Gartner Blog Network


When Information Governance and Stewardship Efforts Differ…do they?

by Andrew White  |  April 25, 2014  |  6 Comments

I was talking with a bank the other day and we agreed on something that, to me at least, was an interesting “ah ha” moment that happened to play into a hot topics today in general.  The topic in general is – what is information governance and why and where is information stewardship different?

The point where this distinction became clear to me (the ‘ah ha”, I guess) relates to 3rd party reference data.  Many banks will source reference data (lists of instruments or product definitions for regulatory reporting purposes; external price points for commodity trading; even customer definition lists) and use that data within their business systems, as well as data warehouses for reporting.  This data is often sourced from several 3rd parties – and in some cases the data is used to compare to others, in order to come up with a truest, usable consolidated set of reference data. 

Information Governance won’t know up front that some data will be sourced externally, or internally.  But Information Governance would (and should) sign-off on the proposal that says, as part of the proposed MDM or Information Governance program, some data is to be managed from within, while some other data is to be managed from without.  The source, the development of the definition of the 3rd party data, won’t be done by the internal team.  They will make assumptions, and test them against that 3rd party data.  Thus the work that “goes into” the policy setting will differ to the data that is to be managed from within.

But the point that came out in our conversation was this (and I paraphrase):

  • You don’t govern trusted 3rd party data the same way you need to govern your own internally generated and mastered information (assets), and
  • You do need to emphasize stewardship of 3rd party data, and in fact very probably treat it as any other internally generated and governed information (assets).

Stewardship is about policy enforcement.  As such the source of data will influence the tools and practices we use to monitor and enforce policy related to this data, but we will still monitor that data, and its use, quality, performance etc.  We were hard pressed to find any major difference – lessening or increasing – of the work of stewardship given the data was obtained from a 3rd party.

I think my conclusions make sense here – but I am not 100% sure.  What do you think?  Anyone seen anything differently, either at the detailed or less granular level?

Category: enterprise-information-management-eim  information-governance  information-stewardship  information-trust  

Andrew White
Research VP
8 years at Gartner
22 years IT industry

Andrew White is a research vice president and agenda manager for MDM and Analytics at Gartner. His main research focus is master data management (MDM) and the drill-down topic of creating the "single view of the product" using MDM of product data. He was co-chair… Read Full Bio


Thoughts on When Information Governance and Stewardship Efforts Differ…do they?


  1. […] I was talking with a bank the other day and we agreed on something that, to me at least, was an interesting “ah ha” moment that happened to play into a hot topics today in general. The topic in general is – what is information governance and why and where is information stewardship different?  […]

  2. Judi Vernau says:

    In my view stewardship is a part of information governance. First you need to know what information you’ve got within the organization, so you need to carry out an information inventory (some people call this an audit, but to my mind that’s more about data quality, like auditing your financials). The inventory identifies all the different information collections, which will include the fact that some may originate outside the organisation. Each collection, whether originated internally or externally needs an owner (someone who formally is responsible) and a steward (who looks after it on a day to day basis). You’re right that of course neither can govern the creation of the external content, but there should be governance in place around what happens when it comes into the organisation. This was very clear when I did a full scale inventory for what used to be the NHS Information Centre – we needed strong governance around all the health data coming in for analysis, and we also needed to know how each data set related to other data sets. The same has been true for other clients who receive data or documents and store them inhouse – DPA, copyright and other laws apply, but also you need to understand exactly what the information is and how it relates to other information, establish roles and responsibilities around it, and ensure that it can be found and used by those who need to access it .

  3. Andrew White says:

    HI Judi,

    Thanks for leaving the post. Yes, we agree – information stewardship is part of information governance. In fact we made a rod for our own back on this one. We have a “building block” called “Information Governance” and ‘inside’ are both ‘information governance’ and ‘information stewardship’. But of a mess, naming wise, I have to agree. Your points about the information inventory are spot on. This is a key step in any information management program – especially one that has a strong governance overlay or component. I hear a number of end-user’s talk about such efforts so your points are very apropos. Thanks again.

  4. Hi Andrew.
    I think it’s necessary a Data Architecture to articulate this relationship between processes (information governance) and rules & responsibilities (stewardship).

    What you think about it?

  5. Andrew White says:

    Hi Fabiano, yes a data architect or information architect can help here for sure. I have seen several that have the experience and knowledge to do this – good suggestion. What do we do though when such individuals are not around? Relay on 3rd party resources to educate the organization? I guess so…. Thanks for dropping by!



Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.