Guideline 41. Strategies, policies and roles

Submitted by Anonymous (not verified) on Tue, 07/10/2018 - 09:46

The institution establishes strategies, policies and plans for implementing the Master Data Governance and Master Data Management Programmes.

Guideline code

ICT_05400

Mechanism

The Master Data Governance and Master Data Management Committees should define the criteria and a preliminary scope concerning the data types to be included in the master data.

The criteria may establish that the master data should include the data types required by software applications implementing the main social security functions. They can also be based on a risk analysis of inconsistencies due to multiple versions of the same data. These criteria may lead to the inclusion, for instance, of personal basic data and family links, employee–employer links, etc.;
A preliminary scope may include: personal basic data according to the various relations with social security functions (employee, beneficiary, contributor, etc.), family and household-related links, employers, labour records (employee–employer relationship), and employees’ monthly salary;
Master data items should be classified according to the degree of requirement (e.g. critical, necessary, recommended, optional, etc.). This classification has to be updated systematically.

The Master Data Governance Committee should define the master data governance processes with the aim of:

Analysing and articulating the requirements for master data governance, and establishing and maintaining structures, principles, processes and best practices with clear responsibilities and authority;
Optimizing the value provided to the mission of the institution’s business processes and ICT services for the government and management of the data and the data assets that are derived from the investment;
Managing the risks related to using unreliable data in social programmes;
Allocating adequate resources (staff, processes and technologies) for the master data programmes to support the objectives of the institution effectively with optimal costs;
Ensuring transparency of the performance and measurement of compliance with the government and management of the data-related functions;
Defining and maintaining an inventory of the responsibilities required for each of the activities and operations in the master data life cycle;
Identifying the training programmes required to improve the skills of the staff involved in master data operations and activities.

The Master Data Governance Committee should establish structures, processes and practices for governance and management of the data.

Parent

Structure

Derive a strategy for master data governance from the organizational strategy. The strategy should be based on business goals related to using master data in social security and should be described by means of policies;
Implement plans in order to carry out the master data governance and master data management processes linked to the governance objectives;
Identify the roles required to execute the various master data management operations across the master data life cycle;
Identify the responsibility chains in order to track accountability on the master data actions. This can be done by using the RACI Matrix;
Appoint staff to be responsible for the master data governance activities required, as well as data stewards;
Define a structure for documenting, storing and communicating a set of policies which cover all six principles defined by ISO/IEC 38500.

The Master Data Governance Programme should include an assessment of the needs, conditions and options of the institution’s areas of concern in order to define institutionally balanced objectives. It should establish priorities and monitor performance and compliance with agreed objectives.
A specialized organizational structure should be established to coordinate the master data governance processes. To provide accountability, the roles and chains of responsibility among persons and units appointed to carry out the various tasks should be clearly defined. Roles for master data governance may be based on the data governance roles identified in COBIT®.
The master data governance processes should follow the institution’s framework of data governance as well as standards and international practices (e.g. ISO/IEC 38500, COBIT® 4.1, COBIT® 5).
The defined strategy and action plans should be based on the institutional ICT governance and management processes recommended in this set of Guidelines.