Data Management Policy – Why you need to have one!?

Data is the lifeblood of any IT systems and a good data management policy will make sure it continues to flow!

A good data management policy will achieve 3 goals:

  1. Make sure the information in your systems is accurate
  2. Make sure that data is secured
  3. Make sure that data is available at all time

What to consider for a good data management policy

A) Data accuracy – Make sure it’s the right information

Make sure the data available in your systems is complete and accurate. Putting the right data, in the right system. This is the basis of data management.

Reinforce that notion with the employees. Make sure they understand their role and its impact on the rest of the data life cycle.

B) Data integrity- Make sure data stays the same

Make sure that data in your systems stays the same and that it is protected from unauthorized modification. Data should also stay the same throughout all your systems: information about a job in the production and the shipping system should be consistent.

C) Data quality – Make sure knowledge is recorded

Have the most complete, up-to-date and descriptive information in your systems.

Let’s say we have customers’ information. Having the name, address and contact information is good. But if you also have the preferences of the customer, notes on the best way to reach him, mistakes you made in the past and other such information, that could be very useful for a new rep. Now you have quality information in your system.

The more – valid – information employees put in the systems, the better the quality of the data is. It has two advantages

  • The enterprise is able to have make better decisions
  • When an employee’s leaves the company, no knowledge is lost (or at least, less)

This is a concept that has to be part of your data management policy and needs to be reinforced with employees. The more knowledge in your systems, the better the return on investment will be for your ERP system.

How to build a data management policy

1. List your systems

Know every system in the company. That may seems basic, but in larger companies, it becomes difficult to know every software used.

List what they are used for. Often system functionalities will overlap, so before going to step two, make sure you know exactly which system is doing what.

2. One concept, one system

Each system in the company should manage it own set of data. The Customer Relationship Management system manages everything that has to do with customers, the Manufacturing system manages everything about jobs and production, etc.

Example of major concepts

  • Customers
  • Suppliers
  • Purchase
  • Materials
  • Human
  • Jobs

Manage each concepts in only one system. For example, all customers’ data is managed by the CRM and then pushed to other systems if necessary.

How to push information from the primary to the secondary system?

You have 2 choices: manually or through bridges between systems.

Bridges are basically software that push information between systems. They’ll ensure that the data is the same in all of them and that it’s copied when an update is made in the main system.

For smaller companies with only a few systems, it may not be worth it to invest in bridges. Instead, you might assign an employee to that task.

3. Keep only active data in your systems

Data may or may not expire; it will be different for each concept and for each company.

For each concept, set a fixed length of time on when the data becomes obsolete. Normally inactive information should expire after an inactivity of three to five years, depending on the business and on the concept. Active information (active clients, employees, …) should never expire. Nowadays, databases are powerful and storage is cheap enough to keep all the active information.

See the article on data life cycle for complete information on this subject.

4. Archive inactive information

Build an archiving system that will store inactive data. Even when the data is irrelevant in your active systems, it does not mean that it should be deleted and that can’t use that information later. Instead, build an archiving system.

Building the actual archiving system is quite easy, while archiving the data can be a little bit trickier. Once or twice a year, ask a database administrator to
export inactive data to the archives, according to your data management policy. Give him specific set of rules and always use a knowledgeable DBA to make sure that active data remains live in your systems.

5. Build a security policy

Data security is essential and should be a major part of your data management policy; define in your data management policy who has access to which information (concept).

Security management can be tricky in an enterprise. The more precise the security rules are, the easier it is on the long-term to make sure that data is accessed only by the right people.

Build security rules for all your systems

Since the information is transferred across many systems, make sure that data is secured across all of them. (who can see it, who can edit, etc.)

Build a complete security policy for each concept – who has access to customers’ information, projects, suppliers, accounting, etc. – and make sure that each system is correctly secured.

How to secure primary and secondary systems

Information in your primary and secondary systems should have the same security rights. Normally it is easier to keep confidential data in the primary system and only transfer non-confidential information in the secondary ones.

For example, keep customers’ sales and other sensitive information in your primary system – and build a complete security policy around it – and only transfer non-sensitive information in the secondary systems, like client’s name, address, etc.

How to secure the archiving system

There are two ways of securing the archiving system:

  1. Have a closed archiving system that is only accessible by database administrators. This way, you can leave you database objects unsecured and only give access to a few people and save a lot of time on security management. The downside of this method is that every time someone needs data, he can’t get access to it right away since he needs to ask to someone else.
  2. Secure the archiving system the same way the other systems are. This method may require a lot of work and will be beneficial only for a few companies. You may also secure a small part of you archiving system and only give access to these parts to employees. For example, giving access to old jobs may be beneficial.

Make sure that data is read-only in the archiving system. If someone wants to update the data, it has to be transferred in the live system and deleted from the  archives, then modified. This reduces the chance of duplicate data and the risk of using outdated information.

Data management policy – Final note

Building a good data management policy ensures that data is relevant, secured and accessible. The policy should be followed carefully by the IT staff.

Related articles

Home > Data Management Plan > Data Management Policy

Latest posts by Erik (see all)