Affiliated with:


Every organization needs a set of foundational policies to manage the basic operations of data governance.  Policies are different from guiding principles


Every organization needs to create and maintain a set of basic or foundational policies to manage the operations of data governance effectively.  Many people confuse the terms “policy” with “guiding principle.”  Policies are “the overall business rules and processes that an enterprise uses to provide guidance. Data Management policies might include adherence of data to business rules, providing guidance for protection of data, defining enterprise data management functions, etc.  Guiding principles are “statements that direct the organization in the course of its operations, in all circumstances”, regardless of changes in management or other impermanent things.

In data governance, several policies are essential to the effective operations of the program.  Usually, these foundational data governance policies address the structure of the data governance program and include policies on data access, data usage, and data integrity and integration.

Following are examples of the essential data governance policies that every organization should create, maintain and implement for successful data management.

1.) Data Governance Structure Policy

Data Governance is the practice of making strategic and effective decisions regarding the organization’s data and information assets. It assumes a responsibility to adhere to all policies and all legal constraints that govern the proper use and management of data and information by all members of the enterprise’s community, including but not limited to employees, contractors, and external partners.

So the organization can achieve effective Data Governance,  the organization has chosen to apply formal guidelines to manage the enterprise’s data and information assets, and will assign staff to implement them.  While the organization’s Enterprise Data Management leader and Data Governance leader are assigned leadership roles and oversight for the activities of Data Governance, this function is shared among the executive sponsors, Enterprise Data Management (EDM) Council and Data Governance Committee members, data stewards, data administrators, and data users.

The Enterprise Data Management (EDM) Council is a permanent group with a senior representative from each of the company’s business units and the EDM Program Office, and the Data Governance Committee.  It has strategic responsibilities to make decisions and resolve major issues concerning general enterprise information management challenges.

The Data Governance Committee is a permanent group, led by the Data Governance Leader and supported by the Chief Data Steward.  The Data Governance Committee will appoint data stewards, and through the establishment of data policies and organizational priorities, provide direction to them and data administrators.  The Data Governance Committee is a body that meets regularly to address a variety of data issues and concerns.

2.) Data Access Policy

The purpose of the data access policy is to ensure that employees have appropriate access to organizational data and information.  While recognizing the company’s responsibility for the security of data, the procedures established to protect that data must not interfere unduly with the efficient conduct of the organization’s business.  This policy applies to all business units and to all uses of company data, regardless of the offices or format in which the data reside.

The policy will protect its data assets through security measures that assure the proper use of the data when accessed.  Every data item will be classified by the relevant data steward to have an appropriate access level.  Data access will be conducted in accordance with the policies established by the organization.

Any employee or non-employee denied access may appeal the denial to the Data Governance Committee; decision is final from the DG Committee.

3.) Data Usage Policy

The purpose of the data usage policy is to ensure that company data are not misused or abused, and are used ethically, according to any applicable law, and with due consideration for individual privacy.  Use of data depends on the security levels assigned by the relevant business data steward.

Personnel must access and use data only as required for the performance of their job functions, not for personal gain or for other inappropriate purposes; they must also access and use data according to the security levels assigned to the data.  Data usage falls into the categories of create, update, read-only, and external dissemination.

Authority to update data shall be granted by the appropriate data steward only to personnel whose job duties specify and require responsibility for data update.  This restriction is not to be interpreted as a mandate to limit update authority to members of any specific group or office but should be tempered with the company’s desire to provide excellent service to employees, customers / members, representatives, and other constituents.  Company employees, contractors and business partners who fail to comply with the data usage policy will be considered in violation of the relevant Thrivent codes of conduct and may be subject to disciplinary action or to legal action if laws have been violated.  In less serious cases, failure to comply with this policy could result in denial of access to data.

4.) Data Integrity and Integration Policy

The purpose of this policy is to ensure that the organization’s data have a high degree of integrity and that key data elements can be integrated across functional units and electronic systems so that staff,  contractors and management may rely on data for information and decision support.

Data integrity refers to the validity, reliability, and accuracy of data.  Data integrity relies on a clear understanding of the business processes underlying the data and the consistent definition of each data element.

Data integration, or the ability of data to be assimilated across information systems, is contingent upon the integrity of data and the development of a data model, corresponding data structures, and domains.

Data must be defined as data that are maintained in support of a functional unit’s operation and meet one or more of the following criteria:

  • the data elements are key fields, that is, integration of information requires the data element;
  • the organization must ensure the integrity of the data to comply with internal and external administrative reporting requirements, including enterprise planning efforts;
  • the data are reported on or used in official / regulatory reports;
  • a broad cross section of users requires the data.

It is the responsibility of each data steward, in conjunction with the Data Governance Committee and the Enterprise Data Architect, to determine which core data elements are part of the organization’s essential / core data.

Documentation (metadata) on each data element will be maintained within a corporate repository according to specifications provided by the director of enterprise data management and informed by the Data Governance Committee. These specifications will include both the technical metadata and definition of each element, as well as a complete interpretation that explains the meaning of the element and how it is derived and used.  The interpretation will include acceptable values for each element, and any special considerations, such as the values that determine whether a person is a member or a customer.

All employees are expected to bring data problems and suggestions for improvements to the attention of the appropriate data stewards, the Data Governance Committee, or the director of enterprise Data management.

For effective data governance and data management, developing and maintaining these foundational data policies is an essential step.  Using these samples from actual EWSolutions clients can assist any organization in writing these necessary data policies.


Dr. David P. Marco, LinkedIn Top BI Voice, IDMMA Data Mgt. Professional of the Year, Fellow IIM, CBIP, CDP

Dr. David P. Marco, PhD, Fellow IIM, CBIP, CDP is best known as the world’s foremost authority on data governance and metadata management, he is an internationally recognized expert in the fields of CDO, data management, data literacy, and advanced analytics. He has earned many industry honors, including Crain’s Chicago Business “Top 40 Under 40”, named by DePaul University as one of their “Top 14 Alumni Under 40”, and he is a Professional Fellow in the Institute of Information Management. In 2022, CDO Magazine named Dr. Marco one of the Top Data Consultants in North America and IDMMA named him their Data Management Professional of the Year. In 2023 he earned LinkedIn’s Top BI Voice. Dr. Marco won the prestigious BIG Innovation award in 2024. David Marco is the author of the widely acclaimed two top-selling books in metadata management history, “Universal Meta Data Models” and “Building and Managing the Meta Data Repository” (available in multiple languages). In addition, he is a co- author of numerous books and published hundreds of articles, some of which are translated into Mandarin, Russian, Portuguese, and others. He has taught at the University of Chicago and DePaul University.

© Since 1997 to the present – Enterprise Warehousing Solutions, Inc. (EWSolutions). All Rights Reserved

Subscribe To DMU

Be the first to hear about articles, tips, and opportunities for improving your data management career.