Idea in short

Data Governance Maturity

Data Governance Maturity refers to the stage an organization has reached in the implementation and adoption of Data Governance initiatives. An organization with low Data Governance maturity will have substantial amounts of unorganized data and will not be leveraging this data to achieve business outcomes. In contrast, an organization with higher maturity levels recognize the importance of data as a strategic organizational asset and will invest resources to appropriately govern and manage it.

When organizations reach the highest level of Data Governance maturity, they will see tangible outcomes that are directly attributed to their Data Management and Governance efforts. The organization will better deploy its data assets to drive decision-making, increase revenues, engage with customers, develop compelling products and services, drive innovate and collaborate with internal and external stakeholders, while enhancing their compliance posture and bottom-line.

Data Governance Maturity Models

A Data Governance maturity model is methodology to measure organizations Data Governance initiatives. In mature organizations, the processes to source, manage, access, use and innovate using data assets are in place. Less advanced organizations can use the maturity model to develop a roadmap of initiatives and capabilities that will help them evolve their Data maturity.

There are several popular Data Governance Maturity Models from IBM, Stanford, Gartner, Oracle, etc. These models provide guidance how organizations can effectively manage their data assets to achieve their organizational outcomes. However, considering the diverse nature of organizations, there is no one-size-fits-all model that suits all organizations for data maturity appraisal. Furthermore, none of the maturity models provide the details and concrete initiatives that organizations should launch to evolve their maturity levels. Hence, organizations should choose an appropriate model that reflects their challenges and customize the model to suit their unique needs.

IBM Data Governance Maturity Model

The IBM Data Governance Maturity Model is one the most widely recognized. Developed in 2007, the model is designed to help you determine your progress across 11 core Data Governance areas. These include data awareness and organizational structure, data policy, data stewardship, data quality management, data lifecycle management, IT security and privacy, data architecture, data classification, compliance, value creation, and auditing.

Level 1: Initial

  • Limited to no data processes or governance
  • Data management is ad-hoc and reactive
  • There are no formal procedures for tracking data
  • Deadlines are missed and project budgets are exceeded

Level 2: Managed

  • Users are aware of the business value of data
  • Several data projects, such as mapping data infrastructure, are underway
  • There is a small degree of automation
  • Measures for regulating data have been agreed upon and are available
  • Data teams are beginning to focus on metadata

Level 3: Defined

  • Data policies are well-defined
  • Some data stewards have been identified and appointed
  • There is some data management technology in use
  • A data integration plan is being worked on
  • Users are sharing and understanding data management processes
  • Master data management is commonplace
  • Data quality risk assessment measures are in use

Level 4: Quantitatively managed

  • Data policies are well-defined
  • Enterprise-level Data Governance measures are in place
  • Well-defined data quality goals are in place
  • Data models are readily available
  • Data governance principles drive all data projects
  • Performance management is live and underway

Level 5: Optimizing

  • Data management costs are reduced
  • Automation is commonplace
  • Clear and comprehensive data management principles are adopted company-wide
  • Data governance is part of company culture
  • It’s standard practice to calculate and track ROI on data projects

Gartner Data Governance Maturity Model

Another widely recognized model is the Gartner Data Governance maturity model. Since 2008, the Gartner model has enabled enterprises to achieve five major goals:

  • Company-wide data integration
  • Content unification
  • Master data domain integration
  • Unhindered information channels
  • Metadata management

Level 0: Unaware

  • There is no Data Governance, data ownership, or accountability in place
  • There are no processes or architecture in place for information sharing
  • There is no standardization or metadata management
  • Most archiving and document sharing is completed via email
  • There is no unification and data is fragmented
  • Important business decisions are made using inadequate information

Level 1: Aware

  • The absence of data owners is apparent
  • Business leaders acknowledge the lack of support for Enterprise Information Management (EIM)
  • The value of data is becoming apparent
  • There is a degree of awareness surrounding data quality issues
  • There is awareness surrounding the need for standardized data policies and processes
  • There is awareness of redundant reports and inefficient BI processes
  • The risks of not having EIM in place are becoming clear

Level 2: Reactive

  • Organizations understand the value of company data
  • Data is beginning to be shared across departments, projects, and systems
  • Data quality processes are reactive
  • Policies have been created but adoption is low
  • Data information and retention assessment processes are being developed

Level 3: Proactive

  • Data stewards and owners are identified and active
  • Collaboration is recognized as a key enterprise process
  • Roles and governance models are confirmed
  • There is company-wide compliance with governance protocols
  • Data governance is integral to every project’s development and deployment
  • Operational risks are reduced

Level 4: Managed

  • There is an enterprise-wide acceptance that data is critical
  • Data policies have been developed, initiated, and are well understood
  • A Data Governance body has been created
  • Data metrics are well-defined and accessible

Level 5: Effective

  • Utilizing data and managing information is seen to provide a competitive advantage
  • There are service level agreements (SLAs) in place
  • Achieving productivity targets and risk reduction are two goals linked to EIM strategies
  • The team responsible for EIM is well-established and active
  • Core EIM goals have been achieved

Stanford Data Governance Maturity Model

Developed in 2011 by Stanford University’s Data Governance Office, the model was adapted from other models, such as IBM’s and CMM’s. It is based on the structure of their Data Governance program, with a focus on both foundational and project aspects of Data Governance.

The foundational aspects focus on measuring core Data Governance competencies and development of critical program resources, as follows:

  • Awareness: The extent to which individuals within the organization have knowledge of the roles, rules, and technologies associated with the Data Governance program.
  • Formalization: The extent to which roles are structured in an organization and the activities of the employees are governed by rules and procedures.
  • Metadata: Data that describes other data and IT assets (such as databases, tables and applications) by relating essential business and technical information; and data which facilitates the consistent understanding of the characteristics and usage of data. Technical metadata describes data elements and other IT assets as well as their use, representation, context and interrelations. Business metadata answers who, what, where, when, why and how for users of the data and other IT assets.

The project grouping measure how effectively Data Governance concepts are applied in the course of funded projects:

  • Stewardship: The formalization of accountability for the definition, usage, and quality standards of specific data assets within a defined organizational scope.
  • Data Quality: The continuous process for defining the parameters for specifying acceptable levels of data quality to meet business needs, and for ensuring that data quality meets these levels.
  • Master Data: Business-critical data that is highly shared across the organization. Master data are often codified data, data describing the structure of the organization or key data entities (such as “patient”, “employee”, or “student”).

Next, the following three dimensions further subdivide each of the mentioned six maturity components:

  • People: Roles and organization structures.
  • Policies: Development, auditing and enforcement of data policies, standards and best practices.
  • Capabilities: Enabling technologies and techniques.

Stanford also provides guiding questions for each of the six components across the three dimensions, which are very useful in maturity assessment.

Oracle Data Governance Maturity Model

Oracle states that Data Governance “does not come together all at once” and an iterative approach is needed. To guide organizations in their approaches, Oracle developed its own maturity model to assess the current state maturity of the Data Governance capability. Its model is comprised of 6 levels, or milestones:

Milestone one: None (level 0)

  • No formal governance processes, policies, standards, etc. are in place
  • Data is a by-product of their applications

Milestone two: Initial (level 1)

  • IT has some authority over the data, but has limited influence on business processes which don’t consider the benefits of Data Governance
  • There is some business and IT collaboration, but it is inconsistent across the enterprise as it is more project based
  • Data champions are present in different business areas

Milestone three: Managed (level 2)

  • A few business areas/ departments/ units have data owners and data stewards
  • Some processes are defined at a high level around key systems
  • Data problems are dealt with reactively, without addressing their root cause
  • Standards are starting to be put together at the department or system level

Milestone four: Standardized (level 3)

  • The roles of data stewards are explicitly defines and appointed
  • Cross-functional teams are formed to tackle Data Governance
  • Processes and standards are consistently established across departments
  • A centralized repository of data policies is established
  • Data quality measures are defined, monitored, and improved

Avoid losing track of data quality issues. Here is a free data quality issues log.

Milestone five: Advanced (level 4)

  • Data governance organizational structure is enterprise-wide
  • Data governance is viewed as critical to business across all functions
  • Quantitative goals for processes and data quality are set and met
  • Ownership of data quality and metadata as well as data policy making, lies with the business

Milestone six: Optimized (level 5)

  • Data governance is core to the business process and projects
  • Decisions are informed by data which provide quantifiable benefit/ cost/ risk analysis
  • Processes and policies are firmly established and adopted and continually revised to reflect business goals and objectives

Oracle advocates for the adoption of an on-going program and a continuous improvement process, with milestones to guide the way. To increase maturity, it recommends a three phase approach to Data Governance:

Phase 1: Explore

Build a solid Data Governance foundation and create Data Governance leaders. The key activities are:

  • Understand and prioritize Data Governance needs
  • Assess where business improvement can bring the most benefit
  • Create a planning document for implementation
  • Create or select a framework to ensure the confidentiality, quality, integrity of the data
  • Define the mission and vision for the program
  • Establish and define goals, metrics, success measures, and funding strategies
  • Define data standards, policies, process, etc.
  • Establish a Data Governance council
  • Create a Data Governance communication plan

Phase 2: Expand

Include extending Data Governance coverage from local project implementation to department/ division level. Think globally and act collaboratively cross-division. The key activities are:

  • Establish a centralized data repository
  • Enforce data quality evaluation and automation
  • Deploy tools for more complex data quality improvements
  • Adopt more sophisticated and comprehensive data security tools, processes, and policies
  • Create the process for dealing with data modeling and data architecture changes

Phase 3: Transform

Enterprise-wide Data Governance is established. The key activities are:

  • Develop automated data quality dashboards
  • Optimize Data Governance processes
  • Evaluate and communicate the data asset valuation results to the enterprise
  • The business intelligence landscape has Data Governance at its foundation
  • Manage new data service consumer agreements
  • Create service level agreements (SLAs) around data sharing and data usage

TDWI’s Data Governance Maturity Model

Published in July 2008, the TDWI’s Data Governance maturity model appeared in a white paper on the four imperatives of Data Governance maturity. The model has 6 levels, similar to Oracle’s Data Governance maturity model or the 2008 Gartner EIM maturity model, as well as 2 gaps. As you can see, these levels can be compared to the life stages of a human. TDWI actually refers to them as life-cycle stages. Here they are:

Level 1: Prenatal

At this stage, there are mostly manual and ad-hoc solutions to a business or technology problem.

Level 2: Infant

Business requirements lead to a technology or practice and have a proof-of-concept


Organization needs to institutionalize the solution concepts

Level 3: Child

Expansion of the new technology or practice it committed to

Level 4: Teenager

Growth slows down as it occurs in a few departments or shortlist of IT systems


Enterprise adoption or solution re-architecture

Level 5: Adult

Continue maturing solution best practices and technology implementations

Level 6: Sage

Cross-departmental coordination and technology scalability

TDWI also has a list of 4 domains or Data Governance imperatives and they are action items. 2 fall under organizational imperative and 2 under technical imperatives.

Organizational Imperatives

  1. Maintain a cross-functional team and process
  2. Align with data-intense business initiatives

Technical Imperatives

  1. Govern data usage via technical implementations, and
  2. Automate Data Governance process via technical implementations

The imperatives, as a group, imply a time sequence. For example, it’s obvious that imperative 1 must create a cross-functional team before imperative 2 can align team goals with business initiatives. Less obvious is that imperative 3 should be governing IT systems before imperative 4 starts using IT systems to automate governance processes. Although dependencies like these determine an order for commencing the imperatives, the imperatives must eventually coexist and interact. In the TDWI Data Governance maturity model, each of the 4 Data Governance imperative goes through the 6 levels and 2 gaps outlined above.

TDWI indicates that most organizations are in these middle levels, child and teenager, and that one requires a considerable effort to cross over the chasm and head into the adult and sage levels. As a note, you will be able to find the same life-cycle stages (or levels) being used in other types of models from TDWI such as Business Intelligence and Data Analytics, and Big Data so you will encounter this breakdown in other areas.

DataFlux Maturity Model

Developed by DataFlux in 2007, it was based on their years of experience in developing the core components of Data Governance technology. First presented in their white paper [1]. It had since been revised and updated to include the business perspective that drives the need for managing data as an asset, besides the technology adoption at each phase. The model has 4 levels of maturity with the following characteristics:

Level 1: Undisciplined

  • Little or no rules and policies on data quality and integration
  • Redundant data across multiple different data sources, format and records meeting similar purposes
  • High risk of lost opportunities and incorrect decisions due to poor data quality

Level 2: Reactive

  • Data rules and policies are created at department level
  • Data quality is also mostly addressed at department level
  • Still a lot of poor data quality enterprise-wide

Level 3: Proactive

  • The value of a centralized view of information and knowledge is understood at the enterprise level
  • A data culture is beginning to be adopted across departments

Level 4: Governed

  • Data and information is unified
  • The data strategy and framework is well established and understood
  • Everyone understands information is a key enterprise asset

Each of these phases is evaluated against four major dimensions:

  1. People
  2. Policies
  3. Technology
  4. Risk

The model offers their characteristics at each stage and proposes what needs to be addressed to advanced to the next. Higher levels of maturity yields greater information and knowledge rewards and reductions in risks. The Reactive level is where a Data Governance program is put together. Moving out of the Reactive into the Proactive one is a difficult step. This usually takes 4-5 years.

Open Universiteit Nederland Maturity Model

Published in 2015 by Jan Merkus as part of research for the Open Universiteit Nederland. It is based on the following maturity levels of the Capability Maturity Model (CMM), but applied to the domain of Data Governance.

Level 1: No process

No process at all or no formally organized process, ad-hoc activities only

Level 2: Beginning process

There are attempts for a process, but it’s not consistently documented and it’s mostly reactive

Level 3: Established process

A formalized process is in place used across the organization, but it is not highly detailed or all encompassing

Level 4: Managed process

A formalized process is well established with a clear ownership, which is regularly measured, monitored, controlled, audited and analysed

Level 5: Optimizing process

The overall process is deeply integrated within other business and technical processes as well as within the culture of the organization, it’s mostly automated, continually improving and adapting and constantly reviewed with data stakeholders

The model comes with a self-assessment tool and score for the following dimensions, each with its own set of qualifications, against the 5 maturity levels outlined above:

  • Corporate governance
  • Risk management & compliance
  • People
  • Processes
  • Technology
  • Data assets
  • Business alignment
  • Data governance organization
  • Data management

Ovaledge Data Governance Maturity Model

Neither Gartner nor IBM models provide the detail required to overcome the data management challenges that organizations face. The Ovaledge Data Governance Maturity Model enables organizations to track the progress of their Data Governance initiatives.

Level 1: Unaware

  • Unaware of the importance of data
  • No action taken
  • Processes are reactive and generally chaotic

Level 2: Aware

  • There is an awareness of the importance of data
  • Existing data practices are understood and well documented
  • An inventory of data sources is available

Level 3: Defined

  • Data governance rules and policies are defined
  • Data owners and data stewards are identified
  • A governance committee is set up
  • A data catalog is installed

Level 4: Implemented

  • Data governance policies and implementing rules are enforced
  • There is training conducted
  • Data is collected and measured
  • Alerts are set up to monitor data quality issues raised by users

Level 5: Optimized

  • Rules and policies for better efficiency are optimized
  • Redundancies are reduced with redesigned workflows
  • Data is tagged by users to increase discoverability

The Ovaledge Data Governance Maturity Model should be applied to three core areas of Data Governance: data quality, data access management, and data literacy. The aim is to apply this model to each of the three areas independently and tackle Data Governance progressively.

Kalido Data Governance Maturity Model

Published in September 2010, the Kalido Data Governance Maturity Model is based on Magnitude’s own market research with more than 40 companies at varying stages of maturity. Similar to the DataFlux model, it has 4 stages, which map to the evolution of how organizations treat data assets. The model also offers a free online self-assessment tool.

Here are the stages with their characteristics, outlined across 3 areas:

  1. Organization
  2. Process
  3. Technology

Level 1: Application-Centric

At this stage, some organizations attempt to govern data through enterprise data modeling, which is mostly an academic exercise. Efforts are mostly driven by IT without the broad organizational support and authority to enforce compliance.


  • Authority and data stewardship do not exist
  • There is little or no collaboration between IT and the business
  • Business views data as IT’s responsibility


  • No processes in place for Data Governance


  • Models of data and business processes as well as rules are entirely embedded in applications
  • There are no tools for modeling, managing, and ensuring data quality
  • There are no repositories that capture enterprise-wide, cross-functional views of data

Level 2: Enterprise Repository-Centric

Data governance is typically siloed around individual enterprise repositories, such as a data warehouse or an Enterprise Resource Planning (ERP) system. Also, governance is informal, lacking a distinct organizational structure and clearly defined and executed processes.


  • Some authority for data exists in IT
  • No official recognition of data stewardship, nor defined roles and responsibilities
  • Inconsistent collaboration between IT and business when it comes to data


  • Loosely defined processes exist around enterprise repositories (ex: a data warehouse, master data hub, and large operational systems)
  • Data issues are tackled reactively without addressing the root cause
  • No institutionalized process for making enterprise-wide, business centric decisions for data


  • Data warehouses and/or master data hubs exist
  • Investments in data quality and metadata tools are made around these systems
  • Managing data across multiple systems follow a bottom-up approach with limited influence

Level 3: Policy-Centric

Rather than envisioning ever-larger and more encompassing repositories, organizations put processes in place for defining, implementing and enforcing policies for data. It is acceptable for the same type of data to be stored in multiple places as long as they adhere to the same set of policies. Enterprise repositories continue to be important, but they’re built on governed platforms integrated with enterprise data policies.

Business takes increasing responsibility for data content, and data is widely recognized as one of the most valuable corporate assets throughout the organization


  • A cross-functional Data Governance council is formed
  • Data stewards have defined roles and responsibilities and are explicitly appointed
  • Business is engaged in managing data
  • Data is seen more and more as an asset


  • Processes for policy definition, communication and enforcement are implemented
  • A clear process for reporting and tracking data issues is established: Check out our free data quality issues log template
  • Key enterprise data repositories are governed by a single, streamlined set of governance processes


  • A centralized repository of data policies exists and sets policies in a top-down fashion
  • The process of Data Governance is supported using an automated workflow
  • Data quality is regularly monitored and measured

Level 4: Fully Governed

Over time, the scope of the Data Governance program will increase to cover all major areas of competence: model, quality, security and lifecycle. Clearly defined and enforced policies will cover all high-value data assets, the business processes that produce and consume them and systems that store and manipulate them.

There is a strong culture that values data as a strategic asset. Like human resource management, a distinct data organization with institutionalized governance processes becomes a permanent business function.


  • The Data Governance organizational structure is institutionalized
  • Data governance is seen as business critical and has the same level of importance such as HR and Finance
  • Business takes full ownership for the data and data policy making


  • Data governance is a core business process and always taken into account
  • Decisions are made with quantifiable benefit/cost/risk analysis


  • Business policies for data model, data quality, security, lifecycle management are integrated with user interactions with data
  • Centrally defined policies and rules drive behavior of systems where possible
  • Data are monitored and issues are addressed proactively

DMM Maturity Model

Official Training, Individual Certifications, and Appraisals for the current version of Data Management Maturity are no longer available as of 1 January 2022.The DMM Maturity Model also lays out a number of areas in which an organisation is graded to present an overall level of Data Governance development. ISACA and CMMI merged in 2016. Between them, they have articulated the model for how data can best be obtained, used, kept, and deleted, which is now the gold standard for process improvement. CMMI’s Data Management Maturity (DMM) model is:

a process improvement and capability maturity framework for the management of an organization’s data assets and related activities. It contains best practices for establishing, building, sustaining, and optimizing effective data management across the data lifecycle, from creation through delivery, maintenance, and archiving. The categories consist of:

  1. Data Management Strategy
  2. Data Governance
  3. Data Quality
  4. Data Operations
  5. Platform and Architecture, and
  6. Supporting Processes

Each of these categories is graded on a 5-point scale starting from Level 1 (Performed), ranging to Level 5 (Optimised), the goal of which is to internalise the understanding that data is critical for survival.

The five levels of the CMMI Data Management Maturity Model are:

Level 1: Ad hoc

Processes are performed ad hoc, primarily at the project level. Process discipline is primarily reactive, fixing data issues rather than improving quality processes. Data is considered only from the project, application, or immediate work tasks and not as a strategic resource. Data management is not a board-level initiative or topic.

Level 2: Managed

Processes are now planned and executed within policy guidelines. While there is awareness of the importance of treating data as a critical asset, the skills or tools are still inadequate from an organizational perspective. Senior leadership has begun to take data management seriously and is guided by assessments from consultants or industry standards.

Level 3: Defined

Defined sets of standard processes are now helping to provide a consistent quality of data to help perform business tasks, meet strategic visions or maintain regulatory compliance. Management and governance oversight has been introduced along with monitoring, alerting and feedback loops. Data inconsistencies have the resources, tools, and funding to be addressed for critical datasets.

Level 4: Measured

Process metrics are judged against agreed variances. Data is treated as a source of competitive advantage or as an asset in performing daily tasks. Everyone is using data as a source of information and is concerned about its accuracy and timeliness to perform their work safely and securely. Applications are written to capture data issues that are resolved as quickly as possible to avoid reputational damage or regulatory fines.

Level 5: Optimized

Process performance is continually improved through incremental and innovative improvements driven by feedback obtained via automated tools, peers, industry practices, competitors, and customers. Data is regarded as the critical asset, other than skilled resources, for survival in a volatile economy.


Published by DAMA International in 2009, the DAMA Guide to the Data Management Body of Knowledge (DMBOK) provides a comprehensive overview of the Data Management across nine key practice areas (KPA) in data management:

  • Data Governance
  • Data Development
  • Database Operations Management
  • Data Security Management
  • Reference & Master Data Management
  • Data Warehousing & Business Intelligence Management
  • Document & Content Management
  • Metadata Management
  • Data Quality Management
  • Data Architecture Management

The DAMA DMBOK was not written for the purpose of implementing it into a capability maturity framework for the assessment of an organization’s Data Governance and Data Management abilities. However, it enumerates best practices for the entire field of Data Management, so it lends itself well as a framework and methodology for Data Governance Maturity assessments.


Developed by EDM Council, DCAM™ – the Data Management Capability Assessment Model – is an industry standard framework for Data Management. DCAM defines the scope of capabilities required to establish, enable and sustain a mature Data Management discipline. It addresses the strategies, organizational structures, technology and operational best practices needed to successfully drive Data Management across organizations, and ensures that data can support digital transformation, advanced analytics such as AI and ML, and data ethics.

ARMA International

The ARMA International model is based on the Generally Accepted Recordkeeping Principles: Accountability, Transparency, Integrity, Protection, Compliance, Availability, Retention and Disposition. An organisation is graded on each of these levels on a scale of competency starting with Level 1 (Substandard) which represents a baseline, to Level 5 (Transformational) which represents a data environment in which good governance is so integrated as to be routine.

Think Insights (September 24, 2023) Data Governance Maturity Model. Retrieved from
"Data Governance Maturity Model." Think Insights - September 24, 2023,
Think Insights May 21, 2022 Data Governance Maturity Model., viewed September 24, 2023,<>
Think Insights - Data Governance Maturity Model. [Internet]. [Accessed September 24, 2023]. Available from:
"Data Governance Maturity Model." Think Insights - Accessed September 24, 2023.
"Data Governance Maturity Model." Think Insights [Online]. Available: [Accessed: September 24, 2023]