance, health services, software,
defense, transportation and telecommunications. In addition, CMMI Institute licenses its
products and services through a network of delivery partners; conducts training and certifi-
cation; sponsors conferences, workshops, and events; and promotes the benefits of process
improvement models and appraisal methods. CMMI Institute is part of Carnegie Innovations,
a technology commercialization enterprise and part of Carnegie Mellon University.
Visit us at www.cmmiinstitute.com
Acknowledgements
CMMI Institute wishes to thank its sponsors, who provided insight and vision to help us
bring the Data Management Maturity (DMM)SM model to the data management industry and
profession.
KINGLAND SYSTEMS
Kingland Systems provides enterprise-class software,
reference data, technology services, and analytics
solutions to global clients in the accounting, financial,
and insurance markets to manage and improve
reference data, monitor and ensure compliance with
global regulations, and analyze data to improve
business processes in over 140 countries.
LOCKHEED MARTIN
Lockheed Martin is a global security and aerospace
company that employs about 118,000 people worldwide
and is principally engaged in the research, design, de-
velopment, manufacture, integration, and sustainment of
advanced technology systems, products, and services.
MICROSOFT
Founded in 1975, Microsoft (NASDAQ “MSFT”) is the
worldwide leader in software, services, and solutions
that help people and businesses to realize their full
potential.
vi
Through our development effort, we have refined the model content through extensive
feedback from peer reviewers and pioneering organizations who have engaged in evaluating
their capabilities through DMM Assessments. The DMM incorporates the approach and proven
strengths of the Capability Maturity Model Integration (CMMI), a successful industry process
improvement reference model which for 20 years has helped over 10,000 organizations to
lower risk, increase predictability and performance, and gain increased profitability.
On behalf of the CMMI Institute and our corporate sponsors, we acknowledge the contribu-
tions of the following individuals, who have offered their time and knowledge for the creation
of the Data Management Maturity Model.
CONTRIBUTORS
Funmi Balogun, Fannie Mae; Roy Ben-Hur, Deloitte and Touche; John Carroll, element-22;
Predrag Dizdarevic, element-22; Doug Finn, Deloitte and Touche; John Gemski, Golden-
Source; John Housen, Chartis Insurance; Olga Maydanchik, Citi; Doug Nixon, Ernst and
Young; Richard White, Federal Reserve Bank of New York; Gian Wemyss, Software Engineer-
ing Institute, Carnegie Mellon University; and David Williams, Citi.
vii
viii
NO WARRANTY
TO THE MAXIMUM EXTENT ALLOWED BY LAW, EXCEPT AS EXPRESSLY SET FORTH IN ANY
SCHEDULE, ATTACHMENT, OR EXHIBIT, THE CMMI INSTITUTE SPECIFICALLY DISCLAIMS ALL
WARRANTIES, WHETHER EXPRESS, IMPLIED, OR STATUTORY, REGARDING OR RELATING
TO THE DATA MANAGEMENT MATURITY MODEL (DMM), OR ANY MATERIALS OR SERVICES
FURNISHED OR PROVIDED TO COMPANY UNDER THIS AGREEMENT, INCLUDING ALL IMPLIED
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE NONIN-
FRINGEMENT, USAGE OF TRADE, AND COURSE OF DEALING OR PERFORMANCE WITH RE-
SPECT TO THE DATA MANAGEMENT MATURITY MODEL (DMM) AND ANY OTHER MATERIALS
AND SERVICES WITH RESPECT TO THE USE OF ANY OF THE FOREGOING.
Use of any trademarks in this report is not intended in any way to infringe on the rights of the trade-
mark holder.
Your copy of the Data Managment Maturity (DMM)SM model is licensed solely to you, and no ownership
rights transfer to you when you download a copy of the DMM model. When you purchase a license to a
digital download of the DMM model, the PDF will be stamped with your name, denoting you as the sole
licensee of the document. You may not remove or obscure your name, any copyright notices or other
identifying information from the PDF.
You agree not to reproduce, duplicate, copy, sell, resell, assign, transfer or exploit any portion of the
DMM model, use of the DMM model, or access to the DMM model or the website through which the
service is provided, without express written permission by CMMI® Institute. The DMM model is provided
“as is, where is,” without warranties of any kind, and CMMI Institute hereby disclaims all express and
implied warranties, including but not limited to, any implied warranties of merchantability, fitness for a
particular purpose, accuracy, title or non-infringement. You are solely responsible for your use of the
DMM model, and agree to defend, indemnify and hold CMMI Institute harmless from any claims, liability,
damages, costs or expenses incurred by CMMI Institute arising from your use of the DMM model.
ix
Introduction 2
Background 2
Audience 2
DMM Framework 3
Capability Evaluation 8
Capability Measurement 8
Maturity Measurement 9
Purpose 12
Introductory Notes 12
Goals 13
Core Questions 13
Purpose 20
Introductory Notes 20
Goals 20
Core Questions 21
Purpose 24
Introductory Notes 24
Goals 25
Core Questions 25
Business Case 31
Purpose 31
Introductory Notes 31
Goals 32
Core Questions 32
Program Funding 37
Purpose 37
Introductory Notes 37
Goals 37
Core Questions 38
xi
Governance Management 44
Purpose 44
Introductory Notes 44
Goals 45
Core Questions 45
Business Glossary 50
Purpose 50
Introductory Notes 50
Goals 51
Core Questions 52
Metadata Management 58
Purpose 58
Introductory Notes 58
Goals 59
Core Questions 59
Data Quality 69
Purpose 70
Introductory Notes 70
Goals 71
xii
Data Profiling 77
Purpose 77
Introductory Notes 77
Goals 77
Core Questions 78
Purpose 84
Introductory Notes 84
Goals 84
Core Questions 85
Data Cleansing 90
Purpose 90
Introductory Notes 90
Goals 90
Core Questions 90
Data Operations 97
Purpose 98
Introductory Notes 98
xiii
Core Questions 99
Purpose 105
Goals 106
Purpose 111
Goals 111
Purpose 118
Goals 119
Purpose 126
xiv
Purpose 132
Goals 132
Purpose 137
Goals 137
Purpose 144
Goals 145
xv
Goals 153
Purpose 168
Goals 168
Purpose 187
Goals 188
Purpose 193
Goals 193
Purpose 206
xvi
Purpose 211
Appendix 221
xvii
The DMM was collaboratively developed by data management experts, IT professionals, and
representatives of lines of business. The process areas and incremental capability measure-
ment criteria, known as “practice statements,” are based on practical, proven activities that
are required to achieve and sustain effective management of an organization’s data assets.
It is a framework that fosters alignment on the following factors: strategy, implementation
of governance mechanisms, defining dependencies, managing operational components,
integrating with IT capabilities, ensuring data quality, developing shared data across the
organization, and incorporating trusted data into the organization’s data stores.
The model’s overall goals are to help organizations to improve proficiency in management of
their critical data assets, and to provide a benchmark suitable for continuous improvement,
compliance, and audit.
While the DMM defines the requirements and activities for effective data management, it is
not prescriptive about how an organization should achieve these capabilities. The DMM is
structured such that it can be used by organizations to not only assess their current state of
capabilities, but also to build a customized roadmap for data management implementation.
The product suite supporting the DMM features a standard method for conducting objective
evaluations of the organization’s data management program, an organization Partner
program, and successive training courses leading to certification as an Enterprise Data Man-
agement Expert (EDME).
AUDIENCE
All organizations interested in evaluating and improving their data management program
from end to end can benefit from this model. The DMM is an unparalleled discovery tool
2 Introduction
The model provides a comprehensive framework for evaluating data management practices,
increasing the scope and engagement of data governance, and implementing best practices
for adoption and application by all organizations. A standard assessment methodology allows
organizations to measure themselves against best practices. Industry regulators and business
experts can employ the DMM for evaluation of capability and maturity of data management
practices within organizations.
DMM FRAMEWORK
The model is comprised of 20 data management process areas as well as 5 supporting
process areas based on CMMI process areas. The model is organized into five categories, as
illustrated in Figure 1. Each category contains a number of process areas, as shown in Table
1. These process areas serve as the principal means to communicate the themes, goals, prac-
tices, and example work products of the model. Accomplishment of process area practices
allows an organization to build capabilities and, in conjunction with the infrastructure support
practices, accomplish maturity in data management.
The model is structured such that an organization can implement any combination of process
areas or categories and still obtain a precise evaluation of their capabilities if only process
areas are evaluated, or overall maturity if process areas and infrastructure support practices
are evaluated. Therefore, an organization can evaluate achievement of capability or maturity
in a single process area, a set of process areas, a category, a set of categories, or any com-
bination, up to the whole model. This allows flexible use of the model to meet the specific
needs of all organizations. More information on the evaluations, and how they can be scoped
and tailored, can be found in the DMM assessment and appraisal training and services.
Introduction 3
Although each process area can be considered separately, the collection of practices
work together to ensure that the organization has addressed data management across all
disciplines. There are dependencies and interrelationships that must be synthesized for an
effective program. The primary supporting relationships are presented as “Related Process
Areas.” Other relationships exist but are not explicitly stated; they are mentioned in support-
ing informative text. Table 1 shows which process areas are contained within each category in
the DMM. The selection of process areas within categories was based upon the affinity of the
process areas and the manner in which they support each other.
4 Introduction
Introduction 5
Core Category
Process Area
Purpose
Introductory Notes
The Infrastructure Support Practices, which are adapted from core CMMI process improve-
ment practices, apply to all DMM process areas and are expected to be performed to help im-
prove the capability or maturity of process areas, beginning with Level 1, and are consistently
applied at Level 3 and above. They ensure that support practices such as policies, planning,
resources, etc. are in place for supporting execution of data management processes.
6 Introduction
The DMM presents five levels of functional capability and maturity. Each process area level is
characterized by increasing achievements for process improvement of best practices. Table 2
provides a summary description and perspective for each level.
1: Performed Processes are performed ad hoc, primarily at the proj- Data is managed as
ect level. Processes are typically not applied across a requirement for the
business areas. Process discipline is primarily reactive; implementation of
for example, data quality processes emphasize repair projects.
over prevention. Foundational improvements may
exist, but improvements are not yet extended within
the organization or maintained.
4: Measured Process metrics have been defined and are used for Data is treated as a
data management. These include management of source of competitive
variance, prediction, and analysis using statistical and advantage.
other quantitative techniques. Process performance is
managed across the life of the process.
Introduction 7
FIGURE 3
CAPABILITY MEASUREMENT
For a process area to be scored at Capability Level 3, it must be performing all of the func-
tional practices for Levels 1, 2, and 3. Although process areas are independent, organizations
8 Introduction
For each process area, however, each capability level builds on the capabilities of all of the
previous levels. For example, to achieve Level 4, the organization must also meet the require-
ments of Levels 1, 2, and 3 in that process area.
MATURITY MEASUREMENT
Maturity assessment, as distinguished from capability measurement, requires that all process
areas being measured are being performed at the function capability level and also at the
same level in the infrastructure support practices. For a process area to be scored at a matu-
rity Level 3, the organization must be performing all of the functional practices for Levels 1, 2,
and 3 and all of the infrastructural support practices at Levels 1, 2, and 3. The maturity level
can be measured for single process areas, individual categories, or any combination of these,
up to and including the whole model.
For example, to achieve a Level 3 maturity rating in the category of Data Quality, the
organization must achieve at least functional capability Level 3, as well as the Infrastructure
Support Level 3 for all process areas within the Data Quality category.
Introduction 9
Management 20 Communications
Data Management
Strategy 24
Function
31 Business Case
37 Program Funding
The Data Management Strategy category encompasses process areas designed to focus on
development, strengthening, and enhancement of the overall enterprise data management
program. It provides an outline and specific best practices for achievement of the following: a
broad and unified internal perspective about the importance of the organization’s data assets
and what is required to manage and improve them; gaining agreements through explicit and
approved priorities; aligning the program with the organization’s business strategy.
Data Management Strategy advocates that, irrespective of the current level of data man-
agement maturity, significant stakeholder involvement is needed to develop the long-term
commitments required to achieve organization-wide cohesion and demonstrate value to
the business, according to shared and approved objectives and priorities. Achieving this
alignment with business goals and objectives is imperative to realize the greatest value to
the organization. Communications addresses the importance of bidirectional stakeholder
communication according to a planned approach that facilitates continued collaboration,
and determining the types and frequency of program information provided through multiple
channels. Because the data management program is both permanent and evolutionary, com-
munications should be carefully thought out and need to be well-managed and sustained.
The Data Management Function emphasizes the need to effectively scope, plan, and resource
data management activities as a sustained function; develop strong leadership; and inculcate
a shared stakeholder approach to data management roles and responsibilities. Business Case
helps an organization to frame, justify, and gain approval for data management initiatives
based on the scope and sequence plan created for the Data Management Strategy. Program
Funding addresses the development and ongoing justification of funding, and the funding
model employed for the data management program and its component projects, to provide
appropriate funding for phased, sustained data management improvements.
Maturity of the practices in this category will strengthen the form and structure of the data
management program, build ongoing advocacy and support from stakeholders, and help
the organization to achieve its strategic objectives with the confidence that results from a
comprehensive and thoughtful implementation.
PURPOSE
Defines the vision, goals, and objectives for the data management program, and
ensures that all relevant stakeholders are aligned on priorities and the program’s
implementation and management.
INTRODUCTORY NOTES
An effective data management strategy defines why the organization is implementing
a data management program, explains what the overall program aims to achieve,
and identifies how the various components of the initiative fit together. It needs to
accurately reflect the data suppliers’ and consumers’ business objectives to give
confidence to stakeholders that the data management program will be valuable.
A functional data management strategy should be developed collaboratively and
approved by all stakeholders. A current state assessment, including capability gap
analyses and identifying key dependencies, can foster alignment and provide a
foundation for buy-in to the strategy and the corresponding plan for implementation.
The data management strategy defines the overall framework of the program. A data
management strategy usually consists of, at a minimum:
• A vision statement, which includes core operating principles; goals and objec-
tives; priorities, based on a synthesis of factors important to the organization,
such as dependencies, perceived business value, alignment to strategic initia-
tives, and level of effort
• Business benefits
The data management strategy needs to reinforce the use of standards and outline
the overall governance framework that the organization will employ to make decisions
about implementation. It should also take into account major implementation consid-
erations, such as architectural initiatives and technology transformation initiatives
underway or planned, and it needs to define a sequence plan to guide implementation.
The strategy needs to identify the resource requirements for the data management
program, and the criteria that will be employed to evaluate program effectiveness.
Measures are defined and monitored throughout implementation to assess progress
against program objectives.
The organization’s data management strategy must be able to evolve as the needs
of the organization change. Collaboration is essential to building and maintaining an
effective data management program. One example of evidence of improved collabo-
ration is a broader and more evident responsibility for data quality, led by executives
and reflected throughout the data lifecycle. The most effective data management
strategies are those that are visibly and actively endorsed by executive management
and supported by mandatory organizational policy: in effect, institutionalized.
GOALS
1. Establish, maintain and follow a data management strategy that is aligned
with organizational strategy, approved by all relevant stakeholders, communi-
cated across the organization, and reflected in architecture, technology, and
business planning.
4. Develop, monitor, and measure an effective sequence plan for guiding the data
management program implementation.
CORE QUESTIONS
1. Do executive stakeholders visibly and actively support the data management
strategy?
4. How are projects aligned with the sequence plan that guides implemention of
the data management program?
5. Are staff capabilities and resources in place to architect, design, and lead the
data management program?
Is there a commitment to provide training to
enable maturity of the data management program?
Business Case provides information to help ensure that proposals to fund programs,
initiatives, or specific projects are in line with the data management strategy.
Level 1: Performed
2.1 Data management objectives, priorities, and scope are defined and
approved.
The subject areas within scope, that are relevant to a business unit or cross-
cutting initiative (for example, reference data used by multiple business
areas) are defined and approved by all stakeholders, including IT and lines of
business. When multiple business units are impacted, data governance should
be engaged. In addition, the scope should address requirements such as
externally procured data vital to business processes, regulatory requirements,
etc.
2.2 Data management objectives and priorities are aligned with business objec-
tives.
The subject areas within scope are mapped to business unit objectives,
functions, and processes. Data management priorities and objectives are
reviewed and modified with input from business unit stakeholders.
2.3 A process for prioritizing projects across a business unit from a data
perspective, as well as traceability to business objectives, is established and
followed.
2.4 A tactical plan for addressing data management objectives and priorities
across the business unit is established and maintained.
The business unit (or cross-cutting project) has developed a plan that
typically includes key milestones (e.g., component projects), major activities,
dependencies, resources, and identification of stakeholders.
2.5 Metrics are used to assess the achievement of objectives for data
management.
• Subject area mapping to functions that create, update, and delete data
• Business benefits
• Governance needs
3.2 Data management objectives for the organization are evaluated and
prioritized against business drivers and goals, and aligned with the business
strategy.
The scope of the data management program aligns with the enterprise
architecture, the target data architecture, and the existing and future
infrastructure. Typically, the data management function and governance
bodies play a significant role in orchestrating collaborative development and
ensuring a comprehensive strategy.
3.4 The sequence plan for implementation of the data management strategy is
monitored and updated, based upon progress reviews.
• Risk identification
• Resource usage
The data management function and data governance bodies are responsible
for ensuring effective communication of the data management strategy.
As business needs and strategy changes occur, the governance body
representing all business stakeholders is typically responsible for regularly
reviewing the priorities, objectives, and roadmap, as well as updating them
and following a defined process for approval.
As needed, policies are reviewed with respect to the strategy to evaluate the
need for new policies or enhancements to existing policies. Policies provide
the foundation for organization-wide compliance.
The strategy may also identify the need for new policies, which should be
included in the sequence plan.
3.7 Metrics are used to assess and monitor achievement of data management
objectives.
Level 4: Measured
4.1 Statistical and other quantitative techniques are used to evaluate the
effectiveness of strategic data management objectives in achieving business
objectives, and modifications are made based on metrics.
Changes made to the process for developing strategy and objectives typically
include the following:
• Improving the process employed for developing data management
objectives, priorities, and scope needed to achieve business objectives
Level 5: Optimized
5.1 The organization researches and adopts selected industry best practices for
strategy and objectives development.
PURPOSE
Ensure that policies, standards, processes, progress announcements, and other data
management communications are published, enacted, understood, and adjusted based
on feedback.
INTRODUCTORY NOTES
Data management communications include the policies, strategies, roles and respon-
sibilities, plans, and mechanisms for informing all relevant stakeholders about data
management in an effective and timely manner. The importance of data management
communications cannot be overvalued, both for establishing an effective program and
to support and improve data management capabilities, which are heavily dependent
on collaboration across the organization.
To ensure that the organization can achieve its objectives, promulgation of policies,
standards, and processes must be established in advance of the target adoption date
and commencement of compliance checks. A feedback process should be established
to support stakeholders’ questions, recommendations, etc. Measurement of the effec-
tiveness of the promulgation process can be assessed through the use of adoption
metrics.
GOALS
1. The data management communications strategy ensures that the right messages
20 Communications
CORE QUESTIONS
1. How are policies, standards, and processes for data management
promulgated?
Level 1: Performed
Level 2: Managed
Refer to Data Management Strategy for details of the strategy that need to be
communicated.
Communications 21
• Communications strategy
• Communications examples
Level 3: Defined
3.3 Standards, policies, and processes are promulgated across the organization
and adjusted based upon feedback.
3.4 Metrics are developed and used to measure effectiveness of the data
management communications.
• Communication plan
22 Communications
4.2 Statistical and other quantitative techniques are employed to improve data
management communications.
Level 5: Optimized
5.1 External data management communications are made with the purpose of
influencing public policies and industry best practices that impact data.
Communications 23
PURPOSE
Provides guidance for data management leadership and staff to ensure that data is
managed as a corporate asset. Executive oversight is critical to establish and maintain
data management principles, facilitate adoption, and ensure alignment across the
organization.
INTRODUCTORY NOTES
The data management function defines key components of data management
activities and provides guidance for interaction within the overall organization. The
resourcing and deployment strategy for data management resources is developed
based on objectives, within the parameters of the organization’s culture and existing
organizational structures with which the function will integrate.
In most organizations, the data management function has been operational for
a number of years, typically having originated within IT and closely linked to
development of data stores. As organizations have moved toward appreciating the
criticality and value of their data assets, the function and activities have expanded
and additional roles have been defined. The groups or individuals performing the data
management function have a sustaining role, and increasingly, a leadership role for
implementing data management capabilities and conducting compliance actitivities.
Data management success depends on business ownership of its goals and objec-
tives. Implementation or enhancement of the data management function should
be developed and communicated with stakeholders in alignment with the data
management strategy. This will not automatically resolve all challenges, but will assist
the organization in effective integration of the function and the groups or individuals
involved.
Achieving alignment evolves over time, and progress is not always linear. A failure to
take this into account will result in inaccurate scheduling estimates. Sustainability of
the data management function requires a culture of open communication, combined
with a willingness to institutionalize practices that create business value and curtail or
eliminate practices that don’t. Strong leadership and skilled and experienced staff are
equally important for continued success of the data management function.
The lines of accountability and responsibility for data management activities are
typically communicated in an organization chart, an interaction diagram, and a
responsible, accountable, consulted, informed (RACI) matrix. Some organizations
find it useful to outline the mission and objectives of the data management function
in the form of a charter. As the organization makes progress in its data management
program, the data management function will need to change to address new develop-
ments.
CORE QUESTIONS
1. Is the data management function defined such that it is clear to all relevant
stakeholders?
3. What role do executives play in the design and oversight of the data
management function?
Level 1: Performed
Level 2: Managed
2.2 Principles are defined and followed to guide the consistency of practices
related to data management.
Rarely can all activities and expectations be explicitly defined for every
eventuality. To help ensure consistency of practice when explicit guidance
is not available, guidelines and principles are used to help shape decisions.
Documented principles help to ensure alignment between stakeholder activ-
ities and those of data management staff across the business unit.
2.4 Agreements are in place that provide explicit expectation for the use of
shared staff resources with responsibilities for data management.
2.5 A mechanism exists and is followed to identify and apply needed changes to
enhance or redesign the data management function.
• Process documents
• Program guides
Level 3: Defined
3.2 The interaction model for the data management function ensures the
involvement of data governance for projects that use shared data.
3.3 A data management organization and specified structure are defined and
periodically reviewed to ensure that they meet the needs of the organi-
zation.
To ensure that the data management function meets the needs of the
organization, data management staffing should be managed from a strategic
3.4 Data management processes are established and maintained by the data
management function with governance approval.
Strong data management practices often require subject matter experts for
execution. These experts should be trained and, where appropriate, certified
in their specific discipline. Career paths and professional growth plans should
be established to ensure that these staff members have the means to increase
and hone their skills for the benefit of the organization. These resources are
valuable assets of the organization, and their skills and competency should
be formally recognized so that they can be leveraged across the organization.
Doing so will help to guide others with less training, will help to support
consistency of practices across the organization, and will facilitate institution-
alization of sound data management practices.
• Training records
• Project reports
• Performance measures
Level 4: Measured
4.1 The data management function has defined tasks that are measured and
assessed using statistical and other quantitative techniques.
• Performance measures
Level 5: Optimized
5.1 The operational plan for the continuous improvement of data management
activities must be prioritized.
5.2 Analysis using statistical and other quantitative techniques as well as the
use of process performance models leverages data to improve operational
efficiency.
PURPOSE
Provides a rationale for determining which data management initiatives should be
funded, and ensures the sustainability of data management by making decisions
based on financial considerations and benefits to the organization.
INTRODUCTORY NOTES
The business case is a proposal to fund programs, initiatives, or specific projects. It
describes scope, activities, and expected outcomes and a rationale comprised of a
total cost versus benefits of investment analysis.
The process of developing the business case fosters stakeholder support and
minimizes the tendency for the data management program to devolve into discon-
nected activities.
Business cases may be developed for the entire data management program, for
program elements requiring sustained funding, or for specific data management
projects. They have both strategic and tactical components.
For instance, at the program level, a strategic aspect of the business case recognizes
the need to reduce cross-functional data redundancy. As such, the business case
would address organization-wide challenges, including topics such as why the
organization is focusing on minimizing redundancy, business functions that are
impacted by redundancy, major existing issues that the program will address, etc. The
tactical component of this business case would define how strategic objectives will be
satisfied, including the following:
Business Case 31
Total cost of ownership (TCO), also referred to as total lifecycle cost, is a method of
discovering and analyzing “cradle to grave” costs of a program, product, or project.
For data management, a TCO analysis would address the objectives, resources,
enhanced capabilities, operational disruption, and other factors via a rational funding
approach accounting for multiple factors with cost implications over time. Although
total lifecycle analysis methods are frequently used for major expenditures and
programs, they are not frequently applied to data management initiatives, as some
costs incurred are often allocated to individual projects, creating a complexity
challenge for assessing an aggregate cost. An example is the accumulation of costs
due to re-architecting the same data sets or interfaces, from project to project.
Two dimensions are addressed in defining the total lifecycle cost: tangible costs,
such as data sourcing, tools, staff resources, IT, and manual reconciliation processes;
and intangible costs, such as data value to the business processes or for achieving
competitive advantage. Intangibles are challenging to quantify; the lack of hard
metrics makes tracing costs through the broad data management scope difficult.
However, TCO provides senior management with a baseline to evaluate achievement of
the program’s objectives over time, and to assess the adequacy of current funding. In
addition, when developing a TCO, it is preferable to utilize existing industry standards
if available, to assist management in benchmarking against peer organizations.
GOALS
1. Obtain executive sponsorship for the data management program.
2. Stakeholders approve and adopt the business case across lines of business.
3. Business cases justify and help to ensure sustainable financing for data
management initiatives.
CORE QUESTIONS
1. How does the organization determine the level of investment required for the
data management program?
2. How does the organization decide whether to develop one umbrella business
case or multiple, linked business cases?
32 Business Case
6. Does the business case reflect the data management sequence plan?
7. Has the Data Management Strategy sequence plan, supporting the business
case(s), been reviewed and approved by data management sponsors?
Data Management Strategy contains information about the scope, priorities, and
objectives of the data management program.
Level 1: Performed
1.2 The benefits and costs of data management are documented and used in
local funding decisions.
Level 2: Managed
Business Case 33
2.3 The data management business case for new initiatives aligns with business
objectives and data management objectives.
Business cases should reference and align with business objectives as well
as key data management initiatives to which the project contributes. An
example is an organization focusing on development of a glossary of business
terms. There may be a requirement in the business case for the project to
contribute new or modified terms to the glossary.
Refer to Data Management Strategy for information about the scope, prior-
ities, and objectives of the data management program.
Level 3: Defined
3.1 The data management business case is developed according to the organi-
zation’s standard methodology.
3.2 The business case reflects analysis of the data management program’s total
cost of ownership, and allocates cost elements to organizations, programs,
and projects in accordance with the organization’s financial accounting
methods.
3.4 Cost factors comprising data management TCO are managed and tracked
across the data management lifecycle.
34 Business Case
The Funding Model provides information about funding and cost allocation
models required to be tracked and reported, and used for cost comparison
and business case development.
Level 4: Measured
4.1 Data management TCO is employed to measure, evaluate, and fund changes
to data management initiatives and infrastructure.
4.2 Statistical and other quantitative techniques are used to analyze data
management cost metrics to assess data management TCO and collection
methods.
Business Case 35
• Infrastructure budgets
• Audit results
Level 5: Optimized
36 Business Case
PURPOSE
Ensure the availability of adequate and sustainable financing to support the data
management program.
INTRODUCTORY NOTES
Program funding processes enable sustainable financial support, based on overall
benefits and costs. In addition, they define the allocation method for distributing
costs among business sponsors and projects, and facilitate stakeholder alignment on
data management funding. Program funding defines the framework used to evaluate
and prioritize business cases (e.g., total cost of ownership, total lifecycle cost, return
on investment) for determining and approving the required financing to sustain data
management.
The specific model that is implemented to facilitate program funding will depend on
the preferred approach of the organization. Program funding addresses the following:
investment criteria and priorities, budget management, benefits delivered versus
expected, ongoing management, and allocation method. An organization should
expect its program funding method to evolve as the maturity of its data management
program evolves.
GOALS
1. Priorities and criteria for both discretionary and nondiscretionary investment
are established and followed.
2. Sustainable program funding methods for making cost and benefit allocations,
managing expenditures, and establishing priorities are defined and followed.
Program Funding 37
2. How does data governance provide oversight for data management funding?
4. Does the funding model reflect the organization’s business models, priorities,
and financial decision processes?
6. Does the funding model consider all expenses of data management (e.g.,
projects, unique applications, urgent requirements)?
Level 1: Performed
1.1 Data management projects are funded on the basis of cost-benefit analyses.
Level 2: Managed
2.1 Data management initiatives are financed based upon funding criteria
addressed by the business case.
38 Program Funding
Data management costs come from a variety of sources, from data acqui-
sition costs, purchasing licenses to tools, IT system implementation and
maintenance, and staff to manage all the activities.
Level 3: Defined
A standard method for mapping costs and calculating benefits for data
management is established and followed across the organization.
3.2 Program funding priorities align with the objectives and priorities of data
management.
Program Funding 39
Level 4: Measured
4.1 Metrics are defined and statistically analyzed to evaluate the effectiveness
and accuracy of program funding in meeting organizational objectives.
Level 5: Optimized
5.2 Optimization techniques and predictive models are employed for analysis
of the anticipated results of proposed modifications to program funding
methods prior to implementation.
40 Program Funding
Metadata
58
Management
42 Data Governance
The Data Governance category encompasses process areas designed to help an organization
achieve strong participation across the organization for critical decisions affecting the data
assets. It provides best practices for implementing a data governance program and structure
capable of functioning consistently across the broad scope of shared responsibilities;
expanding and managing the organization-wide collection of approved business terms em-
ployed in the target data architecture, taxonomies, and ontologies; and the development and
implementation of metadata to fully describe the organization’s data assets.
In addition to building data management functions, governance may include the manage-
ment of external or regulatory requirements, and external shareholders with an interest
in data management activities and outcomes. More generally, governance also includes
monitoring data management results to ensure that the organization receives the desired
outcomes and business value from data management activities.
Maturity of the practices within this category will create a corporate culture of shared
responsibility for the data assets. Maturity enables improved data quality, supports data
integration, facilitates the design and implementation of the target data architecture, and
helps the organization to develop a thorough and detailed knowledge of the as-is data layer
and the lineage of data through business processes, data stores, and systems.
Data Governance 43
PURPOSE
Develop the ownership, stewardship, and operational structure needed to ensure that
corporate data is managed as a critical asset and implemented in an effective and
sustainable manner.
INTRODUCTORY NOTES
Effective data governance management provides oversight, ensures stakeholder
collaboration, and facilitates decisions for critical data subject areas. Data governance
management addresses three basic data governance functions supporting the organi-
zation’s data assets: building, sustaining, and compliance. Building is the creation
of new capabilities through the new or enhanced governance structures; sustaining
consists of the processes for collaboration, evaluation, and decision making; and
compliance is instituted and managed to control data assets.
• Address regulatory and other external requirements, data security, and access
• Enforce compliance
Data governance is customized to best address these functions for the organization.
For example, an executive governance body may be charged with oversight for
the interconnections that must be established among business, technology, and
operations regarding the data assets within scope. A committee of data stewards may
be created to oversee subject areas, define priorities, and minimize conflicts. Data
working groups may be formed to develop the metrics and milestones for the data
management program. Tactical work groups may be formed from, or at the direction
of, governance bodies to perform a variety of tasks, such as to assure the quality of
critical data attributes, to perform business analysis, to interface with information
architects, and to triage and resolve business challenges with data.
The data governance function may begin by focusing on a small set of business
domains, but it typically expands over time to include additional subject areas and
responsibilities. Master data governance is often an initial focus for developing an
overall enterprise data governance capability, as it requires collaboration from multiple
business areas. To implement governance successfully, the organization needs to
develop a deployment plan to ensure that governance, program funding, and data
management oversight will be rolled out smoothly in the business environment. Key
factors for a successful implementation of data governance include the following:
44 Governance Management
GOALS
1. A process is established and followed for aligning data governance with
business priorities, including ongoing evaluation and refinement to address
changes in the business such as the need to encompass new functions and
domains.
2. Data governance ensures that all relevant stakeholders are included, and that
roles, responsibilities, and authorities are clearly defined and established.
CORE QUESTIONS
1. Does data governance provide mechanisms to facilitate collaboration and
decision making across lines of business and IT functions?
3. How does the organization define roles and responsibilities and ensure that all
relevant stakeholders are involved?
6. How does the executive sponsor(s) of data governance actively support the
effort?
10. Is there appropriate training in place for staff involved in data governance?
11. What is the compliance process to carry out the decisions of the data
governance body?
Governance Management 45
Level 1: Performed
1.2 Ownership, stewardship, and accountability for data sets are primarily
project-based assignments.
Level 2: Managed
46 Governance Management
Level 3: Defined
Standard conflict and issue resolution processes for data governance are
developed and adopted across the organization.
The data governance charter(s) and operational rules establish the method
for resolving conflicts and the criteria for escalation.
3.3 Data governance includes representatives from all business units, which are
suppliers or consumers of high-priority data subject areas.
Governance Management 47
Data governance bodies determine what type of training is needed for each
role for new members.
3.8 Data governance activities and results are analyzed against objectives
periodically and reported to executive management.
Level 4: Measured
4.2 Adjustments to data governance activities and structure are made based on
analysis results.
Level 5: Optimized
5.1 External governance structures and industry case studies are evaluated for
best practices and lessons learned, providing ideas for improvements.
48 Governance Management
Governance Management 49
PURPOSE
Supports a common understanding of terms and definitions about structured and
unstructured data supporting business processes for all stakeholders.
INTRODUCTORY NOTES
The business glossary is an approved, governed compendium of business term names
and definitions. The process defines how the organization creates, approves, updates,
and promulgates consistent business terms and definitions, fostering shared data
usage across the organization. Consistent terms and definitions, with corresponding
metadata, are essential to managing corporate data in the context of meaning.
The business glossary provides a stable foundation for understanding and integrating
data across the organization. The goal of the business data glossary is to ensure that
each term refers to a specific, atomic fact without ambiguity or duplication. This
enables a broad range of important data management functions and accomplish-
ments, which include the following:
• Data quality
• Content management
• Custom-to-COTS migrations
• Risk analysis
The business glossary is the core of the organization’s data infrastructure. Although it
is simple in concept, it can be a significant challenge to define, reconcile, harmonize,
qualify, approve, and maintain shared business terminology. Consistent business
meaning is important, although not always obvious to the lines of business within an
organization, because distinctions between business terms employed by a business
unit, versus an organization-wide perspective, are not typically well defined or
documented. In addition, terms used by multiple business units often have connotative
meanings that must be explored, rationalized, and decided upon through agreements.
50 Business Glossary
It is critical to develop a defined process by which business terms and their corre-
sponding definitions are created, updated, maintained, and promulgated. Management
of the organization’s business glossary requires adopting the view that synthesis of
meaning is essential for long-term data management success. Because reconciliation
of data names, definitions, allowed values, and other associated metadata cuts across
existing systems, it is advisable to align the sequence with the priorities established in
the data management strategy.
How best to sequence and prioritize portions of the glossary depends upon the nature
of the initiative. Data warehousing projects (e.g., designing and building an opera-
tional data store) tend to sequence and prioritize sets of data defined by subject area
(e.g., transactions, products, customers, etc.). The data needed to perform business
processes, for applications and business intelligence purposes, frequently extends
horizontally across subject areas. Ideally, once the organization has mandated the
goal of building out a full and comprehensive business glossary, progress is achieved
through multiple avenues: top-down, fed by multiple glossaries maintained by the
lines of business; by leveraging major initiatives; and bottom-up, by harvesting data
models or database scripts.
GOALS
1. The language that represents the data is unambiguously aligned with the
language of the business.
Business Glossary 51
CORE QUESTIONS
1. Is there a policy mandating use of and reference to the business glossary?
4. Are business terms referenced as the first step in the design of application
data stores and repositories?
Metadata Management will help to identify which data is used for what purposes, as
well as identify what systems and models are using the data.
52 Business Glossary
Level 1: Performed
Refer to Data Lifecycle Management, which will assist in identifying all the
data management activities to help develop awareness of terms and business
needs across the organization.
1.2 Logical data models are created with reference to defined and approved
business terms.
Refer to Metadata Management, which will help to identify which data is used
for what purposes, as well as identify what systems and models are using the
data.
Level 2: Managed
Creating the business terms process involves input from stakeholders, data
governance, and business unit experts with the data management function
taking the lead, sponsored by a senior executive. This will facilitate sustained
participation among the multiple business units, establish shared goals and
objectives, and foster agreement on the desired outcome and corresponding
timeline.
Business Glossary 53
• Definition
2.2 Standard business terms are readily available and promulgated to relevant
stakeholders.
As business terms are created and approved, they should be published and
promoted. Examples include email announcements of releases, and notifi-
cation via the corporate portal, at a reasonable frequency. This is important
for change management success. The organization may elect to roll out the
process in phases, for example, by business unit for major upcoming devel-
opment efforts, etc.
Refer to Data Lifecycle Management, which helps to identify all the current
activities associated with data management to aid in development and
management of the business glossary.
2.3 Each business term added to the business glossary has a unique name and
unique definition.
When terms are developed from a “base term” (e.g., “Trade Price” or “Product
Name”), one or more qualifying words may be added, such as “Last Trade
Price” or “Short Product Name,” with a corresponding unique definition. The
qualifying words and the modification to the base term definition should be
approved by data governance. Where there is a prevailing industry standard
to which the organization must adhere, business terms and definitions should
be validated against authoritative sources.
54 Business Glossary
Level 3: Defined
3.1 The organization uses the approved business glossary in the development of
shared repositories, data transfer standards (e.g., XML), ontologies, semantic
models, and similar initiatives involving corporate data.
While the organization may initiate the standardization effort for one
business unit, subject area, or major project, the full value of adhering to this
process will be realized over time as it is consistently applied in appropriate
phases. Application of resources to compliance monitoring within the devel-
opment lifecycle is required.
Business Glossary 55
3.5 Metrics are captured and used to evaluate the organization’s progress
toward a comprehensive business glossary.
Metrics are not only a gauge of progress for meeting objectives and
timelines, but help to maintain enthusiasm among the many participants in
the sustained glossary development effort.
3.6 Compliance monitoring processes are used to verify correct use of business
terms, highlight exceptions, and ensure they are addressed.
Level 4: Measured
4.1 Statistical and other quantitative techniques are used to manage the process
and develop reporting and projections on business glossary integration for
senior management.
4.2 The business glossary is integrated into the organization’s metadata repos-
itory with appropriate access permissions.
4.3 The business glossary uses standard industry business terms and definitions
as appropriate.
56 Business Glossary
Level 5: Optimized
5.1 The business glossary is enhanced to contain associated business rules and
ontology structures, and is consistent throughout the organization.
5.3 The organization publishes white papers and case studies addressing
effective management of business terms.
Business Glossary 57
PURPOSE
Establish the processes and infrastructure for specifying and extending clear and
organized information about the structured and unstructured data assets under
management, fostering and supporting data sharing, ensuring compliant use of data,
improving responsiveness to business changes, and reducing data-related risks.
INTRODUCTORY NOTES
Metadata is a category of information that identifies, describes, explains, and provides
content, context, structure, and classifications pertaining to an organization’s data
assets and enables effective retrieval, usage, and management of these assets.
• Data architecture
• Data requirements
• Data lineage
• Historical data
• Records retention
• Data archiving
• Data integration
• Data provenance
• Data standards.
Technical Metadata: Describes data assets instantiated in the physical data layer as
well as their transformations through automated processes. It describes the content
and location of data stores and interfaces, including information about tables, field
structures, data types, columns, links to related files, indexes, etc. Technical metadata
58 Metadata Management
GOALS
1. Senior managers appreciate the value of metadata because it is expressed in a
language they can understand.
3. The contents of the metadata repository span all relevant categories and
classifications of data assets under management, and accurately reflect the
implemented data layer of the organization.
CORE QUESTIONS
1. Is the metadata strategy defined and aligned with internal and selected
external standards?
4. What is the method for developing and evaluating standards and processes
for metadata management?
Metadata Management 59
7. Are roles and responsibilities clearly defined for the capture, updating, and
use of metadata?
Data Integration gives information about generating and managing data mapping and
transformation metadata.
Level 1: Performed
• Attribute name
• Table name
• Column name
• Data type
60 Metadata Management
• Allowed values
• Default values
• Mandatory/Optional indicator
Level 2: Managed
• Data movement
• Usage (e.g., for reporting and within the system development life cycle—
SDLC)
The Data Management Lifecycle will help to identify where data is used and
changed. This information helps to provide a source of information related to
interdependencies.
Metadata Management 61
• Data destinations
62 Metadata Management
• Metadata repository(ies)
• Metadata standards
• Audit results
Level 3: Defined
As systems become more integrated and coupled, and often include external
systems where dependencies are based on contract, it’s important that
the metadata strategy addresses all of these data sources and related
exchange standards. Adoption of externally accepted industry standards, as
appropriate, helps to mitigate internal differences and to increase the organi-
zation’s interoperability with customers and clients, peers, and regulatory
bodies.
Metadata Management 63
• Business rules
–– Business glossary
–– Enterprise logical data model
–– Logical data model
–– Physical data model
–– Database schem
–– BI layer
• Physical data lineage (sources-transformations-targets)
Metadata differs from data as the range of issues is broader, more technical,
and relates to other topics that are not usually part of the normal data
lifecycle processes. Metadata is more highly impacted by projects, and its
scope and depth make it challenging from a data governance perspective.
Notwithstanding the important difference between establishing versus
maintaining metadata, aligning project-based metadata into an overall data
64 Metadata Management
Due to the range and extent of metadata throughout the business and
technology environment, roles and responsibilities will involve many staff
in multiple areas. It is usually best to assign the data management function
to lead and drive the collaborative effort, and to fully inform and obtain
approval from stakeholders, as a number of their staff members will need to
devote time to the effort. Data governance, with representatives from across
the organization, can address final approvals and ensure agreements.
3.5 Measures and metrics are used to evaluate the accuracy and adoption of
metadata.
• The costs associated with the movement of data across the lifecycle (and
how much is at risk), especially if the lineage is fragmented
3.6 Metadata, and any changes to metadata, are validated against the existing
architecture.
Metadata Management 65
Level 4: Measured
4.2 Metadata types and data definitions support consistent import, subscription,
and consumption practices.
Refer to Data Integration for information about generating and managing data
mapping and transformation metadata.
4.4 New metadata management activities are guided by metadata metrics and
historical information about metadata.
4.6 Statistical analysis reports for process, reporting, and performance are
included in the metadata repository and employed to support fact-based
decision making for new metadata management initiatives.
66 Metadata Management
Level 5: Optimized
5.1 Root cause analysis is conducted to reduce the variations between the
repository information and the data it describes.
5.4 Planned data changes are evaluated for impact on the metadata repository;
and metadata capture, change, and refinement processes are continuously
improved.
Metadata Management 67
77 Data Profiling
Data Quality
84
Assessment
90 Data Cleansing
68 Data Quality
The Data Quality category encompasses process areas designed to provide the means for
an organization to fully understand the nature and quality of the data under management,
as well as mechanisms to evaluate, prevent, and remediate defects, to assure that the quality
of data meets business purposes and the organization’s strategic objectives. In short, these
process areas collectively describe a comprehensive data quality program, driven by a data
quality strategy.
The Data Quality Strategy is foundational to all data quality management activities. It
describes activities designed to help the organization develop a defined, approved integrated
plan to ensure that the quality of data meets business needs. Data Profiling and Data Quality
Assessment contain activities that help the organization assess the data under management
against a set of quality objectives, which are defined in the Data Quality Strategy. Achieving
efficiencies and successful, repeatable processes for Data Cleansing activities reduces effort
and lowers costs, enabling the organization to assure “fit for purpose” data assets across its
data sets and physical data stores.
Maturity of the practices described in this category will help to translate business goals and
priorities into actionable plans designed to execute as an organization-wide program to
actively manage data across all dimensions of quality. This enables the organization to realize
maximum value from its data assets and to capitalize on opportunities that require accurate,
trusted data.
Data Quality 69
PURPOSE
Defines an integrated, organization-wide strategy to achieve and maintain the level of
data quality required to support the business goals and objectives.
INTRODUCTORY NOTES
Data quality strategy defines the goals, objectives, and plans for inproving data
integrity. It is the blueprint used to inculcate a perspective of shared responsibility
for the quality of data. The data quality strategy should address the following items:
meaning; data store design (e.g., referential integrity, normalization, cardinality,
hierarchy management, optionality constraints); and business process. All four
components need to be addressed, and in addition, the data quality strategy needs to
be aligned with the target data architecture. Another goal of a complete data quality
strategy should be to address and reduce ROT (redundant, obsolete, and trivial)
information in the data.
The data quality strategy is created based on an analysis of existing major quality
issues and business objectives for trusted data. Data quality objectives cannot be met
solely by technologies and techniques alone. High quality is the result of continued
scrutiny shared and communicated across the organization by all stakeholders.
An implementable data quality strategy may require a cultural shift, obtained by
strong support of executive management and sustained promoting, educating, and
mandating attention to the data assets.
When defining the data quality strategy, organizations should include guidance for the
criteria against which data quality will be measured. It is recommended that criteria
be defined for each of the dimensions of quality. A number of different dimensions of
quality can be measured. A sample set is presented below:
• T
imeliness – criteria related to the currency of content and availability to be
used when needed
GOALS
1. A data quality strategy, collaboratively developed with lines of business, is
aligned with business goals.
2. Data quality priorities and goals are translated into actionable criteria, and are
aligned with organizational objectives.
4. Data quality processes are integrated and aligned with the data quality
strategy.
CORE QUESTIONS
1. Is data quality emphasized in all initiatives involving the data stores?
4. What organizational units are tasked with data quality initiatives? How are
decisions made about standards, methods, and techniques?
7. Does the data quality strategy clearly describe objectives, policies, and
processes?
Level 1: Performed
1.2 Business stakeholders participate in setting data quality criteria and objec-
tives.
1.3 Data quality plans are followed; rules are implemented; criteria are
monitored.
Level 2: Managed
• Implementation priorities
• Quality criteria
• Compliance process
2.4 Data quality requirements are articulated employing data quality dimensions
selected by the organizations.
2.5 The data quality strategy is created with reference to business objectives
and plans, and is approved by executive management.
2.6 Plans to meet the goals and objectives of the data quality strategy are
monitored to evaluate progress.
Level 3: Defined
3.1 The data quality strategy is followed across the organization and is accom-
panied by corresponding policies, processes, and guidelines.
3.3 A defined process for defining benefits and costs for data quality initiatives
is employed to guide data quality strategy implementation.
The data quality strategy should provide justification for the value and
importance of implementation outcomes. A clear value proposition should
be established for executing the strategy. Determination of the benefits
and costs of data quality may include an ROI analysis, cost implications of
defects, and business opportunites tied to improvements.
3.4 The policies, processes, and governance contained in the data quality
strategy are anchored across the data lifecyle, and corresponding processes
are mandated in the system development lifecycle methodology.
3.5 Data quality projects, such as data profiling, data assessments, data
cleansing, and risk assessments are aligned with the business needs
identified in the data quality strategy and the cost-benefit analysis.
The sequence plan is monitored by data management with input from gover-
nance bodies.
Level 4: Measured
4.1 Data quality metrics are employed to analyze proposed changes to the data
quality strategy.
Producing a strategy to meet the data quality needs of the organization is not
a once-and-done activity. Once developed, the execution of the strategy must
be closely monitored, as well as the changing needs of the business. Both
must be regularly evaluated to ensure the strategy achieves, and continues to
achieve, the business needs for quality. As shortfalls are identified or gaps are
discovered, the strategy must evolve, which may involve changes of focus or
adjustments to ongoing projects.
4.3 Stakeholder reports of data quality issues are systematically collected. Their
expectations for improving data quality are included in the data quality
strategy, and are measured and monitored.
Documented business needs and data quality criteria and stakeholder expec-
tations do not always match. Unless stakeholders have been involved in the
development of the data quality strategy, it is easy for them to believe that
their quality expectations are not being met. To guard against this and ensure
that the levels of quality are meeting business needs, the success factors
4.4 The performance of policies, processes, and guidelines, which are defined
to support the data quality strategy, are adjusted based on performance
metrics analysis results.
Level 5: Optimized
5.1 Data quality program milestones and metrics are regularly reviewed by
executives, and continuous improvements are implemented.
PURPOSE
Develops an understanding of the content, quality, and rules of a specified set of data
under management.
INTRODUCTORY NOTES
Data profiling supports an effective data quality program and is an important first step
for many information technology initiatives. Data profiling should be conducted both
periodically for critical data stores, and event-driven as an important activity in evalu-
ating data quality for a specific purpose. For example, organizations may profile data
prior to finalizing the design of a data warehouse, populating a metadata repository,
performing data conversion or migration, planning for data store consolidation, or
whenever a data store is modified.
Data profiling is a discovery task, revealing what is stored in databases and how
physical values may differ from expected allowed values listed in metadata repos-
itories or data store documentation. Profiling typically examines values, ranges,
frequency distributions, divergent metadata, nonstandard record formats, etc. It also
may include testing the accuracy of business rules and analysis of known issues.
Data profiling differs from Data Quality Assessment in that profiling activities result in
a series of conclusions about the data set, whereas the assessment process evaluates
how well the data meets specific quality requirements. Data profiling is typically the
first step in conducting data quality assessments.
It is recommended that an organization survey the projects and data stores for
which data profiling is currently performed, establish standard criteria for when data
profiling should be performed, and implement a standard process for its execution.
Prioritization of candidate data stores and data sets (internal or external) for profiling
is based on business needs and objectives expressed in the data quality strategy.
GOALS
1. A standard set of methods, tools, and processes for data profiling is
established and followed.
Data Profiling 77
2. Has the organization trained or acquired staff resources with expertise in data
profiling tools and techniques?
4. Do policies and processes specify the criteria for a data store to undergo
profiling?
Architectural Standards contains best practices that support the design and data
representation standards referenced in data profiling efforts.
Level 1: Performed
Level 2: Managed
78 Data Profiling
2.3 Plans for profiling a data store are shared with relevant stakeholders and
data governance.
2.4 Data profiling activities are conducted according to the plan, and efforts are
adjusted when significant deviations from plan are detected.
2.5 Data profiling results and recommendations are reported to the stake-
holders.
• A
pproved data profiling plan and schedule
• D
ata profiling findings reports and metrics
• P
roposed business rule additions based on data profiling
Data Profiling 79
Level 3: Defined
3.2 All techniques identified to meet the profiling objectives are performed.
While data profiling can be considered primarily a discovery activity, it is
typically initiated to meet specified objectives. The profiling techniques
and tools employed must support achieving those objectives. Tailoring of
techniques and templates may be required. Often a profiling effort has several
phases; for example, out of the box profiling checks (e.g., value ranges, ID
uniqueness, etc.); standardization analysis (e.g., addresses, syntax); tests
for selected business rules; and known issues (which may require complex
queries).
The data profiling team should be fully conversant in all techniques and
corresponding tool capabilities selected for the profiling activities.
3.4 Data governance is engaged to identify core shared data sets and the corre-
sponding data stores that should be regularly profiled and monitored.
The organization should have defined rules for when various data sets are
profiled (e.g., when data is acquired; or prior to being consolidated, migrated,
exported, analyzed, reported for compliance purposes, or structurally trans-
formed).
3.5 Profiling processes are reusable and deployed across multiple data stores
and shared data repositories.
Sharing and mentoring among peers to build data profiling best practices
should occur across the organization, because data quality activities are
often highly valuable but resource-intensive. Therefore, it is desirable to
leverage efficiencies and avoid rework. Some organizations find that the most
effective approach is to operate with a single data profiling team with skilled
staff for all data profiling efforts.
80 Data Profiling
Most data store development efforts (for example, creation of a new data
warehouse) should include data profiling activities as a planned part of the
project. Institutionalization of data profiling practices requires that the SDLC
include reference and guidelines for these activities, and that tailoring criteria
are defined and followed.
Level 4: Measured
• Data quality measures should also indicate how well the staff performed
the data profiling activities. The evaluation of plans and execution (actual
vs. estimates) should consider such things as use of techniques, impact
of results and decisions, compliance with methods and standards, quality
of output, and level of effort.
4.2 Data profiling efforts include evaluation of the conformity of data content
with its approved metadata and standards.
Data Profiling 81
4.3 During a data profiling activity, actual issues are compared to the statisti-
cally predicted issues based on historical profiling results.
4.4 Results are centrally stored, systematically monitored, and analyzed with
respect to statistics and metrics to provide insight to data quality improve-
ments over time.
• Data quality portal displaying data quality models and results to be used
for performance baselines
Level 5: Optimized
5.1 The organization addresses root causes of defects and other issues based on
an understanding of the meaning, technical characteristics, and behavior of
the data over time.
5.2 Data profiling processes and other activities are analyzed to identify
defects and make improvements based on the quantified expected benefits,
estimated costs, and business objectives.
Data profiling results performed on the same data over time can be statisti-
cally analyzed periodically to measure the performance of profiling activities.
5.3 Real-time or near-real-time automated profiling reports are created for all
critical data feeds and repositories.
82 Data Profiling
• C
ontrol charts demonstrating that the processes used across data stores
have stabilized (data stores have been sufficiently profiled)
• D
ata profiling process objectives for improvement included in standard
data management strategies, programs, and reports
• R
eal-time data profiling reports generated on schedule
• C
onclusions drawn from data profiling process analyses and recommen-
dations for improvement
Data Profiling 83
PURPOSE
Provides a systematic approach to measure and evaluate data quality according to
processes, techniques, and against data quality rules.
INTRODUCTORY NOTES
Data quality assessments support the development and attainment of predefined
quality expectations and measure data quality for the most important business data
attributes, organized by subject area. Initiation of assessments is driven by business
priorities, often focused on highly shared data required by multiple business areas,
data required for accurate financial statements, and data sets supporting critical
business processes.
Quality assessments should be performed against those data elements that are
deemed critical to the organization; for example, data that contribute directly to the
success of the organizational objectives, are used as part of regulatory or internal
compliance reporting, are designated as critical employee data, or are necessary for
operational decision making. It is important to ensure that policies provide guidance
for what are determined to be critical data sets and data elements.
Targets (the level of quality desired); thresholds (the level of quality tolerated); and
metrics are established for attributes in the selected data sets. These measures and
metrics are typically captured and published in a scorecard or dashboard format.
Assessment results facilitate root cause analysis and are key inputs into the organiza-
tion’s data quality improvement plans.
To support these efforts and determine benefits, it is helpful to categorize the data
quality impacts as part of the assessment process. Categorizing impacts such as cost,
risk, compliance, productivity, etc. will also assist with prioritizing data cleansing
plans.
The organization may move toward a subject area-based approach to data quality
assessment as the governance function and target data architecture matures. For
example, in the subject area approach, the data stewards for customer information
would accept responsibility for developing and monitoring data quality rules for
shared customer data on behalf of the organization, and would be the “owners” of
that portion of the organization’s data quality dashboard. Key data stores that create
or update customer information would be regularly monitored to determine if the
acceptable quality thresholds and targets are being met; if not, the customer data
stewards would initiate root cause analysis and sponsor the resulting improvements
for remediation and defect prevention.
GOALS
1. Establish and sustain a business-driven function to evaluate and improve the
6. Utilize the results and conclusions of data quality assessments to develop and
enhance data quality improvement plans.
CORE QUESTIONS
1. Are standard data quality assessment techniques and methods documented
and followed?
2. How are data quality assessments conducted, and are they scheduled or
event-driven?
3. Are standard data quality rules developed for core data attributes?
5. Are the business, technical, and cost impacts of data quality issues analyzed
and used as input to data quality improvement priorities?
Level 1: Performed
1.1 Data quality assessments are performed and results are documented.
2.1 Data quality assessment objectives, targets, and thresholds are established,
used, and maintained according to standard techniques and processes.
2.2 Data governance determines the key set of attributes by subject area for
data quality assessments.
Defining the set of key attributes by subject area is essential to managing the
quality of shared data assets for the organization. Data governance approves
the key attributes and ensures that the value expected will exceed the costs
associated with managing and assessing those attributes; it also establishes
stewardship of terms and definitions, including how data quality is defined
and measured to ensure consistency across the organization. This function
also includes the selection of data quality dimensions against which the data
will be assessed.
Within data quality assessments, the data quality is evaluated from a business
unit perspective for consistency with defined data quality dimensions and
criteria.
• S
upporting rationale typically includes root cause analysis and impact
assessments, which help to determine corrective action options and
support prioritization decisions for data quality improvements.
2.5 Impact analysis includes estimates of the costs of fixes, the level of effort,
characterization of the business impact, and tangible and intangible
benefits.
Level 3: Defined
3.1 Periodic data quality assessments are conducted in accordance with data
quality policies on an approved schedule, or according to specified event
triggers.
3.2 The methods for assessing business impacts, including costs and risks, are
defined, approved, and consistently applied across the organization.
3.3 Improvement plans resulting from data quality assessments are integrated at
the organization level.
3.4 Data quality is assessed using established thresholds and targets for each
selected quality dimension.
Refer to Data Quality Strategy for information on best practices for devel-
oping data quality dimensions.
3.5 Data quality measurement reporting standards are integrated into the
systems development lifecycle and compliance processes.
Level 4: Measured
• D
ata quality assessment progress reports for improvements
• D
ata quality confidence surveys (e.g., determining the level of user trust
for a given data set).
Level 5: Optimized
5.1 The organization can quantitatively assess the benefits of proposed data
changes and refine management priorities in line with data quality gover-
nance practices.
5.2 Data quality assessment and reporting processes are continuously reviewed
and improved.
PURPOSE
Defines the mechanisms, rules, processes, and methods used to validate and correct
data according to predefined business rules.
INTRODUCTORY NOTES
Data cleansing focuses on data correction to meet end user criteria as determined by
data quality business rules addressing all applicable quality dimensions. Business rules
provide a standard baseline for identifying data defects or anomalies which can affect
business operations.
Data cleansing should be conducted at the data source or close to the original
creation point, and should follow data profiling and data quality assessment analysis
when possible. The organization should develop a data cleansing strategy to guide
sharing and reuse of cleansing rules and to minimize duplicate or conflicting cleansing
processes throughout the data lifecycle. Data corrections must be published for
upstream systems and all downstream repositories. A consistent process for escalating
issues should be documented. Data changes should be verified with internal and
external data providors.
When developing the data quality strategy, it is recommended that, similar to data
profiling and data quality assessments, organizations analyze events and establish
criteria for when data cleansing activities are triggered and performed. Typically, data
cleansing is more frequently conducted on key shared data stores or identified critical
data elements, but it is advisable, subject to criticality and budget, to extend the
reach of this discipline to operational systems providing data to other destinations as
a standard practice. As with data profiling, data cleansing criteria are recommended
to be subject to tailoring. Factors for tailoring may include data store size; data
store criticality; specific business or compliance requirements; and events, such as in
advance of a redesign or consolidation, etc.
GOALS
1. A data cleansing strategy has been created and is consistently followed.
CORE QUESTIONS
1. Does the organization have a reusable set of data cleansing processes
(automated and manual) to resolve data quality issues?
90 Data Cleansing
10. How does the organization define, institutionalize, and monitor the data
cleansing process?
Data Quality Assessment and Data Profiling provide information that can be leveraged
to prioritize and guide data cleansing.
Level 1: Performed
Level 2: Managed
2.1 Data cleansing activities adhere to data cleansing requirements, which are
linked to process improvements to achieve business objectives.
Data cleansing requirements are often derived from data profiling, data
quality assessments, change requests, identification of report discrepancies,
and regulatory audits. Requirements typically identify the following topics:
• What problem to solve (i.e., business objective not being met as a result
of the data issue)
Data Cleansing 91
• How the target state of the data will solve the problem
2.2 Data cleansing activities conform with data quality requirements (e.g.,
quality dimensions such as conformity, accuracy, uniqueness) and quality
criteria.
• D
etermine where the changes needs to be made
• R
econcile any changes with respect to the data’s original intent, versus
the implied meaning resulting from the cleansing requirement. This
92 Data Cleansing
2.6 Methods for correcting the data have been established and are defined
within a plan.
2.7 Data cleansing issues are communicated and resolved, when possible, in the
internal or external source.
Data Cleansing 93
Level 3: Defined
See the Metadata Management for guidance on ensuring that necessary infor-
mation is managed to support this activity.
3.2 Policies, processes, and procedures exist to ensure that data cleansing activ-
ities are applied at the point of origination in accordance with published
rules.
3.3 Data cleansing rules are applied consistently across the organization.
Quality rules and business rules for data elements that are shared among
multiple business lines should not diverge unless a considered excepetion has
been approved.
3.5 Standard data cleansing results report templates, at the detail and summary
level, are employed.
• Traceability matrix
94 Data Cleansing
• RACI matrix for data cleansing governance, activities, and rule devel-
opment
Level 4: Measured
4.1 Service level agreements include data quality criteria to hold data providers
accountable for cleansed data.
• Feedback documentation
Level 5: Optimized
5.2 Data cleansing requirements for data providers are managed in accordance
with standardized processes.
• S
LAs include cleansing processes and expectations for data providers
Data Cleansing 95
Provider
111
Managment
96 Data Operations
The Data Operations category encompasses process areas designed to help an organization
ensure that data requirements are fully specified; data is traceable through all of the busi-
ness processes that produce or consume it; data changes and their processes are managed;
and data sources are selected based on requirements, well controlled, and verified as
author-itative.
Data Requirements Definition contains practices which ensure that specifications for data
used by a business process satisfy business objectives, are validated by stakeholders, priori-
tized, and well documented through a repeatable process. Data Lifecycle Management assists
an organization to ensure that its data flows are well mapped to business processes through
all lifecycle phases. Provider Management describes best practices for data source selection
and controlled, bidirectional interactions with internal and external providers.
Maturity of the practices within this category will increase the organization’s knowledge
about its data assets, allow business users to identify the best sources to meet their needs,
enable upstream suppliers and downstream consumers to map dependencies to anticipate
the impact of changes, support data integration initiatives, and build more accurate and
efficient data stores.
Data Operations 97
PURPOSE
Ensure the data produced and consumed will satisfy business objectives, is under-
stood by all relevant stakeholders, and is consistent with the processes that create and
consume the data.
INTRODUCTORY NOTES
Data requirements definition establishes the process used to identify, precisely define,
prioritize, document, and validate the data needed to achieve business objectives.
Data requirements should be stated in business language and reuse any approved,
available, standard business terms. This is critical to reducing complexity over time,
and essential for effectively sharing data across the organization.
The method chosen for defining and documenting data requirements should be
in alignment with application development lifecycle processes. Participation of
stakeholders in data requirements definition gives them visibility into the evolution
of the requirements, ensuring that the requirements are understood and relevant.
Early collaboration establishes the foundation necessary for effective communication
and governance. In addition, many of the stakeholders will be assigned stewardship
roles. The adoption of data governance roles and responsibilities in an organization
frequently originates with the requirements definition process.
Profiling the data where possible (e.g., incoming reference data, transaction data to
be ingested, etc.) will ensure that it meets the business expectations, objectives, and
requirements. This will positively impact the design process for the data store by
GOALS
1. Data requirements definitions consistently satisfy business objectives.
3. Approved standards are followed for data names, definitions, and representa-
tions in requirements definitions as appropriate.
CORE QUESTIONS
1. How are business and technical data requirements solicited, captured,
evaluated, adjudicated, and verified with stakeholders?
Data Profiling focuses on understanding the content, quality, and rules of data sets.
Level 1: Performed
1.3 Data requirements are evaluated and adjudicated against deliverables and
either confirmed or modified.
Level 2: Managed
Data operations processes and workflows are mapped to the data require-
ments. In addition, the data requirements definition process should use and
produce specific data requirements artifacts such as a standardized data
requirements document template, which includes data quality rules.
2.2 The data requirements necessary to achieve data management goals are
defined and demonstrably aligned with business objectives.
2.5 Stakeholder roles and responsibilities for involvement with data require-
ments definition are specified, planned, monitored, and controlled.
• R
equirements mapping to business objectives
• R
equirements mapping to data model(s)
• S
takeholder requirements approvals
• R
eview board notes and decisions.
Level 3: Defined
3.1 Data requirements are defined, validated, and integrated using the organiza-
tion’s standard requirements definition framework.
Individual activities and implementations should take direction for their data
requirements definition activity from the organization’s standard require-
ments definition process and templates. These should define all components
of the requirements definition and be reusable from project to project. Refer
to CMMI’s Requirements Development process area for additional information.
3.3 The business processes that produce data are documented and linked to the
data requirements.
3.4 Data requirements comply with and include compliance requirements for
both physical and logical data, including security rules as well as technical
requirements.
• Network segmentation
• Granting authorizations
• Performance
• Designated platform
• Communications capability
3.5 Requirements are evaluated to ensure that they are implementable in the
target environment.
• R
equirements mapping to use case documentation (e.g., flow charts with
swim lanes)
• R
equirements mapping to business processes
• D
ocumented data security and entitlements rules
• S
takeholder or review board consensus documentation (minutes,
approvals, etc.)
Level 4: Measured
4.1 Industry best practices pertaining to data requirements have been evaluated
against selected criteria to determine if they should be adopted into the
development lifecycle.
4.2 Defined and managed metrics ensure that data requirements as defined
satisfy business objectives; corrective actions are taken when performance
is not meeting business needs.
• Selection criteria for adoption of industry best practices for the data
requirements definition framework
Level 5: Optimized
5.2 The organization shares best practices with industry and peers regarding
data requirements.
PURPOSE
Ensures that the organization understands, maps, inventories, and controls its data
flows through business processes throughout the data lifecycle from creation or
acquisition to retirement. Data lifecycle management enables better risk management
and supports data quality improvements, particularly in situations involving large
data volumes or high velocity of data movement, and complex and interdependent
processes that share data.
INTRODUCTORY NOTES
The data lifecycle runs from the creation of data assets through their useful life in the
business and eventual archiving or destruction. The organization will benefit from
defining data usage and dependencies across business processes for data that are
either critical for an important business function or are needed by multiple business
processes.
The specific boundaries of the data to be managed are defined, prioritized, aligned
with business objectives, and scoped through the data management strategy.
It is advised to undertake efforts phased over time, as priorities dictate and natural
events provide opportunities, to identify dependencies at the attribute level, enabling
the organization to gradually develop a comprehensive understanding of data inter-
relationships. Scoping of specific data sets should also apply the following consider-
ations:
• O
bjectives and condition of target data sets – If the business objective is, for
example, to minimize operational risk, and confidence in the quality of the target
data set is low, the data lifecycle boundary may become broader. For example,
the organization may engage with data providers who are creating data that is
ingested by data stores, and may need to research data consumption patterns.
For shared data used by multiple business areas, data flows and data requirements
should be mapped to business processes. Business analysts utilize business process
models and corresponding attribute lists to evaluate requirements and create maps
to organization and project data model(s) in collaboration with data architects and
data stewards. Eventually, the organization should ensure that all important business
processes are accurately mapped with respect to the data sets they create and
modify, process data requirements, and physical data flows. This process continues as
data needs and sources change.
Because this effort is detailed, extensive, and is undertaken in phases, business stake-
holders and staff supporting the physical instantiation of business data (i.e., systems
development lifecycle, project management) must perform validation and approvals.
The data management function, working with business experts, business process
architects, and other stakeholders, is typically responsible for facilitating the definition
and verification of business process to data set requirements, ensuring that data
is represented according to standards, and specifying data attributes within the
enterprise or business area logical data model. The data management function
also typically develops data lifecycle management processes, and coordinates with
business representatives and data governance to ensure that the defined data sets for
business processes are integrated into application data stores. Project data architects
are typically responsible for the design and implementation of physical data models,
and the management and validation of specific business requirements for application
data stores.
GOALS
1. The data lifecycle pertaining to selected business processes is defined and
maintained to reflect changes.
CORE QUESTIONS
1. What activities, milestones, and products are defined for mapping business
processes to the data created and maintained in support of these processes?
2. Has the organization established clear roles and responsibilities for creating
and maintaining a mapping of business processes to data?
Level 1: Performed
1.1 The data lifecycle for a business process(es) is defined and applied.
1.2 Data dependencies—both upstream and downstream from the initial creation
or ingest—have been identified and mapped.
1.3 Stakeholders agree on the scope of data elements and authoritative data
sources.
The organization should have defined scope and authoritative sources for at
least one fundamental shared entity or data set important to the business
(e.g., customer entity, transaction history, etc.).
• List of authoritative data sources and approved attributes for a data set
Level 2: Managed
2.1 The requirements of data consumers and producers are mapped and
aligned.
Refer to the Data Requirements Definition for information about defining data
requirements at all levels.
2.2 Business process to data mappings are defined, maintained, and periodically
reviewed for compliance.
2.3 A defined process for collaborative agreements with respect to shared data
and its usage within business processes is followed.
2.4 Selection criteria are defined and applied to designate authoritative data
sources.
• Metadata repository
Level 3: Defined
3.1 Data lifecycle management processes are defined and approved by stake-
holders, and managed by data governance bodies and processes.
3.2 Change management processes addressing the entire data lifecycle are
established and maintained.
3.4 Data flows and full data to process lifecycle maps for shared data are imple-
mented for each major business process at the organizational level.
3.5 Changes to shared data sets or target data sets for a specific business
purpose are managed by data governance structures with relevant stake-
holder engagement.
See Governance Management and Data Management Function for more infor-
mation related to stakeholder role expectations and governance oversight of
these activities.
3.7 Measures and metrics are defined, and associated information is collected
to assess progress in process to data mapping efforts and the adoption of
authoritative data sources.
• R
ecommendations for additional attributes, modifications, and changes
to source-to-target mappings
• Data maps
• Context diagrams
Level 4: Measured
4.1 A standard process is used across the organization for data lifecycle impact
analysis, and to identify, estimate, and schedule changes to interfaces and
data sets.
4.2 Metrics are used to expand approved shared data reuse and eliminate
process redundancy.
• Remediation process
• Remediation plans
Level 5: Optimized
5.1 Metrics and stakeholder feedback are analyzed periodically for the purpose
of introducing improvements into the management of data dependencies.
5.2 Data lifecycle metrics are periodically refined and reviewed by senior
management.
5.3 The organization shares experiences with industry and peers regarding data
management lifecycle processes.
• P
ublic presentations, white papers, or similar documents communicating
data lifecycle management process experience
• R
eports to senior management highlighting new requirements for
inclusion in process to data maps
PURPOSE
Optimize internal and external sourcing of data to satisfy business requirements and
to manage data provisioning agreements consistently.
INTRODUCTORY NOTES
This process area describes practices performed to define data sourcing requirements,
acquire data, manage agreements, and interact with providers. In addition to mapping
data requirements with appropriate sources, this process includes establishing service
level agreements with external and internal data providers. It is important to manage
providers to assure quality data delivery. The data sourcing focus of this process
ensures that data requirements can be satisfied with the appropriate data sources,
whether internal or external. This process ensures that delivered data will meet
business needs.
Data source mapping depends on precise terms, comparable data definitions, aligned
calculation methodologies, data profiling analysis, and well-defined data requirements.
The goal is to create parameters by which alternative sources can be identified,
compared, and selected; and to determine where attributes can be combined, split, or
parsed via business rules to satisfy business requirements.
This analysis should be performed at the attribute level, and take into consideration
key performance indicators, alternative data sources, and service level requirements.
Data quality criteria definition is integral to the data sourcing process and is employed
to compare data sourcing alternatives, and to support service level agreements with
selected internal and external data providers.
Assessing the quality of sourced data should be based upon established criteria, such
as data error handling, use of authoritative sources, testing, managing responses to
requests, escalating issues, and ensuring the integrity of the data by utilizing proper
controls. Delivered data should be regularly monitored to ensure that established
criteria continue to be satisfied.
GOALS
1. Data requirements for sourcing, procurement, and provider management,
including data quality criteria, are assessed according to a documented
process.
4. Standard service level agreements address all business requirements and are
employed to manage data providers.
CORE QUESTIONS
1. How are data sourcing requirements captured, validated, and prioritized?
4. How are data attributes mapped to data sources and downstream applica-
tions?
6. How are service and content quality from data providers monitored?
Data Quality Strategy supports this Process Area with data quality objectives that
should be used to guide agreements with providers.
Data Profiling and Data Quality Assessment support this practice by providing
methods by which data is evaluated, as well as the results of evaluation.
Level 1: Performed
1.2 Analysis and testing are conducted to verify that procured data meet stated
requirements.
Level 2: Managed
2.1 A process to analyze data requirements for data sourcing specifications, and
mapping requirements to provided data elements, is defined and followed.
2.2 A data procurement process for obtaining data from external providers is
defined and followed.
2.3 Data quality criteria are defined and embedded into service level agree-
ments with both external and internal providers.
Data analysts and key stakeholders regularly review key performance metrics
for data source quality, using standard data quality dimensions criteria (e.g.,
accuracy, completeness, consistency, timeliness).
Refer to Data Quality Strategy and Data Quality Requirements for input to this
practice.
2.4 Planned discussions are held with data providers to address deviations to
established data quality thresholds and targets defined in the service level
agreement.
• Procurement process
Level 3: Defined
3.2 Metrics for the data sourcing management process are established,
maintained, and used.
Metrics could be related to cost, schedule, level of effort, and specific targets
for technical performance. Key performance metrics (i.e., message formats,
delivery times, timeliness of updates, valid values, accuracy of attributes,
issue management, etc.) are defined, implemented, and employed to measure
and evaluate providers.
3.3 Data sourcing evaluation and selection processes are defined and employed
across the organization.
Organizations often use the audit reports of their external data providers
to show compliance with control standards and processes as part of the
selection process.
Refer to Data Profiling and Data Quality Assessment for information that
supports this practice by providing methods by which data is evaluated, as
well as the results of that evaluation.
3.6 Periodic meetings are held with data providers to review planned changes to
data content, processes, formats, quality, etc.
Level 4: Measured
4.1 Key performance metrics related to service level agreements are analyzed
using statistical and other quantitative techniques, are reviewed, and are
used to identify and address issues.
Level 5: Optimized
5.1 Statistical and other quantitative analyses of the provider processes are
applied to improve them and ensure that business objectives are adequately
supported.
5.2 Sourcing lessons learned and evolved best practices are shared with
industry peers.
Architectural
126
Architecture Standards
Data Managment
132
Platform
Historical Data,
144 Archiving and
Retention
Maturity of the practices within this category will help the organization to plan, architect, and
implement a data layer that minimizes redundancies, ensures availability, meets performance
requirements, and integrates well with the technology stack. Mature practices also ensure
that the organization’s architecture will be supported by a robust set of applicable standards
and will be deployed on an extensible platform. Defined practices for integration of data will
increase data availability and improve data quality, and improved processes for historical and
aged data will increase application performance and meet regulatory requirements.
PURPOSE
Design and implement an optimal data layer that enables the acquisition, production,
storage, and delivery of data to meet business and technical objectives.
INTRODUCTORY NOTES
The architectural approach is essential for design of a well-structured, consumable
target data and technology architecture that satisfies key business goals, as defined
by Data Management Strategy.
Emphasis should be on data sharing for critical business data needs. This may require
streamlining the data layer (redesign and consolidation of data stores), reducing data
redundancy, improving data integration through common interface specifications and
data services, or defining and enhancing a data technology stack that satisfies current
and anticipated business needs. The target data layer should support the data quality
objectives defined in the data quality strategy and incorporate data profiling and
validation results. This will ensure that high-quality, trusted data can be used to meet
critical business objectives, with minimal data reconciliation required.
The approach should ensure that the architecture reflects identified legal and
regulatory requirements appropriately.
The combination of business goals and technical requirements comprising the target
architecture creates a logical representation of the future state, referred to as the
“To-Be” blueprint. The target architecture requires a transition plan from the current
state, or “As-Is,” to the To-Be. The blueprint is decomposed into an IT implementation
roadmap, which reflects compliance with the approved approach.
It is important to define metrics and key performance indicators (KPIs) measuring the
effectiveness of the architecture blueprint and subsequent designs of the components.
Metrics may include the number of adopters for a new data component or service, the
rate of adoption, satisfaction of specific business needs by new or redesigned compo-
nents, the number of data quality issues resolved prior to design, etc.
The architectural approach must be flexible for the evolving needs of the organization,
and processes for technology obsolescence and ensuing data migrations must be
The architectural approach must be reviewed and approved before proceeding toward
design and implementation to validate that it meets business needs and is consistent
with architectural standards. Because the architectural approach is a long-term
guidance activity, it should be maintained and modified in response to changing
business needs and organizational circumstances.
GOALS
1. The approved architectural approach is consistent with business needs and
architectural standards.
2. The transition plan from the “As-Is” to the “To-Be” state is consistently
monitored to ensure that projects are aligned with long-term objectives.
4. Platform and technical capability decisions are aligned with the architectural
approach and approved by stakeholders.
CORE QUESTIONS
1. How does the organization approach architecting information assets?
4. How does the organization ensure the sustained progress of the transition
plan to the target-state in response to deadlines, tight schedules, and other
pressures?
5. Does the organization have an approved data technology stack, and corre-
sponding governance applied to modifications, additions, and sunsetting?
6. Has the organization documented and approved the technical capabilities and
requirements to satisfy operational business continuity?
Level 1: Performed
Level 2: Managed
2.1 The target data architecture aligns with and complements the data
management strategy.
2.2 A governance process is established and followed to ensure that the target
data architecture is jointly rationalized and approved by business and IT
stakeholders.
Areas for mapping and evaluation at the physical level include redundant
data in multiple data stores, exceptions to common data usage, degree of
business dependency on specific data stores, and planned application consol-
idation efforts. Engaging in a data rationalization effort at the architectural
level enables the organization to fully describe the current architecture at the
level needed to support development of future state blueprints.
The transition plan includes current data store status, retirement and redesign
target dates, the staffing plan, the training plan for new technologies, and
target implementation dates for future components.
2.4 A process is established and followed to ensure that data interface speci-
fications are documented for shared data, with traceability from creation
through consumption (end to end) by all sources within scope.
• A
pproval process for architectural design through governance
• D
ocumentation of approved architecture utilization
• S
hared data interface traceability map
• R
ecords indicating implementation consistent with approved designs
Level 3: Defined
3.1 The architectural approach for the target data architecture is followed
across the organization.
3.5 Both internal and selected external data standards are evaluated and
applied to the development of architectural blueprints and component
designs.
The architecture and designs should align with the organization’s intended
target infrastructure. The organization may have an Enterprise Architecture
in place, and decisions about platforms, technical capabilities, and corre-
sponding products may have been approved. If lacking, development of
the architectural approach for the data layer is an opportunity to further
organization-wide progress. The organization needs to determine how it will
manage data movement, data integration, data quality, and security, to meet
the goals of extensibility, performance, reliability, resilience, etc.
3.7 The architecture includes the target integration layer, also known as
common interface design.
3.8 Data profiling is performed prior to finalizing the design of a data store
component that will contain existing data.
Level 4: Measured
4.1 Statistical analysis of performance and data quality improvements are used
as input to the architectural design process.
Metrics for the new architecture component are also used to assess if
business objectives and data quality targets are being met. This may include
business impact KPI criteria that typically include the following:
• Time
• Increased revenues
• Freed time
• Improved data
• Enhanced analysis
Level 5: Optimized
5.1 Prediction models are evaluated against architectural changes and adjusted
as needed.
5.2 The organization shares architecture and platform lessons learned through
publications and conferences.
PURPOSE
Provide an approved set of expectations for governing architectural elements
supporting approved data representations, data access, and data distribution, funda-
mental to data asset control and the efficient use and exchange of information.
INTRODUCTORY NOTES
Architectural standards define the approach and practices for developing, approving,
and instituting compliance for data representation, data access, and data distribution
standards, which may include standards for the following:
Once codified across the organization, the collective set of standards supports the
evolution toward the target data architecture, enabling evolutionary streamlining
of the data assets; improved selection and deployment of the technology stack;
simplified development lifecycle; and reduced costs by minimizing unintegrated
efforts of project staff, reuse of artifacts, disciplines, mechanisms, etc. Effective
and active governance, instituted as an active and sustained function, is required to
achieve these objectives.
GOALS
1. Develop a comprehensive set of data standards aligned with the architectural
approach and the data management strategy.
4. Define and enforce a data distribution standard for requests and approvals.
CORE QUESTIONS
1. What are the categories of standards required for the organization’s target
data architecture, and how are they scoped and defined?
2. How does the organization determine business need and technology strategy
for developing approved, standard data access and provisioning?
Data Integration contains information about standards and best practices for data
ingestion, acquisition, and transformation.
Data Management Strategy contains information about the alignment of the organiza-
tion’s data asset approach with standards.
Level 1: Performed
Level 2: Managed
Refer to Data Requirements Definition for information that will impact organi-
zational standards, especially for such items as security requirements that
must be met consistently across the various platforms.
Because the evolving body of standards eventually affects the entire data
layer and data access mechanisms employed, event-driven requests for new
standards, additions, and changes to existing standards must be carefully
coordinated, agreed to, and approved to ensure that progress toward
long-term architectural objectives is not compromised.
2.4 The architectural approach, blueprints, and component designs align with
selected standards.
• Standards artifacts
• S
tandards approval process
• S
tandards change request process
• P
roject references to standards
• G
uidance for incorporating standards into design
Level 3: Defined
3.4 Data governance ensures that architectural standards are aligned with
business needs and aligned with the organization’s senior architecture
governance body.
3.5 Metrics for monitoring and controlling adoption of, and compliance to,
architectural standards are defined and implemented.
Within the systems development lifecycle, audits of data models, data access
methods, and data distribution designs should be based on uniformly applied
standards.
Level 4: Measured
4.1 Audit result metrics and internal deviation patterns indicate where changes
to data architecture standards and enhanced guidance for standards appli-
cation are needed.
4.2 The organization conducts risk-based impact analysis for proposed changes to
organizational data architecture standards and guidance prior to acceptance.
Level 5: Optimized
For example, a regulator may provide new requirements for review; the
organization would assess these requirements and provide input on feasi-
bility, burden, and may suggest possible modifications.
5.3 The organization researches innovative data technologies and methods for
potential adoption, and develops appropriate new standards for those which
are deployed.
5.4 The organization shares best standards practices and lessons learned
through publications, conferences, and white papers.
PURPOSE
Ensures that an effective platform is implemented and managed to meet business
needs.
INTRODUCTORY NOTES
A data management platform (singular or plural) serves as a system of record, a
trusted source or authoritative source of data. The platform typically includes assets
used for data distribution, transformation, and integration into consuming applica-
tions.
To support “build versus buy” decisions, an inventory and gap analysis should be
conducted for existing systems and capabilities, at a sufficient level of detail to
consider extending the use of existing platforms. Organizations should be prepared
for implementation in phases over an extended period. Organizational standards and
blueprints must be followed to develop or acquire and implement the target platform.
GOALS
1. The platforms satisfy the approved requirements and architecture.
2. Processes exist and are followed for effective platform management to meet
business needs.
CORE QUESTIONS
1. How are authoritative data sources defined, selected, and integrated into
particular portions of the platform?
3. Does the organization have a process for making “build versus buy” decisions?
5. What forms of data, data exchange, and interfaces are supported by the
platform?
Level 1: Performed
For example, automated systems and technologies that are used within
projects to manage critical data are identified and documented.
Level 2: Managed
2.1 The platform implementation supports the target objectives set out in the
data management strategy.
During platform development, and prior to release, verify and validate the
platform against the objectives specified in the data management strategy.
2.2 A policy and process exists to ensure that build or buy decisions consider
the target data architecture and support the data management strategy.
2.3 Platforms are consistent with the technology stack and architectural
designs.
2.4 Platforms support the security and access requirements of the organization.
Platforms should be deployed implementing multilevel access that is driven
by lines of business, and managed under a separation-of-duties principle to
enforce access restriction.
• D
ocumented stakeholder involvement (including governance) in the
design and approval of data management platform deployment plan
Level 3: Defined
3.1 Critical data elements for which the platform is an authoritative source,
trusted source, or system of record are documented.
3.2 Data set duplication across systems is documented, planned, and justified.
Data redundancy is confusing to users, negatively impacts business
operations, is expensive, and contributes considerably to the complexity of
the data management environment. Nonetheless, there are rational justifi-
cations for duplicating data to meet specific functionality and performance
requirements; for example, preprocessing large data sets for a data mining
application versus for a data warehouse.
3.4 Platform design and capabilities ensure that work flow and service level
requirements can be met.
3.5 Platform performance data is captured, stored, and used to verify that the
platform meets business performance needs and capacity requirements.
• Platform metadata
Level 4: Measured
4.1 Qualitative and quantitative performance metrics for the data management
platform are analyzed, using statistical and other quantitative techniques, to
support platform change decisions.
Level 5: Optimized
5.3 The effects of platform changes are compared with prediction models and
analyzed to improve the prediction models.
PURPOSE
Reduce the need for the business to obtain data from multiple sources, and to
improve data availability for business processes that require data consolidation and
aggregation, such as analytics. Data integration enables source data optimization, the
realization of cost savings through centralization, and improved data quality.
INTRODUCTORY NOTES
Data integration addresses data transport and processing (connecting, combining,
de-duplication, etc.) from multiple sources into a destination environment. Data
integration challenges include diverse data representations in multiple sources, ratio-
nalizing business meaning, and the complexity of transformation logic.
Typically, data integration is concerned with data transfer and consolidation among
applications, and data integration from transactional systems or external sources into
a shared repository. The scope of data integration is both broad and detailed. Relevant
stakeholders need to understand the components and dependencies for project
delivery, and the iterative phases of planned integration efforts. Business stake-
holders need to take a long-term perspective, which implies flexibility in addressing
integration obstacles.
GOALS
1. Establish and follow a consistent process to ensure ongoing business and
technology alignment for data integration.
2. Data integration is performed utilizing standard processes and tool sets that
enable compliance with data architecture standards and data quality require-
ments.
6. How are data quality thresholds and targets applied to sources of data at
ingestion and integration?
7. Are the processes to identify missing data automated, and does tracking
against defects or gaps support remediation?
Data Lifecycle Management provides information on the uses and needs of data across
the organization.
Level 1: Performed
Level 2: Managed
• Profiling guidance
2.2 The set of data integration disciplines and tools used by the organization
provides bulk transport and load, change data capture, versioning and
configuration, metadata capture and management, and in-line data quality
checks and controls.
2.3 A change control process is established and followed to ensure that changes
to the integration environment, including upstream sources and downstream
targets, are controlled and coordinated.
Changes to operational systems often have a direct impact on the data which
are stored or managed by those systems and subsequently used by other
downstream systems. Examples of downstream systems include both repos-
itories (e.g., data warehouse) and other operational systems that rely on the
data from the source system.
It is important for the the business to have confidence that the system it
depends on is managed proactively—the business maintains data availability
and integrity by having plans for dealing with potential interruptions and
unforseen events, including load interruptions or data validation failures.
Level 3: Defined
3.1 The organization follows a standard set of practices and rules for performing
data integration activities.
For example, the ETL process should perform a basic level of quality control
checks, especially for subsequent change-data capture loads, to ensure that
the data being integrated meets the quality attributes defined by the
organi-zation. These checks should define criteria by which the data is
rejected, flagged, or queued as exceptions for subsequent action.
Failure to perform this check at integration may cause problems with the
data that can be unknown for long periods of time and require greater
cleanup efforts later. The organization may want to verify that the following
tasks are performed:
• Data is profiled
• Provisions for alternative sources exist if data is not available from the
preferred source
• Data quality and error handling reports are produced and monitored
3.3 A standard process is established and followed to create and verify data
precedence rules with business users based on use cases, requirements, and
selected triggers.
3.5 Interface and integration performance metrics are collected and analyzed to
identify nonconformance with standards and criteria.
3.6 The organization documents and manages changes to data sources and
destination through the data governance process.
• Performance requirements
Level 4: Measured
Variation criteria (i.e., tolerance limits) are specified and used in the analysis
of interface performance. For example, analysis of data profiling results may
indicate that the volume of integration-related defects is within an acceptable
tolerance.
4.2 Selected highly shared data is fully integrated, centrally managed, and
delivered as needed to integration data stores.
Level 5: Optimized
5.1 Performance models for data integration are periodically reviewed, and are
used as input for enhancements.
5.2 The organization publishes and shares integration best practices within its
industry.
PURPOSE
Ensure that data maintenance will satisfy organizational and regulatory requirements
for historical data availability, and that legal and regulatory requirements for data
archiving and retention of data are met.
INTRODUCTORY NOTES
Historical data retention and management serves multiple business purposes. It
defines how data history will be managed (e.g., changes to data, versioning) as well as
for managing data in the later stages of the lifecycle, including:
The primary goals for historical data is to ensure that it is maintained by the organi-
zation and is managed in a consistent manner to meet business needs. To accomplish
this, the organization also needs to define criteria for data retention, as well as a
standard process and set of guidelines for data archiving. Often, these guidelines
are driven by regulatory requirements that dictate mandatory retention periods,
encryption, or edit-ability of the archived data.
The organization should have a clear understanding of its internal and external
requirements for data retention. This is typically a combination of regulatory and
business requirements. It is advisable to ensure that each line of business is aware of
and has clearly defined its current retention requirements for its existing data stores
and planned initiatives. This is the precursor to developing an archiving policy and
strategy.
Historical data may be maintained under two broad models: online and accessible,
or archived. The organization is advised to define a core set of rules for representing
and implementing data history, subject to tailoring (e.g., data modeling rules, history
updates, etc.) to gain efficiencies from standardizing an approach and conventions
over time. For effective management of historical data, the organization should
collect, discover, and review major requirements for history within business processes
(e.g., forecasting, reporting, and operational processes) as well as regulatory
compliance. These considerations will outline these high-level requirements. Each
application data store or data warehouse component will have specific historical data
needs.
A defined process for archiving should require the specification of business rules
that are applied to determine when data is archived, and how it must be stored and
accessible or available for restoration. For example, a federal agency may have a
regulatory requirement to retain citizen records for seven years after the status of
the individual has reached a completion state (inactive, deceased, etc.). To determine
• B
usiness requirements for understanding, defining, and managing criteria
for historical data archiving, retention, deletion, and retrieval are supported;
integrated; published; communicated through policies, processes, and
standards; and monitored for conformance.
GOALS
1. Historical data is managed consistently, leveraging common standards.
2. Business needs for capturing and storing historical data are met.
3. An approved process for determining when and how data should be archived
is followed, containing defined activity steps.
4. Data retention periods are consistent with both legal and regulatory require-
ments.
CORE QUESTIONS
1. What are the architectural standards and conventions applied to the structure
and management of historical data, and how are the corresponding business
rules defined and governed?
Level 1: Performed
1.2 All data stores are backed up and data is archived as prescribed in policies.
Based on policies and continuity of operations requirements, some sets
of data backups may be stored in a separate location to mitigate risks
associated with the primary data location. This is typically on a different
server and may also be included in a continuity of operations environment.
• Archiving procedures
Level 2: Managed
2.2 A defined method ensures that the historical data necessary to support
business needs is accessible.
These decisions are commonly based on both technology policy and business
requirements.
2.4 Access, transmittal, and modifications to historical and archived data are
controlled by policy and processes.
• Encrypted archives
Level 3: Defined
3.1 The organization has a prescribed data warehouse repository that provides
access to historical data for meeting analytics needs supporting business
processes.
3.3 Policy is defined and approved by data governance and implemented at the
organizational level requiring logging of data changes, and retention of the
logs.
The program should include validation of the types of data or logs that are
retained for various specified periods, restoration testing of backups and
archives, and retention and maintenance of technology to support access to
archived data.
Level 4: Measured
4.1 Statistical and other quantitative techniques are used to analyze historical
data for input to business process and data quality improvements.
4.2 Models are employed to predict compliance with legal and regulatory
requirements.
4.3 Metrics results and stakeholder feedback are used to improve data retention
and archiving policies.
• P
rocess improvement reports and records
• C
hange management records
• R
egulator or stakeholder feedback
• S
tatistical and other quantitative analysis reports
Level 5: Optimized
5.1 The organization shares policies and best practices regarding historical data
and archiving within its industry.
Processes 168
Process
Management
Process Quality
187
Assurance
Configuration
206
Management
This section contains a set of foundational processes that supports adoption, execution, and
improvement of data management processes.
Measurement and Analysis addresses measures and select analytical techniques for iden-
tifying strengths and weaknesses in data management processes. Process Management
addresses a usable set of organizational process assets, and plans, implements, and deploys
organizational process improvements informed by the business goals and objectives and the
current gaps in the organization’s processes. Process Quality Assurance provides staff and
management with objective insight into process execution and the associated work products.
Risk Management identifies and analyzes potential problems to take appropriate action to
ensure objectives can be achieved. Configuration Management addresses the integrity of the
operational environment using configuration identification, control, status accounting, and
audits.
PURPOSE
Develop and sustain a measurement capability and analytical techniques to support
managing and improving data management activities.
INTRODUCTORY NOTES
Defines capabilities for measurement, including the creation of measurement objec-
tives and the mechanisms to perform the following tasks:
• Obtain
• Store
• Analyze
• Abstract
• Aggregate
• Report
• Business objectives
Measurement and analysis provides visibility into the performance of the data
management program. This process area involves the following activities:
• Specifying objectives of measurement and analysis so that they are aligned with
identified information needs and objectives
• Implementing the analysis techniques and mechanisms for data collection, data
reporting, and feedback
• Providing objective results that can be used in making informed decisions and
taking appropriate remediation action
GOALS
1. A set of metrics that measures the satisfaction of the data management
program’s objectives is established and used.
3. Stakeholders are kept well informed about the status of the data management
program and its component processes based on measurements and analysis.
CORE QUESTIONS
1. What measures and analyses exist to determine if data management goals and
objectives are being met?
2. How does the organization define, measure, analyze, and report on data
management?
Level 1: Performed
• Metrics data
• Analysis results
• Strategic plans
• Business plans
4. Provide feedback for refining and clarifying information needs and objec-
tives as necessary.
Measures can be either base or derived. Data for base measures are obtained
by direct measurement. Data for derived measures typically come from
the combination of two or more base measures. Derived measures are
typically expressed as ratios, composite indices, or other aggregate summary
measures. They often are more quantitatively reliable and meaningfully inter-
pretable than the base measures used to generate them.
Traceability between the objectives and the measures is clear, available, and
bidirectional between the objective and the measure.
• Quality measures
Obtaining and storing the data typically involves the tasks listed here:
1. Identify existing sources of data that are generated from current work
products, processes, or transactions.
2. Identify measures for which data is needed but are not currently
available.
3. Specify how to collect and store the data for each required measure.
Specifications are made of what, how, where, and when data will be
collected and stored to ensure its validity and to support later use for
analysis and documentation purposes.
• Has the frequency of collection and the points in the process where
measurements will be made been determined?
• Determining the timeline to analyze the data and present the results
(schedule, frequency, phases in the data lifecycle, etc.)
All of the proposed content and format are subject to review and
revision, including analytic methods and tools, administrative procedures,
and priorities. Relevant stakeholders consulted should include end users,
sponsors, data analysts, and data providers.
Specifying how measures will be analyzed and reported can also suggest
the need for refining measurement objectives themselves.
5. Specify criteria for evaluating the utility of analysis results and for evalu-
ating the conduct of measurement and analysis activities.
Criteria for evaluating the utility of the analysis might address the extent
to which the following apply:
• The work does not cost more to perform than is justified by the
benefits it provides
Criteria for evaluating the conduct of the measurement and analysis may
include the extent to which the following apply:
• The amount of missing data or the number of flagged inconsis-
tencies is within specified thresholds
Obtaining and checking measurement data for quality involves the following
steps:
1. Obtain data for base measures.
Checks can include scans for missing data, out-of-bounds data values,
and unusual patterns and correlation across measures. It is particularly
important to:
Reviewing the initial results before their release can prevent needless
misunderstandings and lead to improvements in the data analysis and
presentation.
Lessons that can improve future efforts are often learned from
conducting data analyses and preparing results. Similarly, ways to
improve measurement specifications and data collection procedures can
become apparent as can ideas for refining identified information needs
and objectives.
• Specifications of measures
Typically, data sets for derived measures can be recalculated and do not need
to be stored. However, it may be appropriate to store summaries based on
derived measures (e.g., charts, tables of results, report text).
3. Make stored contents available for use only to appropriate groups and
staff members.
To the extent possible and as part of the normal way they do business,
users of measurement results are kept personally involved in setting
objectives and deciding on plans of action for measurement and analysis.
Users are regularly kept informed of progress and interim results.
The data analyses are often not self-evident to practitioners who are
not measurement experts. The communication of results should be clear
about the following details:
• Measurement objectives
Level 3: Defined
3.4 A data quality program for the measurement repository is established, used,
and maintained.
Level 4: Measured
Root cause analysis of selected issues is best performed shortly after the
problem is first identified, while the event is still recent enough to be carefully
investigated.
The formality of, and effort required for, a root cause analysis can vary greatly
and can be determined by such factors as the stakeholders who are involved;
the risk or opportunity that is present; the complexity of the situation; the
frequency with which the situation could recur; the availability of data,
baselines, and models that can be used in the analysis; and how much time
has passed since the events triggering the deficiency.
In the case of a selected process exhibiting too much variation, a root cause
analysis is rarely performed as it could take weeks or months to identify root
causes.
Likewise, the actions to take can range significantly in terms of effort and
time needed to determine, plan, and implement them.
It is often difficult to know how much time is needed unless an initial analysis
of the deficiencies and variations is undertaken.
4.4 The performance of the data management attributes is analyzed and the
data management baseline measures are maintained.
Level 5: Optimized
• Histograms
5.5 Measurement and analysis related experiences derived from planning and
performing data management activities are collected and shared, and are
included in the organizational process assets.
The process and product measures are primarily those that are defined in the
common set of measures for the organization’s set of standard processes.
PURPOSE
Establish and maintain a usable set of organizational process assets and plan,
implement, and deploy organizational process improvements informed by the business
goals and objectives and the current gaps in the organization’s processes.
INTRODUCTORY NOTES
The organization’s process asset library supports organizational learning and process
improvement by allowing the sharing of best practices and lessons learned across
the organization. Defined processes are a tailored subset of the organization’s set of
standard processes. Tailoring consists of choosing among alternative processes and
modifying processes according to guidelines and criteria to most effectively accom-
plish the goals and objectives.
Organizational process assets enable consistent process execution across the organi-
zation and provide a basis for cumulative, long-term benefits to the organization.
The organization’s processes include all processes used by the organization and its
work groups. Candidate improvements to the organization’s processes are obtained
from various sources, including the measurement of processes; lessons learned in
implementing processes; results of process appraisals, product and service evaluation
activities, customer satisfaction evaluations and benchmarking against other organi-
zations’ processes; and recommendations from other improvement initiatives in the
organization.
Process improvement occurs in the context of the organization’s needs and is used to
address the organization’s objectives. The organization encourages participation in
process improvement activities by those who perform the process. The responsibility
for facilitating and managing the organization’s process improvement activities,
including coordinating the participation of others, is typically assigned to a process
group. The organization provides the long-term commitment and resources required
to sponsor this group and to ensure the effective and timely deployment of improve-
ments.
Ensuring that process improvement efforts across the organization are adequately
managed and implemented requires careful planning. Results of the organization’s
process improvement planning are documented in a process improvement plan.
GOALS
1. The organization operates according to its set of standard processes.
4. How does the organization ensure that improvements are identified, pursued,
and implemented?
Level 1: Performed
• Self-assessment results
Level 2: Managed
2.1 Establish and maintain the description of process needs and objectives for
the organization.
• Processes to be appraised
3. Determine the method and criteria to be used for the process appraisal.
7. Determine whether or not to pilot the change based upon the costs,
benefits, and risks. Other validation methods, including modeling and
simulation, can be used as appropriate.
• Product families
• Organization’s projects
• Organizational groups
• Work environments
• Skills
• Existing commitments
• Existing activities
2.5 Establish, maintain, and follow process action plans to address improve-
ments to the processes.
Process action plans are detailed implementation plans. These plans differ
from the organization’s process improvement plan by targeting defined
improvements to address weaknesses usually uncovered by appraisals.
New, unproven, and major changes are piloted before they are incorpo-
rated into the organization’s set of standard processes.
The teams and people performing the process improvement actions are
called “process action teams.” Process action teams typically include
process owners and those who perform the process.
• Appraisal findings
Level 3: Defined
3.1 Establish and maintain the organization’s set of standard processes (OSSP).
Standard processes can be defined at multiple levels in an organization
and can be related hierarchically. For example, an enterprise can have a set
of standard processes that is tailored by individual organizations (e.g., a
division, a site) in the enterprise to establish their set of standard processes.
The set of standard processes can also be tailored for each of the organiza-
tion’s business areas, product lines, or standard services. Thus the organiza-
tion’s set of standard processes (OSSP) can refer to the standard processes
established at the organization level and standard processes that may be
established at lower levels, although some organizations may have only one
level of standard processes. (See the definitions of “standard process” and
“organization’s set of standard processes” in the glossary.)
Below are the typical steps when establishing and maintaining an OSSP:
1. Decompose each standard process into constituent process elements to
the detail needed to understand and describe the process.
Each process element covers a closely related set of activities. The
descriptions of process elements may be templates to be filled in,
fragments to be completed, or abstractions to be refined; or complete
descriptions to be tailored or used unmodified. These elements are
described in such detail that the process, when fully defined, can be
consistently performed by appropriately trained and skilled people
• Applicable standards
• Entry criteria
• Inputs
• Outputs
• Interfaces
• Exit criteria
3.2 Establish and maintain tailoring criteria and guidelines for the set of
standard processes.
• R
equirements that must be satisfied by defined processes (e.g., the
subset of organizational process assets that are essential for any defined
process)
• O
ptions that can be exercised and criteria for selecting among options
• P
rocedures that must be followed in performing and documenting
process tailoring
• A
dapting the process to a new service or type of customer
• E
laborating the process description so that the resulting defined
process can be performed
Tailoring criteria and guidelines can allow for using a standard process “as is,”
with no tailoring.
Listed here are the typical steps to establishing tailoring criteria and guide-
lines:
1. Specify selection criteria and procedures for tailoring the organization’s
set of standard processes.
• Process descriptions
• Training materials
4. Enter selected items into the library and catalog them for easy reference
and retrieval.
The following are typical steps for establishing and maintaining the organiza-
tion’s measurement repository:
1. Determine the organization’s needs for storing, retrieving, and analyzing
measurements.
2. Define a common set of process and product measures for the organiza-
tion’s set of standard processes.
Measures in the common set are selected for their ability to provide
visibility into processes critical to achieving business objectives across
the organization. The common set of measures can vary for different
standard processes.
• Quality measures
Level 4: Measured
4.1 Establish and maintain the organization’s quantitative objectives for quality
and process performance, which are traceable to business objectives.
4.2 Analyze the performance of the selected processes, and establish and
maintain the process performance baselines.
• P
rocesses that cover the entire life of the project
• P
rocesses for performing individual activities or developing individual
work products
4.3 Establish and maintain process performance models for selected processes
in the organization’s set of standard processes.
These measures and models are defined to provide insight into, and the
ability to predict, critical process and product characteristics that are relevant
to the organization’s quality and process performance objectives.
• Complexity models
Level 5: Optimized
Business objectives can set the bar too high to motivate real
improvement. Using process performance baselines helps balance desires
and reality.
The data that result from applying the process performance measures are
analyzed to create process performance baselines that help in understanding
the current capability of the organization. Comparing process performance
baselines to quality and process performance objectives helps the organi-
zation to determine its ability to meet business objectives. These data
typically are collected from project level process performance data to enable
organizational analysis.
3. Identify and analyze risks associated with not meeting business objec-
tives.
5.3 Identify potential areas for improvement that could contribute to meeting
business objectives.
The output from this activity is used to evaluate and prioritize potential
improvements.
PURPOSE
Provide staff and management with objective insight into process execution and the
associated work products.
INTRODUCTORY NOTES
The Process Quality Assurance process area involves the following activities:
The Process Quality Assurance process area supports high-quality delivery by staff
and managers at all levels through providing appropriate visibility into and feedback
on processes and associated work products.
• Process checks built into the processes such as a fail-safe for processes when
they are done incorrectly
Traditionally, a quality assurance group that is independent of the work team provides
objectivity. However, another approach may be appropriate in some organizations to
implement the process quality assurance role without that kind of independence.
For example, when implementing peer reviews as an objective evaluation method, the
following issues should be addressed:
• Members are trained and roles are assigned for people attending the peer
reviews
• A member of the peer review who did not produce this work product is
assigned to perform the quality assurance role
• Noncompliance issues are recorded as part of the peer review report and are
tracked and escalated when necessary
Quality assurance should begin in the early phases of an effort to establish plans,
processes, standards, and procedures that will add value and satisfy the requirements
and organizational policies. Those who perform quality assurance activities participate
in establishing plans, processes, standards, and procedures to ensure that they fit
needs and that they will be usable for performing quality assurance evaluations. In
addition, processes and associated work products to be evaluated are designated; this
can be based on sampling or on objective criteria that are consistent with organiza-
tional policies, requirements, and needs.
When noncompliance issues are identified, they are first addressed and resolved, if
possible, in the work team. If they cannot be resolved in the work team, issues are
escalated to an appropriate level of management for resolution.
This process area applies to evaluations of activities and work products at all levels
within the data management organization.
GOALS
1. Management has visibility into the quality of the process and products.
3. Process and product quality have become an embedded discipline at all levels
in the organization.
CORE QUESTIONS
1. Are process noncompliance issues raised to an appropriate level?
3. Do all relevant stakeholders have visibility into the quality of the process and
products?
Level 1: Performed
Level 2: Managed
2. Establish and maintain clearly stated criteria based on business needs for
evaluations.
• During delivery
• Incrementally, as appropriate
• F
ixing the noncompliance
• C
hanging the process descriptions, standards, or procedures that
were violated
• O
btaining a waiver to cover the noncompliance
• Noncompliance reports
• Quality trends
• S
tatus reports of corrective actions
• R
eports of quality trends
Level 3: Defined
• Quality measures
• Quality reports
Level 4: Measured
Level 5: Optimized
PURPOSE
Identify and analyze potential problems in order to take appropriate action to ensure
objectives can be achieved.
INTRODUCTORY NOTES
Risk management is a continuous, forward-looking process that is an important part
of management. Risk management addresses issues that could endanger achievement
of critical objectives. A continuous risk management approach effectively anticipates
and mitigates risks that can have a critical impact.
Effective risk management includes early and aggressive risk identification through
collaboration and the involvement of relevant stakeholders. Strong leadership among
relevant stakeholders is needed to establish an environment for open disclosure and
discussion of risk.
Risk management should consider internal and external, and technical and nontech-
nical sources of risks. Early detection of risk is important because it is typically easier,
less costly, and less disruptive to make changes and correct work efforts the earlier
they are identified.
Industry standards can help when determining how to prevent or mitigate specific
risks commonly found in a particular industry. Certain risks can be proactively
managed or mitigated by applying appropriate industry best practices and lessons
learned.
Organizations may initially focus on risk identification for awareness and react to risks
as they occur. The Risk Management process area describes an evolution of these
practices to systematically plan, anticipate, and mitigate risks to proactively minimize
their impact.
GOALS
1. The organization is operating with an understanding of its current level of risk.
3. Does the organization periodically monitor risks and take appropriate update
actions?
Level 1: Performed
• Risk list
Level 2: Managed
• Prioritizing risks
The following tasks typically are involved in risk identification and analysis:
1. Identify risks.
• Risk assessments
• Structured interviews
• Brainstorming
• Cost models
• Network analysis
2. Document risks.
• Risk priorities
Risk sources are fundamental drivers that cause risks. Risks have many
sources, both internal and external. Risk sources identify where risks can
originate.
• Unavailable technology
3.2 Define parameters used to analyze and categorize risks and to control the
risk management effort.
Risk parameters are used to provide common and consistent criteria for
comparing risks to be managed. Without these parameters, it is difficult to
gauge the severity of an unwanted change caused by a risk and to prioritize
the actions required for risk mitigation planning.
The activities associated with defining risk parameters typically include the
following:
1. Define consistent criteria for evaluating and quantifying risk likelihood
and severity levels.
There are few limits to which risks can be assessed in either a quanti-
tative or qualitative fashion. Definition of bounds (or boundary condi-
3.3 Establish and maintain the strategy to be used for risk management.
A comprehensive risk management strategy addresses a range of items:
• T
he scope of the risk management effort
• M
ethods and tools to be used for risk identification, risk analysis, risk
mitigation, risk monitoring, and communication
• S
ources of risks
• H
ow risks are to be organized, categorized, compared, and consolidated
• P
arameters used for taking action on identified risks, including likelihood,
consequence, and thresholds
• R
isk mitigation techniques that can be used
• T
he definition of risk measures used to monitor the status of risks
• T
ime intervals for risk monitoring or reassessment
Risk documents must include a concise statement of the risk and additional
information including at least the context, conditions, and consequences of
risk occurrence.
Many methods are used for identifying risks. Typical identification methods
include the following:
• Conduct a risk assessment using a risk taxonomy
In addition to the cost risks identified above, other cost risks can
include the ones associated with funding levels, funding estimates, and
distributed budgets.
Schedule risks can include risks associated with planned activities, key
events, and milestones.
• Analysis
• Physical size
4. Review all elements of the plan as part of identifying risks to help ensure
that all aspects of the project have been considered.
3.5 Evaluate and categorize each identified risk using defined risk categories
and parameters, and determine its relative priority.
Often, a scale with three to five values is used to evaluate both likelihood
and consequence.
• Medium
• High
• Negligible
• Marginal
• Significant
• Critical
• Catastrophic
3.6 Develop a risk mitigation plan in accordance with the risk management
strategy.
Often, especially for high-impact risks, more than one approach to handling a
risk should be generated.
In many cases, risks are accepted or watched. Risk acceptance usually occurs
when the risk is judged too low for formal mitigation or when there appears
to be no viable way to reduce the risk. If a risk is accepted, the rationale for
this decision should be documented. Risks are watched when an objectively
defined, verifiable, and documented threshold (e.g., for cost, schedule,
performance, risk exposure) will trigger risk mitigation planning or invoke a
contingency plan.
Risk level (derived using a risk model) is a measure combining the uncer-
tainty of reaching an objective with the consequences of failing to reach
the objective.
5. Develop contingency plans for selected critical risks in the event their
impacts are realized.
3.7 Monitor the status of each risk periodically and implement the risk
mitigation plan as appropriate.
To effectively control and manage risks during the work effort, follow a
proactive program to regularly monitor risks and the status and results of
risk-handling actions. The risk management strategy defines the intervals at
which risk status should be revisited. This activity can result in the discovery
of new risks or new risk-handling options that can require replanning and
reassessment. In either event, acceptability thresholds associated with the
risk should be compared to the risk status to determine the need for imple-
menting a risk mitigation plan.
Often, risk handling is only performed for high and medium risks. The
risk-handling strategy for a given risk can include techniques and
methods to avoid, reduce, and control the likelihood of the risk or the
extent of damage incurred should the risk occur, or both. In this context,
risk handling includes both risk mitigation plans and contingency plans.
• List of those who are responsible for tracking and addressing each risk
Level 4: Measured
4.1 Using statistical and other quantitative techniques, analyze and determine
the quantitative risk to meeting the goals.
This can often involve the comparison of estimates, including their prediction
interval, to the quantitative objectives to calculate the amount of risk. Often,
the results of this calculation are monetized to determine the amount of
risk, which can then be analyzed versus the expected rate of return from the
activity to estimate returned value.
5.1 Establish and maintain, using statistical and other quantitative techniques,
the quantitative risk posture for selected quantitative objectives.
• R
isk posture documentation for applicable activities
PURPOSE
Establish and maintain the integrity of the operational environment using configu-
ration identification, control, status accounting, and audits.
INTRODUCTORY NOTES
Configuration management is a partnership between business, data, and IT resources
to control the integrity of products, data stores, and interfaces, and changes to them.
Configuration management is a vital discipline; planning and coordination is essential.
A change management system includes the storage media, procedures, and tools for
recording and accessing change requests.
GOALS
1. Maintain the integrity of data as changes occur.
CORE QUESTIONS
1. How is configuration management implemented and measured?
2. How are data changes planned and controlled across the data lifecycle?
Level 1: Performed
1.2 Impact of data changes is assessed within systems and applications and
prioritized with input from business and data stakeholders as well as IT.
• Release notes
• Impact analysis
Level 2: Managed
2.1 Changes in the operational environment are planned, managed, and tested
to determine impact on data stores and systems.
Change requests are analyzed to determine the impact that the change
will have on the work product, related work products, the budget, and the
schedule.
• C
onfiguration management and release management records
• T
est results of changes
• S
ervice level agreements include change management processes
• C
hange request database
Level 3: Defined
The organization sets the parameters for selecting platforms that will be
subject to the policy.
• C
onfiguration management processes
• S
takeholder approvals for changes
• Audit records
• C
onfiguration management and release management records
Level 4: Measured
• Repository
• Recommendations
Level 5: Optimized
5.1 Predictive models are evaluated and improved after completion of the
change.
• Recommendations
The infrastructure support practices (ISPs) are required for every process area.
For Level 1, they ensure that adopting organizational components (i.e., project, business unit,
etc.) perform the Level 1 practices.
For Level 2, the ISPs will help to ensure that adopting organizational components will do
the following: operate under an organizational policy, plan the process, provide resources,
assign responsibility, train people in the process, manage configurations, identify and involve
relevant stakeholders, monitor and control the process, objectively evaluate adherence, and
review status with higher level management.
For Level 3, they ensure the following: a set of standard processes is in place; organizational
assets support the use of the standard process; elements can be tailored from the standard
process to fit unique circumstances; process-related experiences are collected to support
future use and improvements.
PURPOSE
The infrastructure support practices are essential for effective and repeatable performance of
the implemented processes.
INTRODUCTORY NOTES
An effective and repeatable data managment process enables the organization to gain max-
imum value from the deployed improvements, and is more likely to be retained during times
of stress. When requirements and objectives for the process change, the implementation of
the process may also need to change to ensure that it remains effective.
The purpose of this infrastructure support practice is to produce the work products
and deliver the services that are associated with the processes implementing the
functional practices of the process areas up through the targeted capability level.
The infrastructure support practices describe activities that address key support
practices that must be in place to support effective implementation of the functional
practices. The level of support corresponds with the Level 1-5 designation for specific
practice areas. For example, if the organization achieves an Infrastructure Support
Level 2 for a process area, it implies that the organization manages the execution
of processes through functional capability level 2. A policy that indicates that the
process will be performed has been established. A plan is in place for performing it.
Resources are provided, responsibilities assigned, training on how to perform it is in
place, selected work products from performing the process are controlled, and so on.
In sum, the process is planned and monitored just like any project or support activity.
Responsibility for the data profiling process can be assigned using existing
job descriptions or in living documents, such as the project plan.
Subpractices
1. Assign overall responsibility and authority for conducting the
process.
Train People
ISP 2.5
This infrastructure support practice ensures that staff resources have the
necessary skills and expertise to perform or support the process, and that
appropriate training is provided to those who will be performing the work.
Overview training is provided to inform individuals who interact with, or
manage, those who perform the work.
Different levels of control are appropriate for different work products and
for different points in time. For some processes that are intended to be
repeated, it may be important to place work products under formal config-
uration management. This may include defining and establishing baselines
at predetermined points; baselines are formally reviewed and approved, and
Subpractices
1. Evaluate actual progress and performance against the plan. The evalu-
ations are of the process, its work products, and its results.
3. Review activities, status, and results of the process with the immediate
level of management responsible and identify issues.
Establish Standards
ISP 3.1
Establish and maintain standards for performing the process.
Subpractices
1. Decompose the process (processes) addressing the process area
into constituent activities to an appropriate level, to understand,
communicate, and describe the process. Elements are described such
that the process, when fully defined, can be consistently performed by
appropriately trained and skilled staff resources.
4. Establish tailoring criteria and guidelines for the process that specify
the method for creating the defined processes, requirements that must
be satisfied, options that can be exercised, and procedures that must
be followed.
6. Ensure that the standards and tailoring guidelines for the process
adhere to applicable policies, standards, and models.
7. Ensure that the standards and tailoring guidelines satisfy the process
needs and objectives of the organization.
10. Examples of when standards for the process may need to be revised
include the following:
ISP 3.2 Provide Assets that Support the Use of the Standard Process
Establish and maintain organizational process assets that support the future
planning and performance of the process.
Subpractices
1. Establish and maintain criteria for specifying the measures and
measurement results to be included in the organization’s measurement
repository.
ISP 3.3 Plan and Monitor the Process Using a Defined Process
Establish and maintain the defined process.
The descriptions of the defined processes provide the basis for planning,
performing, and managing the activities, work products, and services
associated with the process.
Subpractices
1. Select from the organization’s set of standard processes those
processes that address the process area through capability level 3,
and best meet the needs of the project, work group, or organizational
function.
AGILE
A software development approach based on incremental and iterative development of
functionality, characterized by collaboration, user interface design with the customer, and
time-boxing of activity steps. These techniques have also been applied in nondevelopmental
circumstances.
ASSESSMENT
A determination of the strengths and weaknesses of an organization through the evaluation
of their processes and results against a standard model framework. Synonym - appraisal.
ATTRIBUTES
A fact, property, or characteristic of an entity. In a physical form, referred to as a “column,”
a “data element,” or a “field.” Examples: Customer Name, Product Classification Code, Trade
Price.
AUTHORITATIVE SOURCE
An official source of information, which includes, but is not restricted to, a trusted source or a
“system of record.” Authoritative source may refer to the source that creates the data or the
“best source” for a specific data set, depending on context.
BUSINESS UNIT
An organizational unit, typically under the management of a single leader, that is responsible
for the management of products and services. It typically measures performance in terms of
profit and loss, and utilizes shared services such as finance, accounting, operations, IT, and
human resources.
BUSINESS RULES
a) Define or constrain some aspect of the business to implement a strategy or ensure oper-
ational consistency. For example: “A loan cannot be approved unless 30-day seasoned down
payment funds are verified.”
b) A testable rule expressed in business English, specifying logic for automated execution,
typically captured in a requirements document. Example: “If the Customer Status Code is
“Active” and the “Cumulative Customer Sales Amount” is over $10,000.00, set Customer
Level Code to ‘Valued.’”
CORE ATTRIBUTES
Attributes that highly impact one or more business process of the organization. The DMM
uses the term to refer either to shared data, such as master and reference data, or to a pur-
pose-focused data set, such as attributes with regulatory import that may be from multiple
Appendix 221
COTS
Commercial off-the-shelf software. COTS systems typically have their own vendor-specific
data model and representations; when an organization is developing a Business Glossary and
the corresponding logical and physical metadata to describe existing data assets, COTS data
stores need to be addressed, typically through mapping. For example, “Flex field 12” contains
“Customer Comment.”
CRITICAL ATTRIBUTES
Attributes that highly impact the performance of important business processes, or are
needed for a specific business purpose; for example, attributes contained in audited financial
statements.
CRUD
Create, Read, Update, Delete. Identifies the actions that business processes or subprocesses
execute on data. Typically represented in a modeling tool or spreadsheet matrix. Data actions
can be summarized or generalized for subject areas or high-level entity types in a conceptual
data model, and are captured at the attribute level in the integration of a business process
and logical data model.
DATA ATTRIBUTES
Attributes are properties of an entity type. The DMM states that they should be based on
approved business terms from the Business Glossary. Attribute names follow the conventions
set out in the organization’s data standards, and business terms are modified as needed to
conform to standards. Example: A business term “Date of Plan Termination” may have the
attribute name of “Plan Termination Date.”
DATA CLEANSING
The mechanisms, processes, methods, and processes employed to validate or correct data
with respect to predefined business rules, allowed values, ranges, etc.
DATA GOVERNANCE
Implements structures and establishes policies aimed to help achieve strong participation
222 Appendix
DATA INTEGRATION
Transporting and processing (selecting, connecting, combining, de-duplicating, transforming
representations, etc.) data from multiple sources into a destination environment.
DATA LIFECYCLE
The linked chain of critical processes to create, read, update, and delete (CRUD) data through
the extent of its useful life in the business and eventual archiving or destruction. Typical data
lifecycle phases include the following:
DATA LINEAGE
Traceability of data attributes according to their process dependencies from origination
through to consumption and reporting.
Appendix 223
DATA REQUIREMENTS
Definition of the data needed to achieve business objectives. Data requirements should be
stated in business language and should reuse any approved, available standard business
terms from an authoritative business glossary.
DATA STEWARD
A line of business individual who accepts responsibility for a data set of business terms,
attributes, and data elements. The data steward is responsible for ensuring that the meaning,
usage, and representations of the data set are according to business purpose and conform
to the organization’s standards. A data stewards group is typically one of the organization’s
data governance bodies, with membership from multiple lines of business.
DEFINED
Designed according to a precise template and instantiated as one or more documents.
ENTITY
A person, place, thing, concept, or event of interest to the organization, about which informa-
tion is kept. Examples: Product, Customer, Annual Conference. In data modeling terminology,
the term Entity Type (e.g., “Customer”) refers to the data object; and the Entity is an instance
224 Appendix
ETL
Extract, transform, load. The process by which data is obtained from one or more sources,
transformed into the destination data representations, and loaded into a data store. Business
rules (logic) are applied for data selection and data transformations. Typically accomplished
employing an ETL software product.
EXECUTIVE MANAGEMENT
Executives are individuals who lead major decision-making functions that directly and indi-
rectly impact the organization. For the purposes of the DMM, executive management has the
power to sponsor large-scale, long-term strategic initiatives that are intended to benefit the
entire organization. Examples of executives include Board Chairman, Chief Executive Officer,
Chief Financial Officer, and Chief Operating Officer. As titles vary, the DMM primarily refers
to individuals with major authority over data management programs and activities or over
business processes and corresponding data stores.
IMPLEMENTATION PLAN
A detailed work breakdown structure, addressing interdependencies, resources, beginning
and end dates, assigned resources, etc., which guides the implementation of a data manage-
ment initiative.
INSTITUTIONALIZED
Formalized and embedded within the culture and infrastructure of the organization as a
common resource or method.
KPI
Key performance indicator. Measures and metrics that are used to identify the level of
achievement of objectives or results identified by the organization as very important.
MEASURE
A measure is a count that is collected, and presents a quantified result that is used for report-
ing and monitoring. Measures may be tracked and intended to create a baseline. Examples of
measures include number of defects, transaction counts, number of lines of code, number of
duplicates.
METRIC
Metrics specify the quantification of business meaning. Specifically, a metric defines the
calculation method (+, -, *, /, %, etc.) and unit of measure(s), as well the meaning and context
of the specified measurements.
Appendix 225
OWNER
The responsible party for a business data asset, typically the line of business individual who
is in charge of a business process or application data store. In the DMM, owners are also
referred to at the subject area level, as the organization moves toward centralization of
shared data assets.
PERIODIC, PERIODICALLY
Held or executed at planned intervals.
POLICY
A guiding principle typically established by senior management that is adopted by an organi-
zation to influence and determine decisions.
PROCEDURE
A procedure is an action or set of actions that is performed in a prescribed manner, de-
scribing HOW a process activity step is accomplished. When decomposing processes, the
procedure(s) are defined at the lowest level of detail for standardizing operational execution.
PROCESS
A structured set of activity steps performed to accomplish a result. A process describes
WHAT is done. When documented, typically addresses triggering event; inputs; controls;
mechanisms; outputs; and roles.
PROMULGATION
The act of formally proclaiming or declaring a new statutory or administrative policy after its
enactment. In the DMM, this term is used to emphasize the importance of communication and
verifiable instantiation.
REGULAR MEETINGS
Discussions that recur according to a set schedule or are triggered by pre-specified events.
226 Appendix
RESPONSIBILITY MATRIX
An inventory of assets (documents, systems, etc.) aligned with the people who are responsi-
ble for them. The abbreviation RACI is typically used, referring to Responsible, Accountable,
Consulted, and Informed roles. RACI is also often applied to process, project, and governance
responsibilities.
ROADMAP
Illustrates a high-level view of the major elements of the data management strategy and the
order of execution, typically at the project or initiative level.
SCALABILITY
Architecture appropriately (based on requirements) manages the resources consumed by the
application component or services to maintain acceptable latency and throughput with the
increasing load.
SEMANTIC REPOSITORY
Stored content pertaining to the meaning of the concepts represented by the data. In the
DMM, the semantic repository concept is addressed in the process areas Business Glossary
and Metadata Management.
SENIOR MANAGEMENT
A level of management that has the power to allocate resources for the long-term benefit of
the organization (i.e., hire, fire, and manage a budget). Senior managers are those individuals
whose support is needed to establish or enforce corporate policy. In this model, executive
management has broader authority than senior management.
SEQUENCE PLAN
A translation of the roadmap into a mid-level time-line, which includes a high-level work
breakdown structure, key interdependencies, and important milestone dates.
STAKEHOLDER
An individual or organization that is affected by a decision about architecture, technology,
Appendix 227
STANDARD PROCESS
An operational definition of the overarching process that guides the establishment of a
common process in an organization. A standard process describes the fundamental process
elements that are expected to be incorporated into any defined process. It also describes
relationships (e.g., ordering, interfaces) among these process elements.
SYSTEM OF RECORD
An information system that acts as the authoritative repository accountable for active man-
agement (create, update and delete) of a specific set of data at one or more specified stages
in their lifecycle.
TEMPLATES
Predefined forms of documents that guide the topics addressed when a specific instantiation
is created.
TRUSTED SOURCE
Any source that delivers data that users can trust with confidence to meet their objectives,
ideally without need for reconciliation or remediation. An example is a system of record or an
authoritative data source.
VALIDATION
Assurance that a product, service, process, or system meets the needs of the customer and
stakeholders.
228 Appendix
Appendix 229
230 Appendix
Appendix 231
ABOUT CMMI® INSTITUTE
The Data Management MaturitySM model was developed using the principles and structure of
CMMI Institute’s Capability Maturity Model Integration (CMMI)®—a proven approach to perfor-
mance improvement and the gold standard for software and systems development around
the world.
©2014 CMMI Institute. All rights reserved. Capability Maturity Model Integration, CMMI & Carnegie Mellon
are registered marks of Carnegie Mellon University. The CMMI logo and Data Management
Maturity (DMM) are service marks of CMMI Institute.
232 Appendix