Developing a data governance strategy for your company

It includes the people, processes and technology needed to achieve consistent, accurate and effective data processing. Data governance systems must be an integral part of the pharmaceutical quality system and are a fundamental part of the company. It must cover the following aspects: organization, control, supporting processes, business processes and IT architecture & infrastructure (Source: ISPE GPG Data Integrity – Key concepts).

These following weeks, our Data Integrity Expert, Nathalie Wellens, will explain the concept of data integrity, its evolution, data governance strategies or programs, how to implement a data governance framework in your company and remediation solutions.

Nathalie, why is it important to have a strategy in place?

• It protects the data against cyber attacks, data breaches or infractions.
• Centralised systems and standardised procedures decrease your data management & data governance costs.
• Increases the ROI of a data analysis.
• Modern business is driven by data. Using this data for better decision making and improved communication, can in turn lead to a competitive advantage.
• It makes it easier to comply with regulations.
• Relieves the workload of the IT department to protect all data.
• It allows you to better prepare for audits.

There are many advantages to implementing a framework, but of course, there are also a number of downsides or challenges.

Data governance requires a company-wide mandate to implement the framework, it requires resources and especially time from your employees. Make sure that this investment pays off.

It is part of a broader quality and risk policy. This means that the different teams, processes or procedures need to be aligned with each other. In addition, change is sometimes difficult, invest sufficient time in sensitizing, motivating and training your employees.

Keep in mind that a framework must remain flexible and simple for ‘users’. If procedures or processes hamper business efficiency or work activities, they need to be adapted. Moreover, it can be difficult to select the right technologies and tools. Get professional support or use resources like Gartner and ask for references.

How to set up your data governance strategy?

1. Research all current data governance practices within your company and the regulatory framework

It’s quite possible that there are already data governance practices within your company e.g. in the IT department. Compare the status of current efforts and the required regulatory framework. Let this report be a starting point to determine your strategy and write a business case.

The different regulators may have varying views on some aspects of Data Integrity compliance, but they all pay attention to these general topics:

• Organization
• Data lifecycle
• System lifecycle
• Audit trail
• Security & access control
• Date & time indication
• Contractor / Vendor / 3rd party

Write a comprehensive business case about the necessary resources, procedures, processes, time, costs but also what the ROI of the effort will be (savings). This will create a financial ‘value overview’ that can be used when pitching your data governance strategy to your management. Align your data governance strategy with your business strategy, IT strategy & quality standards.

2. Assign data governance roles

The basis for each program is to define business roles and responsibilities. The goal is to set up an enterprise-wide governance structure. Not all roles are necessary, so choose a structure that works for your company.

• The Chief Data Officer is responsible for the data governance strategy.
• The Data Owner bears direct responsibility for the data. This person must have knowledge of the device, application or system. He/she is also closely involved in the protection of data integrity. In addition to these ‘operational’ data owners, you can also appoint ‘tactical’ data owners. They are responsible for a domain or topic and must facilitate communication with stakeholders.
• The Data Steward ensures the correct implementation and enforcement of the procedures and is responsible for the training courses.

The data governance committee draws up the policies and procedures together with the stakeholders. Data governance requires a top-down approach, think of this when composing the committee (Source: Dataversity).

3. Develop a Roadmap

Create a document with the different phases of the strategy implementation. Each phase describes precisely what needs to be done and who carries what responsibility. In addition, determine the timing for each phase of the implementation.

4. Determine the control measures

It is important for companies to maintain control over the data governance program. It should be taken into account that a data governance program is not a one-off activity. It is an ongoing program that needs to be continuously evaluated & adjusted. The control measures include factors such as defining automated workflow processes, collecting feedback on those processes and applying the processes to the governance structure.

5. Roll-out of the framework and evaluation

Now it is time to implement the complete framework and let all procedures & processes take effect. The Data Governance team makes sure that the program is effective and meets the predefined requirements. Use the set KPI’s and control measures to assess the program.

A risk-based and pragmatic approach

In order to address the growing need of the industry to implement data integrity in a smart and efficient way, Pauwels Consulting has developed a unique data governance program. The program combines a thorough pre-assessment with subsequent transition according to the well-known PDCA cycle. GAP assessments and associated actions are carried out in parallel across each department with continuous feedback loops and include alignment of all DI-related documentation (e.g. URS, data handling procedures, etc…).

Our risk-based and pragmatic approach embeds strong leadership and proper behavioral management. It is designed to achieve and sustain DI cultural excellence across the entire organization. Proper training is crucial so our Data Integrity team has compiled a variety of training modules that can be tailored to achieve these goals, together!