Implementing Data Governance (Frameworks & Maturity)

Frameworks: DAMA-DMBOK (descriptive, 11 domains), DCAM (assessment + maturity — favored by financial services), CDMC (cloud-focused, 14 capabilities), CMMI-DMM (CMMI-style maturity for data). Most orgs adopt DAMA vocabulary and structure work by domain.

**Operating model**: federated vs centralized vs hybrid. **Federated** (recommended for enterprises > 1000 employees): each business domain has a data lead accountable for domain data. Central CDO office sets frameworks, standards, and cross-domain arbitration, but doesn't own domain data. **Centralized**: works < 500 employees; bottlenecks above. **Hybrid**: some critical data owned centrally (customer MDM), rest federated — most realistic in practice.

**Governance bodies**: (a) **Data Governance Council** — senior leaders (CDO, heads of domains, CISO, Legal, DPO), meets quarterly, sets strategy + resolves cross-domain disputes; (b) **Data Governance Working Group** — domain leads + stewards, monthly, operational; (c) **Domain councils** — within each business domain, the owner + stewards decide domain policy.

**Roadmap pattern (18-24 months)**: Q1-Q2 — quick-win foundation (council formation, catalog POC on top 50 tables, critical data elements definition, RoPA for compliance). Q3-Q4 — scale catalog to 500 tables, start quality monitoring on CDEs, access governance redesign. Year 2 — expand to additional domains, formalize policies, maturity assessment.

**Metrics that matter** (shift from activity to outcome): % critical datasets with owner and steward assigned, % datasets with quality SLA, avg time to fulfill DSR, % data subject requests responded within 30d, number of quality incidents → closed with root-cause, catalog search success rate, time new analyst becomes productive (proxy for discoverability).

Change management is 70% of the effort. People resist sharing ownership, defining their 'fuzzy' data, admitting quality problems. Approach: (i) tie wins to business OKRs, not compliance scare; (ii) embed stewards in existing teams, don't create a separate tribe; (iii) train on both the 'why' and the tools; (iv) executive visibility and accountability — CDO reporting to CEO/CFO preferred.

Common pitfalls: (i) treating governance as a compliance project (delivers documents, not change); (ii) buying a tool before defining the framework (tool doesn't decide who owns customer); (iii) top-down mandate with no domain buy-in (passive resistance kills adoption); (iv) vanity metrics (X% coverage) that don't correlate with outcomes; (v) under-investing in stewards' time (they have day jobs).