Firstly, let’s define Data and Information Asset Management. Behaviour by individuals and organisations by which data and information are treated like economic assets (and liabilities). With the focus on leveraging those assets in a principled and sustainable way.
However, we do need to understand the definition of the key words within that definition before we can move onto defining the capabilities that organisations should have to manage them.
Asset
Something having value, such as a possession or property, that is owned by a person, business, or organisation.[1] However, to slightly adjust that Cambridge Dictionary definition, we would put it as: Resources with possible economic value that an entity controls which may have future economic value.[2]
Management
The oft misquoted Drucker, “Management is doing things right; leadership is doing the right things.”[3]
1.1 In homage and reference other thinkers
There is a strong body of previous literature on this topic.
Obviously, we need to pay homage to Douglas Laney[4] here for his chapter on the Information Supply Chain where he advocates the use of the SCOR (Supply Chain Operations Reference)[5] in this amazing book Infonomics. At Pontus Vision we recommend a capabilities approach – much more akin to the DCAM[6] model thanks for the team and contributors to the EDMC[7].
I wrote my first essay on a related topic back in 2004, following Paul Strassmann’s[8] solid body of work on the evaluation of investments in Information technologies.
Both authors and thinkers I strongly recommend you reference.
2 Data and Information
Without going into the data vs information debate too deeply[9], for the rest of this post, let’s agree the following definitions:
Data: The raw commodity. For practitioners, this is usually that something that lives in a DWH, Data Lake or Swamp. Output: usually refined with business rules to be information.
Information: petrol of the information age, presented, provided with context, and relevant to the context. Usually presented. Practitioner’s view is that this is something usually accompanied with analysis (knowledge) to present it. Output: discussions and decisions.
Bring those concepts together; it is now easy to draw the conclusion that we need to develop capabilities to better manage (in Drucker speak – doing the right things) the Data and Information assets.
3 Why Data and Information Management?
Why is this important now? There are some key factors that are driving the need to adopt Data and Information Asset Management.
Technology
Distributed compute / storage: Data of an organisation is now going to spread across various compute and storage platforms – SAAS, cloud, on-prem, endpoint devices. The ability to understand exactly where which atomic data element is, is vital.
Technology has enabled us to do it: With the Pontus Vision solution, the way it brings together extract, track and comply solutions. We can take the marginal cost of managing each atomic data[10] element close to zero.
Compliance: Jurisdiction considerations are now key; understanding where data collected, stored, processed and analysed is critical.
Stewardship
Analytical enablement: To effectively deploy data assets, we need to refine them into information – providing analysis and context. Without an understanding of where and what those assets are, we are unable to effectively deploy and refine them.
Cyber risk: To enable more effective cyber risk management, we need to know as much as we can (in a cost-effective way) about the assets we are protecting from the cyber risks.
New oil: If data is the new oil, but we don’t know where it is or what data we have.
Economic management
Unearthing hidden costs: Information and data is being managed across organisations; however, it isn’t always visible where those efforts are going into managing that data. Therefore, if we know where the assets are and who is interacting with them means we have the visibility of the costs associated with the management of those asset.
Supply / Demand: If we have an asset in an organisation, it is important it know its usage levels. Otherwise, we will not be able to value that asset correctly.
Changed benefit / cost equation: The benefits of deploying capabilities to manage these most valuable assets are now clearer, now that every business is an information business. Additionally, the costs of deploying real time in situ information and data asset tracking are now reduced (especially with open-source solutions like Pontus Vision).
4 Capabilities to Manage Data & Information Assets
Therefore, if we agree that data and information is an important asset- a asset that we need to steward as leaders and managers in organisations, then we need to determine how best to:
Strategy: Align the data and information assets to the business strategy. E.g., deploying data / information assets with existing or new products and services.
Architect: Develop, rollout and manage data, information and decision architecture[11] to the benefit of the organisation and stakeholders. E.g., deploying real time data streaming architecture where it is truly necessary.
Deploy: Leveraging the assets in a sustainable and principled way to add to the reputational and economic benefit of the organisation and community. E.g., delivering effective board reporting, providing quantitative and qualitative information to ensure decision makes are appropriately informed.
Govern: Align the Data and Information Governance policies and structures to the existing governance structures within the business e.g. ensure that data / information privacy policies are deployed and effective throughout the organisation.
Steward: Ensuring stewardship of the assets, aligned to Principled Performance[12]. E.g., develop and monetise data products, ensuring the data assets are leveraged in the right way.
Protect: Ensure that data / information assets are safe and secure; whilst being leveraged to the benefit of the organisation and stakeholders. E.g., working with the cyber risk teams to ensure encrypt assets.
Comply: Ensuing that data and information is handled in compliance with the necessary legal, ethical and social guidelines and laws. E.g., GDPR, CCPA or another privacy laws.
There are 2 supporting capabilities:
Measure: Within the 7 capabilities, we need to be able to measure the levels of execution and effectiveness of these. We can think about this as the meta-data and meta-MI (or MI of the MI). E.g., we need to be able to measure the level of compliance to the relevant privacy laws – GDPR for instance.
Control: With auditability in mind, the controls (preventative and detective) need to be in place throughout the operating model and capabilities. E.g., preparedness to prove to a regulator that privacy laws have been complied with.
Pontus Vision
Pontus Vision is the leading open-source data asset management and data compliance solution for private and public sector organisations.
About the Author
Daniel Rolles is the author – bio can be found here
[2] Two of the important minor tweaks I made here: firstly, is the insertion of the “possible” as we don’t always know the economic value (or liability). Secondly, is the control of for the stewardship of for instance the stewardship of personal data.