Step 1: Get a governor and the right people in place to govern
The first step in any successful data-governance program is identifying an individual within the organization who carries the delegated authority of the CEO and making that person accountable to make things happen. There is no substitute for strong leadership.

Data governance is a political challenge that requires building consensus among many diverse stakeholders. Political leadership within the organization is therefore a priority. Once established, the governor can create a governing council composed of organizational stakeholders to formulate stewardship policies and report progress to the CEO and board of directors.

Step 2: Survey your situation
Once you have the leadership team in place, it needs to survey the territory and inventory current practices across many diverse domains. The teams need to see across the stovepipes, and an enterprise data-governance assessment methodology is imperative for this task. It helps benchmark where the organization’s data-governance program is today and delivers a road map to determine where it will be tomorrow.

Step 3: Develop a data-governance strategy
After the data-governance assessment, the governance council should look into creating a vision of where it wants the company’s data-governance practices to be in the next few years, thereby creating a vision for the future. The council should work backward, and create realistic milestones and project plans to fill relevant gaps by establishing key performance indicators to track progress and deliver annual reports to the CEO and the board to validate results.

Step 4: Calculate the value of your data
If companies don’t know what it’s worth, they can’t enhance, protect or measure the value of the data to the bottom line. Data isn’t a normal commodity. It’s like water out of a tap—vital to life yet so often taken for granted. But you can’t calculate the value of something if you don’t know its price.

If you want to calculate the value of your data, build an internal marketplace for data based on user entitlements and the utility of IT services. When everyone in an organization is paying for IT services and data directly, the value of data is part of the business P&L.

Step 5: Calculate the probability of risk
Knowing how data has been used and abused in the past is an indicator of how it might be compromised and disclosed in the future. Every organization has causes, events and losses that are lost in stovepipes, hierarchies and business reports. This data is already available and unused by most organizations. Collecting it, relating its meaning and studying loss trends over time can help any organization transform risk management into a fact-based, business intelligence method for analyzing past events, forecasting future losses and changing current policy requirements to improve your mitigation strategies.