itrc_logo

EDM

Home
Interactive Directory
Introduction and Overview
Introduction
Overview of Guidance Document
Data Management Planning
Data Management Planning Home
Data Management Planning Overview
Data Governance
Data Lifecycle
Data Access, Sharing, and Security
Data Storage, Documentation, and Discovery
Data Disaster Recovery
Data Quality
Data Quality Home
Data Quality Overview 
Analytical Data Quality Review: Verification, Validation, and Usability
Using Data Quality Dimensions to Assess and Manage Data Quality
Considerations for Choosing an Analytical Laboratory 
Active Quality Control During Screening-level Assessments
Field Data Collection
Field Data Collection Home
Introduction to and Overview of Field Data Collection Best Practices
Defining Field Data Categories and Collection Methods
Field Data Collection Process Development Considerations
Field Data Collection Quality Assurance and Quality Control (QA/QC)
Field Data Collection Training Best Practices
Field Data Collection Training Best Practices Training Development Checklist
Other Considerations for Field Data Collection
Data Exchange
Data Exchange Home
Data Exchange Overview
Valid Values
Electronic Data Deliverables and Data Exchange
Data Migration Best Practices
Traditional Ecological Knowledge
Traditional Ecological Knowledge Home
What is Traditional Ecological Knowledge?
Acquiring Traditional Ecological Knowledge Data
Using and Consuming Traditional Ecological Knowledge Data
Managing Traditional Ecological Knowledge Data
Geospatial Data
Geospatial Data Home
Overview of Best Practices for Management of Environmental Geospatial Data
Organizational Standards for Management of Geospatial Data
Geospatial Data Standards
Geospatial Data: GIS Hardware
Geospatial Metadata
Geospatial Data Software
Geospatial Data Collection Consistency
Geospatial Data Field Hardware
Geospatial Data Dissemination: Web Format
Geospatial Visualization of Environmental Data
Public Communications
Public Communications Home
Public Communication and Stakeholder Engagement
Environmental Data Management Systems
Environmental Data Management Systems Home
Environmental Data Management Systems
Case Studies
Case Studies Home
Historical Data Migration Case Study: Filling Minnesota’s Superfund Groundwater Data Accessibility Gap
Case Study: USGS Challenges with secondary use of multi-source water quality monitoring data
LEK Case Study: Collection and Application of Local Ecological Knowledge to Local Environmental Management in Duluth, Minnesota
TEK Case Study: Improving Coastal Resilience in Point Hope, Alaska
Case Study: Integration of Traditional Ecological Knowledge to the Remediation of Abandoned Uranium Sites
Case Study: Local Ecological Knowledge of Historic Anthrax in a Natural Gas Field
Rest in Peace? A Cautionary Tale of Failure to Consult with an Indigenous Community
Case Study: Use of Traditional Ecological Knowledge to Support Revegetation at a Former Uranium Mill Site
Additional Information
Supplemental Resources
References
Acronyms
Glossary
Acknowledgments
Team Contacts
Navigating this Website
Document Feedback

 

Environmental Data Management (EDM) Best Practices
HOME

Data Governance

ITRC has developed a series of fact sheets that summarizes the latest science, engineering, and technologies regarding environmental data management (EDM) best practices. This fact sheet lists:

  • Data governance principles useful for managing environmental data
  • Organizational requirements for managing environmental data

Additional information related to environmental data management is provided in the ITRC fact sheets on Data Management Planning; Data Lifecycle; Data Access, Sharing, and Security; Data Storage, Documentation, and Discovery; and Data Disaster Recovery.

1 INTRODUCTION

Data governance is the exercise of authority, control, and shared decision-making regarding data assets at an organizational/agency level. Core elements of data governance include data access, interfacing, storage, and retention. Data governance is overarching and extends beyond the life of any individual project. While data management plans are unique to a given project/task, data governance policies should apply to all data management activities, and as such data management plans should always follow overarching data governance policies.

Information Technology and Data Governance

Governance is often considered an “information technology” (IT) function to be managed and enforced by an organization’s IT staff or IT provider. IT does have a critical role to play in ensuring that the systems storing the data are secure and robust and that non-IT stakeholders have appropriate access to the data. However, decisions about how to manage the data itself should involve the stakeholders who have the greatest need and use for the data. In most organizations this is best accomplished via a standing partnership between the data users and IT to develop, document, and update the organization’s data governance policies and procedures. A formalized governance team supported by an organization’s management structure combined with documented standards and processes can provide the stable, long-lasting framework needed for data governance.

Data governance provides the framework necessary to make data accessible, defensible, and usable. Many sources (for example, DAMA 2017; Eryurek et al. 2021) discuss data governance from an information technology perspective of managing all data for an organization, but these documents were created to emphasize the aspects of data governance applicable to environmental data management.

2 ORGANIZATIONAL REQUIREMENTS

An effective data governance framework requires the following organizational capabilities.

  • Change Management—The ability for an organization to adapt and update the governance structure as processes, organizational needs, and technologies change. 
  • Compliance/Enforcement—Monitoring and ensuring compliance with the data governance policies and standards. Data governance requirements and policies should be defined at an organizational level to align with and support business processes but should be enforced by the entities responsible for maintaining and publishing data. 
  • Documentation—Standards, policies, and processes must be documented and accessible. Data governance requirements that are not documented as governance should be included in data management planning documents. For example, if there is no existing governance for how data will be secured, then the data management plan should document what protocols and processes will be used to secure data and prevent unauthorized use.

Table 1 summarizes some of the control documents recommended to establish the processes, procedures, tools, and responsibilities to standardize, protect, store, and integrate data in the environmental data lifecycle.

Table 1. Suggested control documents for environmental data management

Document Purpose Plan Acquire Process/ Maintain Publish/
Share		 Retain
Data Management Plan Document steps needed to manage data for a project or data set 
Communications Plan Document communication processes for both internal and external stakeholders 
Quality Assurance Project Plan Document procedures used to ensure that data collected and analyzed meets data quality objectives 
Quality Management Plan Document standards and procedures for assuring data quality for a data set or
organization 
Sampling and Analysis Plan Document how samples will be collected and analyzed 
Data Disaster Recovery Plan Document how data will be backed up and restored

Data Governance Checklist

The checklist below outlines the considerations that an organization’s data governance framework should address.

Data Lifecycle

☐ Does the data governance framework support all phases of the expected lifespan of the data, including data collection, storage, and archiving?

Data Access, Sharing, and Security

☐ Are there policies and procedures in place to control user data access, limiting what data can be accessed depending on job roles and responsibilities? 

☐ Are data access policies and procedures consistent with organizational policies and with applicable federal, state, and local privacy laws and regulations?

☐ Are there policies and procedures in place to restrict, monitor, and review user data access to ensure compliance with the requirements outlined in the data management plan, including what data can be accessed and for what duration?

☐ Are there data access policies that specify data sharing requirements?

☐ Is an organizational structure in place that defines the roles and responsibilities of internal and external stakeholders, including data stewards? 

☐ Are there processes in place to provide training for data stewards and other data users?

Privacy 

☐ Are there policies and procedures in place to comply with privacy requirements and ensure that data are protected during storage, access, and transfer?

☐ Are data storage systems able to classify and track data based on privacy and sensitivity considerations?

Security

☐ Are there policies and procedures in place to protect data and prevent inadvertent or intentional data corruption?

☐ Is there a plan in place to mitigate risks associated with data breaches?

☐ Are there policies and procedures in place to recover from disruption of services and potential data loss arising from data breaches?

☐ Does the organization regularly review and audit data security?

Data Storage, Documentation, and Discovery

☐ Are there standards for data integration and interoperability?

☐ Are there standards and policies for communications related to data?

Archiving and Retention

☐ Are there policies and procedures in place to back up transient data and archive data for long-term preservation?

☐ Are there policies and procedures in place for data retention and disposal or destruction after its useful life?

Documentation Standards

☐ Are standards, policies, and processes documented and accessible to project stakeholders?

☐ Are change management policies and procedures in place to ensure the ability for an organization to adapt and update the governance structure as processes, organizational needs, and technologies change?

☐ Are procedures in place to monitor and ensure compliance with the data governance policies and standards?

☐ Are software applications and tools registered in an applications inventory?

☐ Are reports registered in a library of reports?

☐ Are database schemas documented?

☐ Are data entities, elements, and their relationships documented in a data dictionary?

☐ Are metadata standards in place?

Disaster Recovery

☐ Is there a disaster recovery plan?

☐ Are processes and procedures for backing up data, including offsite backups, in place?

☐ Are personnel assigned to back up and recover data if needed?

Quality (see also Data Quality Fact Sheets)

☐ Are there procedures in place that define data quality assurance? 

☐ Are the data definitions clearly defined and referenced consistently throughout?

☐ Are there policies and procedures in place to ensure that data are complete, accurate, relevant, and made available to stakeholders in a timely manner?

3 REFERENCES AND ACRONYMS

The references cited in this fact sheet, and the other ITRC EDM Best Practices fact sheets, are included in one combined list that is available on the ITRC web site. The combined acronyms list is also available on the ITRC web site.

image_pdfPrint this page/section


EDM
Home
glossaryGlossary
referencesReferences
acronymsAcronyms
ITRC
Contact Us
About ITRC
Visit ITRC
social media iconsClick here to visit ITRC on FacebookClick here to visit ITRC on TwitterClick here to visit ITRC on LinkedInITRC on Social Media
Permission is granted to refer to or quote from this publication with the customary acknowledgment of the source (see suggested citation and disclaimer). This web site is owned by ITRC • 1250 H Street, NW • Suite 850 • Washington, DC 20005 • (202) 266-4933 • Email: [email protected]Terms of Service, Privacy Policy, and Usage Policy ITRC is sponsored by the Environmental Council of the States.