Data Governance Frameworks: DAMA-DMBOK, DCAM, EDM Council

Data governance is the organizational capability that ensures data is managed as a strategic asset. It is not a tool purchase or a one-time project. It is a sustained practice combining policies, roles, processes, and technology. Three major frameworks provide structure: DAMA-DMBOK, DCAM, and the EDM Council's CDMC. Each has different strengths and target audiences.

Framework Comparison Table

Dimension	DAMA-DMBOK 2	DCAM (EDM Council)	CDMC (EDM Council)	Stanford Model
Full name	Data Management Body of Knowledge	Data Management Capability Assessment Model	Cloud Data Management Capabilities	Stanford Data Governance Maturity
Publisher	DAMA International	EDM Council	EDM Council	Stanford University
Scope	Comprehensive DM reference	Financial services focus	Cloud-native governance	Academic/general
Structure	11 knowledge areas	8 components, 37 capabilities	6 key themes, 14 controls	5 maturity levels
Assessment	No formal scoring	Quantitative scoring (1-5)	Control-based assessment	Maturity levels 1-5
Industry focus	Cross-industry	Financial services	Cross-industry (cloud)	Cross-industry
Best for	Building a DM curriculum	Benchmarking maturity	Cloud migration governance	Quick maturity assessment
Certification	CDMP (Certified DM Professional)	DCAM Assessment	CDMC Assessment	None
Cost	Book ( $60) + cert ($ 400)	Membership-based	Membership-based	Free

DAMA-DMBOK 2: The 11 Knowledge Areas

Knowledge Area	Description	Key Activities	Tools & Technologies
Data Governance	Decision-making authority for data	Policies, stewardship, issue resolution	Collibra, Alation, Atlan
Data Architecture	Blueprint for managing data assets	Modeling, integration patterns, standards	ERwin, dbt, draw.io
Data Modeling & Design	Conceptual, logical, physical models	Entity modeling, normalization, schemas	ERwin, dbdiagram.io, dbt
Data Storage & Operations	Database management and operations	Backup, recovery, performance tuning	PostgreSQL, ClickHouse, S3
Data Security	Privacy, confidentiality, access	Encryption, masking, RBAC	Vault, IAM, Privacera
Data Integration & Interop	Moving and combining data	ETL/ELT, APIs, CDC, data sharing	Airbyte, Debezium, Kafka
Document & Content Mgmt	Unstructured data governance	Taxonomy, retention, search	SharePoint, Confluence
Reference & Master Data	Golden records, shared definitions	MDM, entity resolution, matching	Informatica MDM, Tamr
Data Warehousing & BI	Analytical data management	Dimensional modeling, reporting	Snowflake, dbt, Superset
Metadata Management	Data about data	Catalogs, lineage, discovery	OpenMetadata, DataHub
Data Quality	Fitness for purpose	Profiling, cleansing, monitoring	Great Expectations, Soda

Governance Org Structure Options

Option A: Centralized                Option B: Federated
========================             ========================
       CDO / Head of Data                  CDO / Head of Data
            |                                     |
    Data Governance Office             Data Governance Council
     |      |       |                  (representatives per domain)
   Policy  Stewards  Quality                |         |
                                     Domain 1     Domain 2
                                     Steward      Steward
                                        |            |
                                     Local DQ     Local DQ

Option C: Hybrid (Recommended)
================================
           CDO / Head of Data
                  |
     Central Governance Team (policies, standards, tooling)
                  |
    +-------------+-------------+
    |             |             |
Domain A      Domain B      Domain C
Steward +     Steward +     Steward +
Local team    Local team    Local team

Policy Template Catalog

Policy	Purpose	Owner	Review Cadence
Data Classification Policy	Define sensitivity levels (public/internal/confidential/restricted)	CISO + CDO	Annual
Data Retention Policy	How long to keep data, when to archive/delete	Legal + CDO	Annual
Data Access Policy	Who can access what data and under what conditions	CDO + Security	Semi-annual
Data Quality Policy	Standards for quality dimensions and remediation processes	CDO + Domain leads	Annual
Data Sharing Policy	Rules for sharing data internally and externally	CDO + Legal	Annual
Acceptable Use Policy	How data may and may not be used	CDO + Compliance	Annual
Data Privacy Policy	GDPR/CCPA compliance, consent management, DPIA requirements	DPO + Legal	Semi-annual
Master Data Policy	Golden record standards, entity resolution rules	CDO + Domain leads	Annual

Maturity Assessment (5-Level Model)

Level	Name	Data Governance	Data Quality	Metadata	Security	Score Range
1	Initial	No formal governance	Reactive fixes	No catalog	Basic access controls	0-20
2	Managed	Policies exist on paper	Some monitoring	Manual documentation	Role-based access	21-40
3	Defined	Active stewards, governance council	Automated checks	Catalog implemented	Classification + masking	41-60
4	Quantified	KPIs tracked, issues resolved SLA	Data contracts, SLAs	Lineage tracked	Zero-trust principles	61-80
5	Optimized	Continuous improvement, culture embedded	Predictive quality	Full observability	Automated compliance	81-100

RACI Matrix Template

Activity	CDO	Data Steward	Data Engineer	Domain Owner	Legal/Compliance	Security
Define governance policies	A	C	I	C	C	C
Classify data assets	A	R	C	C	C	I
Monitor data quality	I	R	R	A	I	I
Manage access controls	C	I	R	A	I	R
Respond to data incidents	I	R	R	A	C	C
Conduct data audits	A	R	C	C	R	C
Manage data retention	A	R	R	C	R	I
Train staff on data policies	A	R	I	C	C	I

Legend: R = Responsible, A = Accountable, C = Consulted, I = Informed