Microsoft Fabric adoption roadmap: Governance
This article forms part of the Microsoft Fabric adoption roadmap series of articles. For an overview of the series, see Microsoft Fabric adoption roadmap.
Data governance is a broad and complex topic. This article introduces key concepts and considerations. It identifies important actions to take when adopting Microsoft Fabric, but it's not a comprehensive reference for data governance.
As defined by the Data Governance Institute, data governance is "a system of decision rights and accountabilities for information-related processes, executed according to agreed-upon models which describe who can take what actions, with what information, and when, under what circumstances, using what methods."
The term data governance is a misnomer. The primary focus for governance isn't on the data itself. The focus is on governing what users do with the data. Put another way: the true focus is on governing user's behavior to ensure organizational data is well managed.
When focused on self-service data and business intelligence (BI), the primary goals of governance are to achieve the proper balance of:
- User empowerment: Empower the internal user community to be productive and efficient, within requisite guardrails.
- Regulatory compliance: Comply with the organization's industry, governmental, and contractual regulations.
- Internal requirements: Adhere to the organization's internal requirements.
The optimal balance between control and empowerment will differ between organizations. It's also likely to differ among different business units within an organization. You'll be most successful with a platform like Fabric when you put as much emphasis on user empowerment as on clarifying its practical usage within established guardrails.
Think of governance as a set of established guidelines and formalized policies. All governance guidelines and policies should align with your organizational data culture and adoption objectives. Governance is enacted on a day-to-day basis by your system oversight (administration) activities.
When considering data governance in any organization, the best place to start is by defining a governance strategy. By focusing first on the strategic goals for data governance, all detailed decisions when implementing governance policies and processes can be informed by the strategy. In turn, the governance strategy will be defined by the organization's data culture.
Governance decisions are implemented with documented guidance, policies, and processes. Objectives for governance of a self-service data and BI platform, such as Fabric, include:
- Empowering users throughout the organization to use data and make decisions, within the defined boundaries.
- Improving the user experience by providing clear and transparent guidance (with minimal friction) on what actions are permitted, why, and how.
- Ensuring that the data usage is appropriate for the needs of the business.
- Ensuring that content ownership and stewardship responsibilities are clear. For more information, see the Content ownership and management article.
- Enhancing the consistency and standardization of working with data across organizational boundaries.
- Reducing risk of data leakage and misuse of data. For more information, see the information protection and data loss prevention series of articles article.
- Meeting regulatory, industry, and internal requirements for the proper use of data.
A well-executed data governance strategy makes it easier for more users to work with data. When governance is approached from the perspective of user empowerment, users are more likely to follow the documented processes. Accordingly, the users become a trusted partner too.
Governance success factors
Governance isn't well-received when it's enacted with top-down mandates that are focused more on control than empowerment. Governing Fabric is most successful when:
- The most lightweight governance model that accomplishes required objectives is used.
- Governance is approached on an iterative basis and doesn't significantly impede productivity.
- A bottom-up approach to formulating governance guidelines is used whenever practical. The Center of Excellence (COE) and/or the data governance team observes successful behaviors that are occurring within a business unit. The COE then takes action to scale out to other areas of the organization.
- Governance decisions are co-defined with input from different business units before they're enacted. Although there are times when a specific directive is necessary (particularly in heavily regulated industries), mandates should be the exception rather than the rule.
- Governance needs are balanced with flexibility and the ability to be productive.
- Governance requirements can be satisfied as part of users' regular workflow, making it easier for users to do the right thing in the right way with little friction.
- The answer to new requests for data isn't "no" by default, but rather "yes and" with clear, simple, transparent rules for what governance requirements are for data access, usage, and sharing.
- Users that need access to data have incentive to do so through normal channels, complying with governance requirements, rather than circumventing them.
- Governance decisions, policies, and requirements for users to follow are in alignment with organizational data culture goals as well as other existing data governance initiatives.
- Decisions that affect what users can—and can't—do aren't made solely by a system administrator.
Introduce governance to your organization
There are three primary timing methods organizations take when introducing Fabric governance to an organization.
The methods in the above diagram include:
|Roll out Fabric first, then introduce governance: Fabric is made widely available to users in the organization as a new self-service data and BI tool. Then, at some time in the future, a governance effort begins. This method prioritizes agility.|
|Full governance planning first, then roll out Fabric: Extensive governance planning occurs prior to permitting users to begin using Fabric. This method prioritizes control and stability.|
|Iterative governance planning with rollouts of Fabric in stages: Just enough governance planning occurs initially. Then Fabric is iteratively rolled out in stages to individual teams while iterative governance enhancements occur. This method equally prioritizes agility and governance.|
Choose method 1 when Fabric is already used for self-service scenarios, and you're ready to start working in a more efficient manner.
Choose method 2 when your organization already has a well-established approach to governance that can be readily expanded to include Fabric.
Choose method 3 when you want to have a balance of control agility. This balanced approach is the best choice for most organizations and most scenarios.
Each method is described in the following sections.
Method 1: Roll out Fabric first
Method 1 prioritizes agility and speed. It allows users to quickly get started creating solutions. This method occurs when Fabric has been made widely available to users in the organization as a new self-service data and BI tool. Quick wins and some successes are achieved. At some point in the future, a governance effort begins, usually to bring order to an unacceptable level of chaos since the self-service user population didn't receive sufficient guidance.
- Fastest to get started
- Highly capable users can get things done quickly
- Quick wins are achieved
- Higher effort to establish governance once Fabric is used prevalently throughout the organization
- Resistance from self-service users who are asked to change what they've been doing
- Self-service users need to figure out things on their own, which is inefficient and results in inconsistencies
- Self-service users need to use their best judgment, which produces technical debt to be resolved
See other possible cons in the Governance challenges section below.
Method 2: In-depth governance planning first
Method 2 prioritizes control and stability. It lies at the opposite end of the spectrum from method 1. Method 2 involves doing extensive governance planning before rolling out Fabric. This situation is most likely to occur when the implementation of Fabric is led by IT. It's also likely to occur when the organization operates in a highly regulated industry, or when an existing data governance board imposes significant prerequisites and up-front requirements.
- More fully prepared to meet regulatory requirements
- More fully prepared to support the user community
- Favors enterprise content development more than self-service
- Slower to allow the user population to begin to get value and improve decision-making
- Encourages poor habits and workarounds when there's a significant delay in allowing the use of data for decision-making
Method 3: Iterative governance with rollouts
Method 3 seeks a balance between agility and governance. It's an ideal scenario that does just enough governance planning upfront. Frequent and continual governance improvements iteratively occur over time alongside Fabric development projects that deliver value.
- Puts equal priority on governance and user productivity
- Emphasizes a learning as you go mentality
- Encourages iterative releases to groups of users in stages
- Requires a high level of communication to be successful with agile governance practices
- Requires additional discipline to keep documentation and training current
- Introducing new governance guidelines and policies too often causes a certain level of user disruption
For more information about up-front planning, see the Preparing to migrate to Power BI article.
If your organization has implemented Fabric without a governance approach or strategic direction (as described above by method 1), there could be numerous challenges requiring attention. Depending on the approach that you've taken and your current state, some of the following challenges could be applicable to your organization.
- Lack of a cohesive data governance strategy that aligns with the business strategy
- Lack of executive support for governing data as a strategic asset
- Insufficient adoption planning for advancing adoption and the maturity level of BI and analytics
- Lack of aligned priorities between centralized teams and business units
- Lack of identified champions with sufficient expertise and enthusiasm throughout the business units to advance organizational adoption objectives
- Lack of awareness of self-service best practices
- Resistance to following newly introduced governance guidelines and policies
- Duplicate effort spent across business units
- Lack of clear accountability, roles, and responsibilities
- Lack of clearly defined processes resulting in chaos and inconsistencies
- Lack of standardization or repeatability
- Insufficient ability to communicate and share lessons learned
- Lack of documentation and over-reliance on tribal knowledge
- Inability to comply with security and privacy requirements
Data quality and data management challenges
- Sprawl of data and reports
- Inaccurate, incomplete, or outdated data
- Lack of trust in the data, especially for content produced by self-service content creators
- Inconsistent reports produced without sufficient data validation
- Valuable data not used or difficult to access
- Fragmented, siloed, and duplicated data
- Lack of data catalog, inventory, glossary, or lineage
- Unclear data ownership and stewardship
Skills and data literacy challenges
- Varying levels of ability to interpret, create, and communicate with data effectively
- Varying levels of technical skillsets and skill gaps
- Lack of ability to confidently manage data diversity and volume
- Underestimating the level of complexity for BI solution development and management throughout its entire lifecycle
- Short tenure with continual staff transfers and turnover
- Coping with the speed of change for cloud services
Identifying your current challenges—as well as your strengths—is essential to do proper governance planning. There's no single straightforward solution to the challenges listed above. Each organization needs to find the right balance and approach that solves the challenges that are most important to them. The challenges presented above will help you identify how they might affect your organization, so you can start thinking about what the right solution is for your circumstances.
Some organizations have implemented Fabric without a governance approach or clear strategic direction (as described above by method 1). In this case, the effort to begin governance planning can be daunting.
If a formal governance body doesn't currently exist in your organization, then the focus of your governance planning and implementation efforts will be broader. If, however, there's an existing data governance board in the organization, then your focus is primarily to integrate with existing practices and customize them to accommodate the objectives for self-service and enterprise data and BI scenarios.
Governance is a big undertaking, and it's never completely done. Relentlessly prioritizing and iterating on improvements will make the scope more manageable. If you track your progress and accomplishments each week and each month, you'll be amazed at the impact over time. The maturity levels at the end of each article in this series can help you to assess where you are currently.
Some potential governance planning activities and outputs that you might find valuable are described next.
- Conduct a series of workshops to gather information and assess the current state of data culture, adoption, and data and BI practices. For guidance about how to gather information and define the current state of BI adoption, including governance, see BI strategic planning.
- Use the current state assessment and information gathered to define the desired future state, including governance objectives. For guidance about how to use this current state definition to decide on your desired future state, see BI tactical planning.
- Validate the focus and scope of the governance program.
- Identify existing bottom-up initiatives in progress.
- Identify immediate pain points, issues, and risks.
- Educate senior leadership about governance, and ensure executive sponsorship is sufficient to sustain and grow the program.
- Clarify where Power BI fits in to the overall BI and analytics strategy for the organization.
- Assess internal factors such as organizational readiness, maturity levels, and key challenges.
- Assess external factors such as risk, exposure, regulatory, and legal requirements—including regional differences.
- Business case with cost/benefit analysis
- Approved governance objectives, focus, and priorities that are in alignment with high-level business objectives
- Plan for short-term goals and priorities (quick wins)
- Plan for long-term and deferred goals and priorities
- Success criteria and measurable key performance indicators (KPIs)
- Known risks documented with a mitigation plan
- Plan for meeting industry, governmental, contractual, and regulatory requirements that impact BI and analytics in the organization
- Funding plan
- Establish a governance board and identify key stakeholders.
- Determine focus, scope, and a set of responsibilities for the governance board.
- Establish a COE.
- Determine focus, scope, and a set of responsibilities for COE.
- Define roles and responsibilities.
- Confirm who has decision-making, approval, and veto authority.
- Charter for the governance board
- Charter and priorities for the COE
- Staffing plan
- Roles and responsibilities
- Accountability and decision-making matrix
- Communication plan
- Issue management plan
Policies and processes
- Analyze immediate pain points, issues, risks, and areas to improve the user experience.
- Prioritize data policies to be addressed by order of importance.
- Identify existing processes in place that work well and can be formalized.
- Determine how new data policies will be socialized.
- Decide to what extent data policies might differ or be customized for different groups.
- Process for how data policies and documentation will be defined, approved, communicated, and maintained
- Plan for requesting valid exceptions and departures from documented policies
The implementation of the governance program should be planned and managed as a series of projects.
- Establish a timeline with priorities and milestones.
- Identify related initiatives and dependencies.
- Identify and coordinate with existing bottom-up initiatives.
- Create an iterative project plan that's aligned with high-level prioritization.
- Obtain budget approval and funding.
- Establish a tangible way to track progress.
- Project plan with iterations, dependencies, and sequencing
- Cadence for retrospectives with a focus on continual improvements
The scope of activities listed above that will be useful to take on will vary considerably between organizations. If your organization doesn't have existing processes and workflows for creating these types of outputs, refer to the guidance found in the adoption roadmap conclusion for some helpful resources, as well as the implementation planning BI strategy articles.
All governance decisions should be in alignment with the established goals for organizational adoption. Once the strategy is clear, more tactical governance decisions will need to be made which affect the day-to-day activities of the self-service user community. These types of tactical decisions correlate directly to the data policies that get created.
How we go about making governance decisions depends on:
- Who owns and manages the data and BI content? The Content ownership and management article introduced three types of strategies: business-led self-service, managed self-service, and enterprise. Who owns and manages the content has a significant impact on governance requirements.
- What is the scope for delivery of the data and BI content? The Content delivery scope article introduced four scopes for delivery of content: personal, team, departmental, and enterprise. The scope of delivery has a considerable impact on governance requirements.
- What is the data subject area? The data itself, including its sensitivity level, is an important factor. Some data domains inherently require tighter controls. For instance, personally identifiable information (PII), or data subject to regulations, should be subject to stricter governance requirements than less sensitive data.
- Is the data, and/or the BI solution, considered critical? If you can't make an informed decision easily without this data, you're dealing with critical data elements. Certain reports and apps could be deemed critical because they meet a set of predefined criteria. For instance, the content is delivered to executives. Predefined criteria for what's considered critical helps everyone have clear expectations. Critical data is usually subject to stricter governance requirements.
Different combinations of the above four criteria will result in different governance requirements for Fabric content.
Key Fabric governance decisions
As you explore your goals and objectives and pursue more tactical data governance decisions as described above, it will be important to determine what the highest priorities are. Deciding where to focus your efforts can be challenging.
The following list includes items that you might choose to prioritize when introducing governance for Fabric.
- Recommendations and requirements for content ownership and management
- Recommendations and requirements for content delivery scope
- Recommendations and requirements for content distribution and sharing with colleagues, as well as for external users, such as customers, partners, or vendors
- How users are permitted to work with regulated data and highly sensitive data
- Allowed use of unverified data sources that are unknown to IT
- When manually maintained data sources, such as Excel or flat files, are permitted
- Who is permitted to create a workspace
- How to manage workspaces effectively
- How personal workspaces are effectively used
- Which workspaces are assigned to Fabric capacity
- Who is allowed to be a Fabric administrator
- Security, privacy, and data protection requirements, and allowed actions for content assigned to each sensitivity label
- Allowed or encouraged use of personal gateways
- Allowed or encouraged use of self-service purchasing of user licenses
- Requirements for who can certify content, as well as requirements that must be met
- Application lifecycle management for managing content through its entire lifecycle, including development, test, and production stages
- Additional requirements applicable to critical content, such as data quality verifications and documentation
- Requirements to use standardized master data and common data definitions to improve consistency across data assets
- Recommendations and requirements for use of external tools by advanced content creators
If you don't make governance decisions and communicate them well, users will use their own judgment for how things should work—and that often results in inconsistent approaches to common tasks.
Although not every governance decision needs to be made upfront, it's important that you identify the areas of greatest risk in your organization. Then, incrementally implement governance policies and processes that will deliver the most impact.
A data policy is a document that defines what users can and can't do. You might call it something different, but the goal remains the same: when decisions—such as those discussed in the previous section—are made, they're documented for use and reference by the community of users.
A data policy should be as short as possible. That way, it's easy for people to understand what is being asked of them.
A data policy should include:
- Policy name, purpose, description, and details
- Specific responsibilities
- Scope of the policy (organization-wide versus departmental-specific)
- Audience for the policy
- Policy owner, approver, and contact
- How to request an exception
- How the policy will be audited and enforced
- Regulatory or legal requirements met by the policy
- Reference to terminology definitions
- Reference to any related guidelines or policies
- Effective date, last revision date, and change log
Locate, or link to, data policies from your centralized portal.
Here are three common data policy examples you might choose to prioritize.
|Data ownership policy||Specifies when an owner is required for a data asset, and what the data owner's responsibilities include, such as: supporting colleagues who view the content, maintaining appropriate confidentiality and security, and ensuring compliance.|
|Data certification (endorsement) policy||Specifies the process that is followed to certify content. Requirements might include activities such as: data accuracy validation, data source and lineage review, technical review of the data model, security review, and documentation review.|
|Data classification and protection policy||Specifies activities that are allowed and not allowed per classification (sensitivity level). It should specify activities such as: allowed sharing with external users, with or without a non-disclosure agreement (NDA), encryption requirements, and ability to download the data. Sometimes, it's also called a data handling policy or a data usage policy. For more information, see the Information protection for Power BI article.|
Having a lot of documentation can lead to a false sense that everything is under control, which can lead to complacency. The level of engagement that the COE has with the user community is one way to improve the chances that governance guidelines and policies are consistently followed. Auditing and monitoring activities are also important.
Scope of policies
Governance decisions will rarely be one-size-fits-all across the entire organization. When practical, it's wise to start with standardized policies, and then implement exceptions as needed. Having a clearly defined strategy for how policies will be handled for centralized and decentralized teams will make it much easier to determine how to handle exceptions.
Pros of organization-wide policies:
- Much easier to manage and maintain
- Greater consistency
- Encompasses more use cases
- Fewer policies overall
Cons of organization-wide policies:
- Less autonomy and empowerment
Pros of departmental-scope policies:
- Expectations are clearer when tailored to a specific group
- Customizable and flexible
Cons of departmental-scope policies:
- More work to manage
- More policies that are siloed
- Potential for conflicting information
- Difficult to scale more broadly throughout the organization
Finding the right balance of standardization and customization for supporting self-service data and BI across the organization can be challenging. However, by starting with organizational policies and mindfully watching for exceptions, you can make meaningful progress quickly.
Staffing and accountability
The organizational structure for data governance varies substantially between organizations. In larger organizations there might be a data governance office with dedicated staff. Some organizations have a data governance board, council, or steering committee with assigned members coming from different business units. Depending on the extent of the data governance body within the organization, there could be an executive team separate from a functional team of people.
Regardless of how the governance body is structured, it's important that there's a person or group with sufficient influence over data governance decisions. This person should have authority to enforce those decisions across organizational boundaries.
Checks and balances
Governance accountability is about checks and balances.
Starting at the bottom, the levels in the above diagram include:
|Operational - Business units: Level 1 is the foundation of a well-governed system, which includes users within the business units performing their work. Self-service data and BI creators have a lot of responsibilities related to authoring, publishing, sharing, security, and data quality. Self-service data and BI consumers also have responsibilities for the proper use of data.|
|Tactical - Supporting teams: Level 2 includes several groups that support the efforts of the users in the business units. Supporting teams include the COE, enterprise data and BI, the data governance office, as well as other ancillary teams. Ancillary teams can include IT, security, HR, and legal. A change control board is included here as well.|
|Tactical - Audit and compliance: Level 3 includes internal audit, risk management, and compliance teams. These teams provide guidance to levels 1 and 2. They also provide enforcement when necessary.|
|Strategic - Executive sponsor and steering committee: The top level includes the executive-level oversight of strategy and priorities. This level handles any escalated issues that couldn't be solved at lower levels. Therefore, it's important to have a leadership team with sufficient authority to be able to make decisions when necessary.|
Everyone has a responsibility to adhere to policies for ensuring that organizational data is secure, protected, and well-managed as an organizational asset. Sometimes this is cited as everyone is a data steward. To make this a reality, start with the users in the business units (level 1 described above) as the foundation.
Roles and responsibilities
Once you have a sense for your governance strategy, roles and responsibilities should be defined to establish clear expectations.
Governance team structure, roles (including terminology), and responsibilities vary widely among organizations. Very generalized roles are described in the table below. In some cases, the same person could serve multiple roles. For instance, the Chief Data Officer (CDO) could also be the executive sponsor.
|Chief Data Officer or Chief Analytics Officer||Defines the strategy for use of data as an enterprise asset. Oversees enterprise-wide governance guidelines and policies.|
|Data governance board||Steering committee with members from each business unit who, as domain owners, are empowered to make enterprise governance decisions. They make decisions on behalf of the business unit and in the best interest of the organization. Provides approvals, decisions, priorities, and direction to the enterprise data governance team and working committees.|
|Data governance team||Creates governance policies, standards, and processes. Provides enterprise-wide oversight and optimization of data integrity, trustworthiness, privacy, and usability. Collaborates with the COE to provide governance education, support, and mentoring to data owners and content creators.|
|Data governance working committees||Temporary or permanent teams that focus on individual governance topics, such as security or data quality.|
|Change management board||Coordinates the requirements, processes, approvals, and scheduling for release management processes with the objective of reducing risk and minimizing the impact of changes to critical applications.|
|Project management office||Manages individual governance projects and the ongoing data governance program.|
|Fabric executive sponsor||Promotes adoption and the successful use of Fabric. Actively ensures that Fabric decisions are consistently aligned with business objectives, guiding principles, and policies across organizational boundaries. For more information, see the Executive sponsorship article.|
|Center of Excellence||Mentors the community of creators and consumers to promote the effective use of Fabric for decision-making. Provides cross-departmental coordination of Fabric activities to improve practices, increase consistency, and reduce inefficiencies. For more information, see the Center of Excellence article.|
|Fabric champions||A subset of content creators found within the business units who help advance the adoption of Fabric. They contribute to data culture growth by advocating the use of best practices and actively assisting colleagues. For more information, see the Community of practice article.|
|Fabric administrators||Day-to-day-system oversight responsibilities to support the internal processes, tools, and people. Handles monitoring, auditing, and management. For more information, see the System oversight article.|
|Information technology||Provides occasional assistance to Fabric administrators for services related to Fabric, such as Microsoft Entra ID (previously known as Azure Active Directory), Microsoft 365, Teams, SharePoint, or OneDrive.|
|Risk management||Reviews and assesses data sharing and security risks. Defines ethical data policies and standards. Communicates regulatory and legal requirements.|
|Internal audit||Auditing of compliance with regulatory and internal requirements.|
|Data steward||Collaborates with governance committee and/or COE to ensure that organizational data has acceptable data quality levels.|
|All BI creators and consumers||Adheres to policies for ensuring that data is secure, protected, and well-managed as an organizational asset.|
Name a backup for each person in key roles, for example, members of the data governance board. In their absence, the backup person can attend meetings and make time-sensitive decisions when necessary.
Considerations and key actions
Checklist - Considerations and key actions you can take to establish or strengthen your governance initiatives.
- Align goals and guiding principles: Confirm that the high-level goals and guiding principles of the data culture goals are clearly documented and communicated. Ensure that alignment exists for any new governance guidelines or policies.
- Understand what's currently happening: Ensure that you have a deep understanding of how Fabric is currently used for self-service and enterprise data and BI scenarios. Document opportunities for improvement. Also, document strengths and good practices that would be helpful to scale out more broadly.
- Prioritize new governance guidelines and policies: For prioritizing which new guidelines or policies to create, select an important pain point, high priority need, or known risk for a data domain. It should have significant benefit and can be achieved with a feasible level of effort. When you implement your first governance guidelines, choose something users are likely to support because the change is low impact, or because they are sufficiently motivated to make a change.
- Create a schedule to review policies: Determine the cadence for how often data policies are reevaluated. Reassess and adjust when needs change.
- Decide how to handle exceptions: Determine how conflicts, issues, and requests for exceptions to documented policies will be handled.
- Understand existing data assets: Confirm that you understand what critical data assets exist. Create an inventory of ownership and lineage, if necessary. Keep in mind that you can't govern what you don't know about.
- Verify executive sponsorship: Confirm that you have support and sufficient attention from your executive sponsor, as well as from business unit leaders.
- Prepare an action plan: Include the following key items:
- Initial priorities: Select one data domain or business unit at a time.
- Timeline: Work in iterations long enough to accomplish meaningful progress, yet short enough to periodically adjust.
- Quick wins: Focus on tangible, tactical, and incremental progress.
- Success metrics: Create measurable metrics to evaluate progress.
Questions to ask
Use questions like those found below to assess governance.
- At a high level, what's the current governance strategy? To what extent is the purpose and importance of this governance strategy clear to both end users and the central data and BI teams?
- In general, is the current governance strategy effective?
- What are the key regulatory and compliance criteria that the organization (or specific business units) must adhere to? Where's this criteria documented? Is this information readily available to people who work with data and share data items as a part of their role?
- How well does the current governance strategy align to the user's way of working?
- Is a specific role or team responsible for governance in the organization?
- Who has the authority to create and change governance policies?
- Do governance teams use Microsoft Purview or another tool to support governance activities?
- What are the prioritized governance risks, such as risks to security, information protection, and data loss prevention?
- What's the potential business impact of the identified governance risks?
- How frequently is the governance strategy re-evaluated? What metrics are used to evaluate it, and what mechanisms exist for business users to provide feedback?
- What types of user behaviors create risk when users work with data? How are those risks mitigated?
- What sensitivity labels are in place, if any? Are data and BI decision makers aware of sensitivity labels and the benefits to the business?
- What data loss prevention policies are in place, if any?
- How is "Export to Excel" handled? What steps are taken to prevent data loss prevention? What's the prevalence of "Export to Excel"? What do people do with data once they have it in Excel?
- Are there practices or solutions that are out of regulatory compliance that must be urgently addressed? Are these examples justified with an explanation of the potential business impact, should they not be addressed?
"Export to Excel" is typically a controversial topic. Often, business users focus on the requirement to have "Export to Excel" possible in BI solutions. Enabling "Export to Excel" can be counter-productive because a business objective isn't to get data into Excel. Instead, define why end users need the data in Excel. Ask what they do with the data once it's in Excel, which business questions they try to answer, what decisions they make, and what actions they take with the data.
Focusing on business decisions and actions helps steer focus away from tools and features and toward helping people achieve their business objectives.
The following maturity levels will help you assess the current state of your governance initiatives.
|Level||State of governance|
|100: Initial||• Due to a lack of governance planning, the good data management and informal governance practices that are occurring are overly reliant on judgment and experience level of individuals.
• There's a significant reliance on undocumented tribal knowledge.
|200: Repeatable||• Some areas of the organization have made a purposeful effort to standardize, improve, and document their data management and governance practices.
• An initial governance approach exists. Incremental progress is being made.
|300: Defined||• A complete governance strategy with focus, objectives, and priorities is enacted and broadly communicated.
• Specific governance guidelines and policies are implemented for the top few priorities (pain points or opportunities). They're actively and consistently followed by users.
• Roles and responsibilities are clearly defined and documented.
|400: Capable||• All Fabric governance priorities align with organizational goals and business objectives. Goals are reassessed regularly.
• Processes exist to customize policies for decentralized business units, or to handle valid exceptions to standard governance policies.
• It's clear where Fabric fits into the overall data and BI strategy for the organization.
• Fabric activity log and API data is actively analyzed to monitor and audit Fabric activities. Proactive action is taken based on the data.
|500: Efficient||• Regular reviews of KPIs or OKRs evaluate measurable governance goals. Iterative, continual progress is a priority.
• Agility and implementing continual improvements from lessons learned (including scaling out methods that work) are top priorities for the COE.
• Fabric activity log and API data is actively used to inform and improve adoption and governance efforts.
In the next article in the Microsoft Fabric adoption roadmap series, learn about mentoring and user enablement.