A data governance framework is an organisation’s blueprint for managing data effectively. It defines roles, responsibilities, policies, and procedures. This guide explores four essential questions every robust framework must answer: why govern data, what to govern, who is involved, and how to implement it. We assess leading models—DAMA-DMBOK, COBIT, DCAM, and DGI—and reveal where they fall short on execution. Finally, we introduce the OvalEdge framework: a five-step, real-world approach that brings automation, scalability, and precision to governance.
A data governance framework is the blueprint that defines the roles, responsibilities, policies, and procedures of the data governance initiative, so everyone in the organization knows the plan and is in agreement. It enables you to outline the components of your Data Governance implementation strategy based on the most important use cases.
When you develop a data governance framework for your business the aim is to set out a series of goals and objectives that span the lifecycle of your implementation efforts. Your framework will be unique to your organization and focus on the most critical business requirements.
“Data governance framework” is one of the most searched—and most misunderstood—topics in the data space today.
Each promises structure. Each claims authority. So, the question becomes:
Which one actually works—and how can we tell?
To answer this, we take a step back and ask a fundamental question:
What should a good data governance framework actually answer?
It helps to step back and ask 4 foundational questions:
These four questions offer a practical way to evaluate any data governance framework.
If a framework doesn’t answer all four clearly and practically, it won’t work.
Here’s a quick look at how five well-known data governance frameworks address the four core questions: Why govern data, What to govern, Who should be involved, and How to implement governance in practice.
Let us now review each framework in detail.
DAMA-DMBOK, developed by DAMA International, is one of the most widely recognised frameworks in data governance. It outlines best practices across 11 functional knowledge areas—from data architecture and modelling to governance, quality, and operations—offering a common language for enterprise data management. While it provides a solid foundation and role clarity, it’s more theoretical and lacks detailed guidance on practical execution.
Evaluation Against the Four Questions
Why: DAMA-DMBOK establishes a strong business case for governance, connecting it to decision-making, compliance, risk reduction, and operational gains. Data is positioned as an enterprise asset that must be actively managed and protected.
What: It provides a detailed taxonomy of data functions but doesn’t help teams decide which datasets or systems to govern first. There's no framework for scoping or prioritising governance initiatives across domains or lifecycles.
Who: The framework outlines a robust set of roles, including Data Owners, Stewards, and Custodians. It reinforces accountability across business and IT, though it stops short of detailing how these roles should function in day-to-day operations.
How: DAMA-DMBOK is principles-driven rather than execution-focused. It describes best practices but doesn’t guide how to implement them using modern tooling like data catalogs, lineage platforms, or quality engines. The operationalisation gap remains a key limitation.
COBIT 2019, developed by ISACA, is a widely adopted framework for enterprise governance of information and technology (EGIT). It defines 40 governance and management objectives across five domains, helping organisations align IT goals with business priorities, manage risk, and optimise resources. While it offers a robust structure for high-level governance, COBIT focuses more on defining “what” needs to happen than “how” to operationalise it—particularly in the context of data governance.
Evaluation Against the Four Questions
Why: COBIT makes a compelling case for governance, tying it directly to business goals, stakeholder needs, value delivery, and risk management. Governance is positioned as a board-level responsibility, with clear principles for aligning IT initiatives with enterprise objectives.
What: The framework structures governance around 40 objectives across five domains (EDM, APO, BAI, DSS, MEA), but it doesn’t specify which data assets or domains to govern. Organisations must interpret and adapt these objectives for their data priorities.
Who: COBIT defines roles and responsibilities through governance system components like organisational structures, policies, and processes. However, these are framed broadly at the IT or enterprise level, rather than tailored to program-level roles such as data stewards or governance leads.
How: While COBIT provides maturity models, design factors, and performance metrics, it lacks detail on operational workflows. It doesn't guide the implementation of tools like data catalogs or quality monitors, leaving the execution to individual organisations.
DCAM, developed by the EDM Council, is a comprehensive model used to assess and improve an organisation’s data management maturity. It’s built around 34 capabilities and 100+ sub-capabilities, structured across categories such as governance, architecture, quality, and analytics. The framework is especially prominent in regulated industries like financial services, but its principles apply more broadly. DCAM is valued for its ability to align data practices with business objectives and provide a strong basis for funding and benchmarking.
Evaluation Against the Four Key Questions
Why: DCAM makes a compelling case for why data must be governed, linking governance objectives directly to business strategy, risk management, and value creation. It enables leadership teams to prioritise investment and define the business case for governance.
What: The model outlines broad capabilities—like data architecture, quality, and metadata—but doesn’t get into dataset-level scoping. It leaves data teams without clear direction on which domains, assets, or pipelines to prioritise.
Who: Roles and responsibilities are embedded throughout the capability structure. DCAM promotes shared accountability across business and technology functions, but like other frameworks, it stops short of defining operational roles like stewards or catalog owners.
How: DCAM helps assess maturity—but gives no help on how to do the work. There’s minimal guidance on how to design workflows, embed tools, or operationalise governance tasks like quality enforcement or lineage capture.
CMMI’s Data Management Maturity Model is a maturity-based framework developed to help organisations evolve from fragmented data practices to strategic, enterprise-wide governance. It defines progressive levels of capability across 20+ process areas—covering governance, quality, architecture, and more—making it one of the most structured frameworks in the data management space. Compared to DCAM, DMMM puts more weight on operational rigour and maturity benchmarking, with detailed expectations for each stage of evolution.
Evaluation against the four questions
Why: DMMM frames governance maturity as a key driver of organisational performance. Each stage in the model links governance capabilities to business benefits like risk reduction, regulatory compliance, and better decision-making. It’s not just about process—it's about measurable business impact.
What: Although the model references “critical data,” it doesn’t help teams define what that means in their own context. There's no support for identifying high-value datasets, prioritising business domains, or scoping early-phase governance efforts. This creates ambiguity at the starting point.
Who: DMMM introduces well-defined roles—governance authorities, data stewards, and cross-functional councils—mapped to each maturity level. These roles are integral to capability building, and the model offers a clear path for scaling governance responsibilities over time.
How: The strength of DMMM lies in its structured roadmap. It lays out what maturity looks like across a wide set of practices, with detailed expectations at every stage. However, it doesn't cover the operational “how”—there’s no guidance on implementing tooling, automating workflows, or embedding governance into modern data systems.
Developed by Gwen Thomas, the DGI Framework is one of the most widely referenced models for establishing structured, role-based data governance. It emphasises business alignment, accountability, and standardised decision rights—making it a go-to choice for organisations seeking clarity in ownership and process design. Unlike purely conceptual models, DGI stands out for addressing all four core governance questions in a way that feels grounded and implementable.
Evaluation against the four questions
Why: DGI’s official framework places Mission and Value at the heart of governance, advising that a Data Governance programme should deliver value to the organisation’s products, services, processes, capabilities, and assets while reducing cost, complexity, confusion, and risk.
What: Under the Mission & Value and Work Program components, DGI emphasises that governance should focus on business-critical domains relevant to value or compliance. However, it does not prescribe methods for dataset-level scoping or prioritising systems.
Who: The framework’s Participants and Accountabilities components define a governance hierarchy including a Data Governance Office (DGO), Data Stewards, Data Custodians, and Decision Bodies. Each role has specified decision rights and responsibilities embedded into the programme processes.
How: DGI’s component #8 talks about deploying tools for data governance. But, there’s no direction on how to use these tools.
The DGI Framework is one of the few traditional models that addresses all four foundational questions: Why, What, Who, and How.
However, even though DGI addresses all four questions better than most, it still offers limited guidance on the “How” aspect.
For instance, in its official documentation, the DGI Framework stresses the need to define programme scope carefully:
“Data Governance programs need to be careful when scoping their program.”
— Data Governance Framework Component 9: Data Governance Work Program,
This reinforces the importance of focus and planning. But beyond this, the framework does not provide step-by-step methods for identifying which datasets, domains, or systems should be prioritised.
Similarly, DGI acknowledges the role of tools and supporting processes in execution. In its description of the governance work programme, it states:
“Supported by processes, tools, and communications, the Data Governance Work Program is managed as a Portfolio of Activities, each with its own focus, scope…”
— The DGI Data Governance Framework
While this highlights the importance of tools, it stops short of explaining how to select and operationalise these tools.
This is a common issue across many frameworks: the "why" is clear, but the "how" remains undefined. Without practical implementation steps, even the most well-structured frameworks can struggle to work.
This is precisely where the OvalEdge implementation approach adds value. It picks up where conceptual models drop off, offering a detailed, step-by-step playbook that helps teams scope effectively, leverage tools, automate tasks, and operationalise governance.
Most frameworks cover the ‘why’ and ‘who’. But they miss the two hardest parts: scoping and execution:
Scoping: They advise teams to “start small” or “prioritise by value” without explaining how to translate that into a real plan.
Execution: They stop at recommending actions for data governance activities ( like building lineage, protecting sensitive data, ensuring quality, etc.) but rarely explain how to do these things in practice.
We’ve addressed these gaps with a five-step implementation approach, fully detailed in our whitepaper. Rather than walking through the entire model here, this section focuses on two areas where our approach stands out, supported by real-world examples.
Scoping is where many governance initiatives stumble. Traditional frameworks like DGI urge teams to define their scope based on risk, value, or strategic importance. But they don’t make this step tangible by providing some concrete examples.
Our approach, however, offers concrete examples of scoping for specific business outcomes.
Example: Regulatory Compliance through Targeted Scope
|
Another common failure of traditional governance models is their lack of actionable steps. In comparison, our approach provides step-by-step guidance.
Here are two examples.
Example 1: Automating Data LineageMost frameworks emphasise the importance of lineage, but offer little clarity on how to generate it across a modern data estate. Our approach fills that gap by detailing exactly how to automate lineage. Here’s how you walk teams through this activity in practice:
|
Example 2: Complying with Privacy LawsPrivacy mandates like GDPR and CCPA are often acknowledged in governance frameworks, but the actual steps for implementing compliance are usually missing or left vague. Our approach provides a clear, repeatable sequence for aligning data activities with regulatory expectations. Here’s how you walk teams through privacy compliance in practice:
|
Want the complete step-by-step approach?
Our Implementing Data Governance whitepaper walks you through each phase from setting up the basics to embedding governance into everyday workflows.
What’s Inside:
1. A 5-step, execution-ready approach: Establish, Inventory, Scope, Govern, Consume
2. Real-world examples to illustrate each stage
3. Platform-agnostic guidance you can apply from day one
4. Best practices for automation, tooling, and stakeholder alignment
Get the full playbook. Start turning governance plans into results.
Data governance frameworks serve a crucial purpose. They bring structure, introduce shared language, and align teams around a common vision. Frameworks like DGI do this well; they provide templates, define roles, and offer a logical starting point.
Most frameworks stop at the edge of execution. They give you the strategy, but not the playbook.
This is where OvalEdge bridges the gap. Our implementation approach doesn’t replace models like DGI. It complements them. We translate the big-picture principles into a clear implementation approach.
Execution is where data governance succeeds—or stalls. If you’re ready to move from intent to impact, our five-step model gets you there.