ITRC has developed a series of fact sheets that summarizes the latest science, engineering, and technologies regarding environmental data management (EDM) best practices. This fact sheet lists:
- Data governance principles useful for managing environmental data
- Organizational requirements for managing environmental data
Additional information related to environmental data management is provided in the ITRC fact sheets on Data Management Planning; Data Lifecycle; Data Access, Sharing, and Security; Data Storage, Documentation, and Discovery; and Data Disaster Recovery.
1 INTRODUCTION
Data governance is the exercise of authority, control, and shared decision-making regarding data assets at an organizational/agency level. Core elements of data governance include data access, interfacing, storage, and retention. Data governance is overarching and extends beyond the life of any individual project. While data management plans are unique to a given project/task, data governance policies should apply to all data management activities, and as such data management plans should always follow overarching data governance policies.
Information Technology and Data Governance
Governance is often considered an “information technology” (IT) function to be managed and enforced by an organization’s IT staff or IT provider. IT does have a critical role to play in ensuring that the systems storing the data are secure and robust and that non-IT stakeholders have appropriate access to the data. However, decisions about how to manage the data itself should involve the stakeholders who have the greatest need and use for the data. In most organizations this is best accomplished via a standing partnership between the data users and IT to develop, document, and update the organization’s data governance policies and procedures. A formalized governance team supported by an organization’s management structure combined with documented standards and processes can provide the stable, long-lasting framework needed for data governance.
Data governance provides the framework necessary to make data accessible, defensible, and usable. Many sources (for example, DAMA 2017; Eryurek et al. 2021) discuss data governance from an information technology perspective of managing all data for an organization, but these documents were created to emphasize the aspects of data governance applicable to environmental data management.
2 ORGANIZATIONAL REQUIREMENTS
An effective data governance framework requires the following organizational capabilities.
- Change Management—The ability for an organization to adapt and update the governance structure as processes, organizational needs, and technologies change.
- Compliance/Enforcement—Monitoring and ensuring compliance with the data governance policies and standards. Data governance requirements and policies should be defined at an organizational level to align with and support business processes but should be enforced by the entities responsible for maintaining and publishing data.
- Documentation—Standards, policies, and processes must be documented and accessible. Data governance requirements that are not documented as governance should be included in data management planning documents. For example, if there is no existing governance for how data will be secured, then the data management plan should document what protocols and processes will be used to secure data and prevent unauthorized use.
Table 1 summarizes some of the control documents recommended to establish the processes, procedures, tools, and responsibilities to standardize, protect, store, and integrate data in the environmental data lifecycle.
Table 1. Suggested control documents for environmental data management
Document | Purpose | Plan | Acquire | Process/ Maintain | Publish/ Share |
Retain |
Data Management Plan | Document steps needed to manage data for a project or data set | ● | ● | ● | ● | ● |
Communications Plan | Document communication processes for both internal and external stakeholders | ● | ● | ● | ● | ● |
Quality Assurance Project Plan | Document procedures used to ensure that data collected and analyzed meets data quality objectives | ● | ● | ● | ● | |
Quality Management Plan | Document standards and procedures for assuring data quality for a data set or organization |
● | ● | ● | ||
Sampling and Analysis Plan | Document how samples will be collected and analyzed | ● | ● | ● | ||
Data Disaster Recovery Plan | Document how data will be backed up and restored | ● | ● | ● | ● |
Data Governance Checklist
The checklist below outlines the considerations that an organization’s data governance framework should address.
☐ Does the data governance framework support all phases of the expected lifespan of the data, including data collection, storage, and archiving?
Data Access, Sharing, and Security
☐ Are there policies and procedures in place to control user data access, limiting what data can be accessed depending on job roles and responsibilities?
☐ Are data access policies and procedures consistent with organizational policies and with applicable federal, state, and local privacy laws and regulations?
☐ Are there policies and procedures in place to restrict, monitor, and review user data access to ensure compliance with the requirements outlined in the data management plan, including what data can be accessed and for what duration?
☐ Are there data access policies that specify data sharing requirements?
☐ Is an organizational structure in place that defines the roles and responsibilities of internal and external stakeholders, including data stewards?
☐ Are there processes in place to provide training for data stewards and other data users?
Privacy
☐ Are there policies and procedures in place to comply with privacy requirements and ensure that data are protected during storage, access, and transfer?
☐ Are data storage systems able to classify and track data based on privacy and sensitivity considerations?
Security
☐ Are there policies and procedures in place to protect data and prevent inadvertent or intentional data corruption?
☐ Is there a plan in place to mitigate risks associated with data breaches?
☐ Are there policies and procedures in place to recover from disruption of services and potential data loss arising from data breaches?
☐ Does the organization regularly review and audit data security?
Data Storage, Documentation, and Discovery
☐ Are there standards for data integration and interoperability?
☐ Are there standards and policies for communications related to data?
Archiving and Retention
☐ Are there policies and procedures in place to back up transient data and archive data for long-term preservation?
☐ Are there policies and procedures in place for data retention and disposal or destruction after its useful life?
Documentation Standards
☐ Are standards, policies, and processes documented and accessible to project stakeholders?
☐ Are change management policies and procedures in place to ensure the ability for an organization to adapt and update the governance structure as processes, organizational needs, and technologies change?
☐ Are procedures in place to monitor and ensure compliance with the data governance policies and standards?
☐ Are software applications and tools registered in an applications inventory?
☐ Are reports registered in a library of reports?
☐ Are database schemas documented?
☐ Are data entities, elements, and their relationships documented in a data dictionary?
☐ Are metadata standards in place?
☐ Is there a disaster recovery plan?
☐ Are processes and procedures for backing up data, including offsite backups, in place?
☐ Are personnel assigned to back up and recover data if needed?
Quality (see also Data Quality Fact Sheets)
☐ Are there procedures in place that define data quality assurance?
☐ Are the data definitions clearly defined and referenced consistently throughout?
☐ Are there policies and procedures in place to ensure that data are complete, accurate, relevant, and made available to stakeholders in a timely manner?
3 REFERENCES AND ACRONYMS
The references cited in this fact sheet, and the other ITRC EDM Best Practices fact sheets, are included in one combined list that is available on the ITRC web site. The combined acronyms list is also available on the ITRC web site.