(Redrafted for Alignment with Data Operations Plan)
Key Takeaways
- Unified Approach: The governance framework aligns with a single ERP system, reducing regional differences while maintaining flexibility through a federated model.
- Currency Considerations: Includes provisions for consistent handling of multi-currency data and metadata tracking for accurate exchange rate management.
- Data Quality Assurance: Emphasises six dimensions of data quality, with automated monitoring and KPIs to ensure reliability and accuracy.
- Security Measures: Incorporates encryption, role-based access control, and privacy protections to secure sensitive data globally.
- Operational Alignment: Governance practices integrate seamlessly with workflows, supporting day-to-day operations and reporting requirements.
5.1 Compliance and Governance Requirement
Ensuring compliance with industry regulations, internal governance, and data protection standards such as GDPR and ISO 27001 is paramount. Regular audits, risk assessments, and a robust data governance framework will underpin these efforts. Reporting practices will incorporate legal, commercial, and regulatory requirements to maintain data quality and integrity.
5.2 Data Governance Principles
Data Governance in BMT is governed by our Data Governance Principles.
 |  |  |  |
| Strategic | Standard | Simple / Flexible | Secure |
| Data is a strategic asset for BMT The data needs of the many outweighs the needs of the few. The quality, integrity and accuracy of data is a critical and ongoing business issue. | Align with industry best practice. Integration across core BMT systems. | The pace of change for our systems will never be slower than it is today. Single source of data truth. | Globally and nationally secure data. Responsibly use our data. |
Data Governance Principle 1 – Federated Data Governance Model
Regional businesses adhere to a centralised set of governance standards for core and common systems. Local deviations are permissible when they provide competitive advantages, provided they do not compromise global collaboration, communication, or data security.
Data Governance Principle 2 – Defined Roles and Responsibilities
Clear definitions for governance roles, including Data Owners (accountable for data quality and access) and Data Stewards (responsible for day-to-day data management), ensure effective governance across the organisation.
5.3 Data Governance Coverage
Our Data Governance framework provides a comprehensive structure to ensure the effective management, compliance, and ethical use of data across the organisation. This framework governs all data activities within the Data Warehouse and Data Marts, enabling operational excellence and informed decision-making. Key elements include:
Lifecycle Management:
Data is managed through its entire lifecycle – Create, Read, Update, and Delete (CRUD)ensuring that data processes align with operational needs, compliance requirements, and organisational objectives.
Data Classification:
All data is classified based on sensitivity, usage, and regulatory requirements. This tailored approach ensures appropriate access controls, data protection measures, and compliance with laws and standards.
Data Impact Assessment (DIA):
A systematic evaluation of potential risks and implications associated with key data activities, including:
- Introducing new data sources.
- Sharing data with internal or external stakeholders.
- Implementing new models, reports, or processes.
The DIA process ensures that risks are identified early and addressed effectively, enhancing compliance, transparency, and trust.
Access and Security Controls:
Policies and technologies ensure the right users access the right data at the right time, supported by role-based permissions, audit trails, and monitoring to prevent unauthorised use.
Data Quality Assurance:
Regular validation of data ensures accuracy, consistency, completeness, and integrity. Automated monitoring and manual reviews uphold trust in the data for critical decision-making.
Regulatory and Compliance Alignment:
Governance policies are aligned with relevant laws, regulations, and standards (e.g., GDPR, HIPAA, FRS102) to mitigate risks and ensure ethical and lawful data usage.
Auditing and Monitoring:
Comprehensive logging and auditing processes provide visibility into data activities, supporting both internal oversight and external audits.
Stewardship and Accountability:
Designated Data Stewards and Owners ensure accountability for data governance at every stage of the data lifecycle. This stewardship fosters a culture of ownership, responsibility, and continuous improvement.
5.4 Data Quality
To derive maximum value from our data, BMT ensures and assures data quality through the following measures:
- Data Definitions:
- Centralised in a Data Dictionary, definitions include taxonomies, measures, metrics, and KPIs, promoting consistency and coherence.
- Data Warehouse Design:
- Documented pipelines from sources to Data Marts.
- Configuration-managed code following a three-stage deployment pipeline (Development, Testing, and Production).
- Data Quality Framework:
- Consistency: Data remains uniform across sources and reports.
- Accuracy: Real-world values are reflected, with timestamps and provenance documented.
- Validity: Data adheres to defined formats and data type requirements.
- Uniqueness: Checks ensure no duplicate entries for transactions, customers, or suppliers.
- Completeness: QA activities confirm all necessary data is present for its intended use.
- Timeliness: Data availability aligns with business requirements, typically updated daily.
- Quality Monitoring and KPIs:
- Continuous monitoring through automated checks, manual validations, and dashboards tracking quality metrics.
- Data Sampling:
- Regular sampling ensures data quality at scale, reducing reliance on exhaustive validation.
Data Governance Principle 3 – Unified Approach
The governance framework aligns with a single ERP system, reducing regional differences while maintaining flexibility through a federated model.
Data Governance Principle 4 – Data Quality Assurance
Emphasises six dimensions of data quality, with automated monitoring and KPIs to ensure reliability and accuracy.
5.5 Metadata Management
A robust metadata management system supports consistent understanding and usage of data:
- Central Metadata Repository: Captures lineage, tagging, and categorisation to provide context and traceability.
- myBMT Catalogue acts as a repository for structured metadata, providing a single point of reference for data tables, objects, and their categorisation within the medallion architecture.
- KnowHow complements myBMT by capturing procedural knowledge, such as transformations, usage guides, and best practices, contextualising the metadata.
- Lineage Tracking: Ensures all data transformations and movements are documented.
- While myBMT might not currently offer detailed lineage tracking, it does provide visualisations of the data flow through layers Bronze, Silver, and Gold
- While KnowHow may not explicitly track lineage, it documents workflows and methodologies, offering insight into how data is processed.
- Tagging System: Improves discoverability and enhances governance.[SW1]
- myBMT provides tagging to include domain-specific keywords or usage contexts.
- KnowHow uses categories and tags for its posts (e.g., associating blog entries with related datasets or processes), to enhance discoverability.
[SW1]How will be do this? Is this done already?
5.6 Data Security and Privacy
Our governance framework incorporates secure-by-design principles to protect data:
- Encryption: Protects data in transit and at rest.
- Azure automatically encrypts data at rest in both Blob Storage and Azure SQL Database using Azure Storage Service Encryption (SSE) and Transparent Data Encryption (TDE), respectively.
- Endpoint Detection and Response (EDR): All Enterprise Applications within our network or cloud infrastructure shall utilise EDR. For Enterprise Applications supported by a 3rd party i.e. SaaS we shall require evidence of EDR for bi-directional data flows or only flow data out to these applications to reduce the cyber risk of unprotected systems.
- Identity and Access Management (IDAM): Access to Business Data within the Data Warehouse or within other Enterprise Applications for Business Report creation or Self-Service analysis will be restricted. Access will be managed using our Enterprise IDAM systems utilising Single Sign and Multi-Factor Authentication (SSO and MFA) as a minimum to control access, assure identity of individuals and protect our data.[SW1]
- Role-Based Access Control (RBAC): Ensures users can access only the data required for their roles.
- Personally Identifiable Information (PII) Data Management:
- PII is limited to what is necessary.
- Obfuscation, pseudonymisation, and summarisation techniques are applied to protect sensitive employee and customer data.
Data Governance Principle 5 – Security Measures
Incorporates encryption, role-based access control, and privacy protections to secure sensitive data globally.
[SW1]Two bits to add to Knowhow if these are correct.
5.7 Change Management
To mitigate risks during updates or changes, a robust change management framework is employed:
- Version Control: All changes to data models, pipelines, and reports are tracked and logged.
- Approval Processes: Updates require formal approval to ensure alignment with governance policies.
- Rollback Mechanisms: Enable quick restoration to previous states in case of issues.
5.8 Operational Integration
Operational workflows are aligned with governance practices to ensure seamless implementation:
- Business Alignment: Governance supports day-to-day workflows, ensuring that operational and reporting needs are met.
- Collaborative Workflows: Teams across regions and functions adhere to consistent governance standards.
Data Governance Principle 6 – Operational Alignment
Governance practices integrate seamlessly with workflows, supporting day-to-day operations and reporting requirements.