Data Governance – A Sample Data Governance Policy for Government Agencies


Captain to Lieutenant: “Lieutenant…see this 20ft pole? Bury it in this 10ft hole!”

Lieutenant: “Sergeant…?! See this 20ft pole?”


Government agencies are currently attempting to compose what are inclusively being called
Data Governance Policies. Having served on agency and federal data policy working groups, the insight I can reveal is that at the Agency level agencies are taking a wide-spectrum approach to data governance in order to include all elements related to data relative to each Agency. Wide-spectrum approaches are taken in the government, by the way. when no clear guidance is given from higher authorities. Because of its active importance and value to posterity, in the case of government data, no stone can be left unturned in research for what should be included in the policy at the Agency level.

Agency policy composers grapple with questions such as, should direction be given on…

  • …best practices for data housekeeping?
  • …how to store data and for what purposes?
  • …how to best organize data for discovery and audit?

Assuming there is no comprehensive data governance direction from the federal government, Agencies feel they are left to address these and other data-related issues individually within their Agency-level data policy documents.

However, federal guidance has been given to ALL government agencies on the management of data, specifically through Title 44 USC Chap 31, Records Management. Much like the Captain, Lieutenant, and Sergeant above, Agencies can leverage this federal statute to govern data by simply disseminating through governance responsibility for data to Agency Records Management Offices.

It will be argued that 44 USC 31 already assigns records management responsibility to Agency directors who then pass responsibility through to the Agency Records Management Office director. This is true. However, throughout the history of government Records Management up until the computer age, end-user records management responsibility has been left to the end-user. The “end-user” approach to RM is still in place, even now when systems exist to manage the entire lifecycle of information management – A KEY ELEMENT IN DATA GOVERNANCE!!!!! Because the possibility never existed, Agency RMOs have never been included in conversations concerning data’s creation, storage, or disposal.

Now, however, the ability to manage data’s lifecycle does exist and this policy now gives the RMO its voice to dictate data’s lifecycle management.

The application of 44 USC 31 in Data Governance Policy must now extend BEYOND the records management of data from all systems to configuration management of all systems for the purposes of RM. All systems used in the lifecycle of data management are allowed initial configuration by the Records Management Office. AGAIN! – The key to government Data Governance Policy is for Agency directors to justify further responsibility under Title 44, Chap 31 for the “configuration management” of ALL systems used at any stage in the Generation, Storage and Maintenance, and Disposition of data (the data lifecycle) under the Agency RMO. This includes both Mission and Corporate data management systems. Because every government data item is reportable under Title 44, extending systems configuration to RMOs under Chap 31 forces the RMO to develop a system for the accountability of all data. Under this unified system, questions like those above are answered. Agency stakeholders who insist on the management of their own offices’ government data will need to offer higher authority than the U.S Code as justification. In the absence of any such higher authority, the initial processes for metadata collection, the precise initial and ongoing metadata to be captured, the initial and continuing workflows run on data for RM purposes, and the framework into which future requirements for data are levied, such as additional metadata fields and additional workflows from subordinate offices, must adhere to the data governance and accountability business process framework prescribed by the RMO. Additionally, the RMO can make updates or changes to its processes at any time.

With the totality of government information now contained and placed under a single Agency office, the RMO can now define a single records management standard for Mission and Corporate data management systems. (Stay tuned.)

Here’s the sample Data Policy Document. Please debate via comments.


TITLE: Sample Data Governance Policy

AUTHORITY: Title 44 USC Chap 31, Records Management; EO M-19-21, Transition to Electronic Records

POLICY: IAW Title 44, USC, Chapter 31, Records Management and EO M-19-21, Transition to Electronic Records, the Agency Director is required by law to manage the lifecycle of government electronic information, i.e., Generation, Storage and Maintenance, and Disposition, on electronic systems and platforms.

In order to ensure all directives of 44 USC 31 are met and observed, the organizational Director places initial Configuration Management of all existing and future enterprise information systems and platforms under the authority of the Agency Records Management Office. Any system used at any stage in the lifecycle of electronic information will adopt configuration factors (i.e., workflows and metadata) required for the purposes of Records Management, as defined by the Agency Records Management Office.

The organizational Records Management Office is held responsible to ensure that all organizational records are managed in accordance with all federal records management directives, IAW this policy. To accomplish this goal, the organizational Records Management office is granted “first call” on necessary processes and procedures performed by all enterprise information systems to capture and manage organizational electronic information, content, and data for records management purposes, IAW M-19-21.

All enterprise information systems include all systems used in the management of organizational content and available to the enterprise, (i.e., Active Directory, Confluence, Jira, MS Project Server, SharePoint Server, Tableau Server, etc.).

Existing organizational information systems will be configured to adapt to audit requirements of the organizational records management office. Future organizational information systems will be deployed under initial configuration management specifications of the organizational RMO.

Leave a Reply

Your email address will not be published.