Governance (14%) - Domain #5

Data management

The practice of collecting, organizing, protecting, and maintaining an organization's data throughout its lifecycle

Data flow diagram

A visual representation showing how data moves through a system — including inputs, processes, outputs, and storage

Data explainability report

A document that explains how data was collected, processed, and used to produce specific results or insights

Data dictionary

A reference document defining the meaning, format, data type, and relationships of each data element in a system

Hierarchy structure (data documentation)

A document or model showing the organizational levels and parent-child relationships within data

Data lineage

Tracking a data element's origin, all transformations applied to it, and its movement through systems over time

Source of truth

A single authoritative data source trusted as the most accurate and reliable version of data in an organization

Data versioning

Managing and tracking different states of a dataset over time using snapshots or scheduled refresh intervals

Metadata

Data about data — descriptive information providing context such as file size, creation date, author, or format

Snapshot (data management)

A copy of data captured at a specific point in time — preserved for auditing, comparison, or recovery purposes

Refresh interval

The scheduled frequency at which a dataset or dashboard is updated with newly available data

Data retention

Policies specifying how long data must be stored before it can legally or safely be deleted or archived

GDPR (General Data Protection Regulation)

A European Union regulation governing the collection, processing, and storage of personal data for EU residents

Jurisdictional requirements

Legal and regulatory data rules that vary by country or region — governing how data must be handled locally

Data ethics

The moral principles guiding responsible data collection, use, sharing, and storage to protect individuals and society

PCI DSS (Payment Card Industry Data Security Standard)

A security standard requiring specific data protections for organizations that store, process, or transmit credit card data

Data audit

A systematic review of an organization's data to assess its accuracy, completeness, compliance, and security

Data classification

Categorizing data based on its sensitivity, value, and required level of protection — such as public, internal, or confidential

Data breach (incident reporting)

An unauthorized access to or exposure of sensitive data that must be reported to affected parties and regulators

Security incident (incident reporting)

An event that compromises the confidentiality, integrity, or availability of data or IT systems

RBAC (Role-Based Access Control)

A security model that restricts access to data and systems based on a user's assigned role within the organization

Encryption in transit

Protecting data from interception by encrypting it while it is actively being transferred across a network

Encryption at rest

Protecting stored data by encrypting it when it is not being actively used or transmitted

Data usage

Policies and practices defining how data is permitted to be used within and outside an organization

Data sharing

The controlled process of providing data access to authorized internal or external parties

NIST (National Institute of Standards and Technology)

A U.S. federal agency that publishes cybersecurity frameworks and data security standards used across industries

PII (Personally Identifiable Information)

Any data that can be used to directly or indirectly identify a specific individual — such as name, SSN, or email

PHI (Personal Health Information)

Protected health data related to an individual's medical history, diagnoses, treatments, or healthcare payments

Anonymization

Permanently removing or altering identifying information from data so that individuals can no longer be identified

Data masking

Replacing sensitive real data with realistic but fictional data — protects privacy while keeping data usable for testing

Requirement testing

Verifying that a data system or report meets all defined business and functional requirements before deployment

Stress testing

Testing a data system under extreme loads or conditions to evaluate its performance limits and stability

UAT (User Acceptance Testing)

End-user testing to confirm that a data system, report, or application meets real-world business needs before go-live

Source control

Version control practices — such as Git — that track changes to code or data over time and allow rollback if needed

Unit testing

Testing individual components or functions of a data system in isolation to confirm each piece works correctly

Data health check

A routine assessment of a dataset's quality — including detecting data drifts or unexpected statistical changes

Data drift

A gradual change in the statistical properties or distribution of data over time that can degrade model or report accuracy

Automated data quality monitoring

Continuous, system-driven checks that automatically detect and flag data quality issues without manual intervention

Data profiling

Analyzing a dataset to understand its structure, content, quality, and relationships before transformation or analysis

Quality metrics (data profiling)

Measurable values used to evaluate data quality dimensions — such as accuracy, completeness, consistency, and timeliness

ISO (International Organization for Standardization)

An international standards body that publishes globally recognized standards — including those for data quality management

MDM (Master Data Management)

A process for creating and maintaining a single, consistent, authoritative version of key business data across systems