Excellence in administration

  • ISSA Guidelines:
  • Information and Communication Technology

Excellence in administration

  • ISSA Guidelines:
  • Information and Communication Technology

Information and Communication Technology -
C.1. Master Data Governance and Master Data Management

Social security operations and strategic decisions are based on the mission-critical availability of data related to the individuals and stakeholders involved in social programmes managed by institutions. As a consequence, the reliability of these operations and adjudications are based strongly on the reliability of the used data. Among the large volumes of data managed by social security institutions there is a key subset that is common to social programmes, and its quality and management have a strong impact on the overall activities of social security institutions.

According to Allen Dreibelbis et al., “As companies struggle to become more agile by implementing information systems that support and facilitate changing business requirements, the management of core information, such as information about customers or products, becomes increasingly important. We call this information master data” (Enterprise master data management: An SOA approach to managing core information, Pearson Education, 2008). Master data has been described as “the authoritative, most accurate data available about key business entities, used to establish the context for transactional data. Master data values are considered golden” (Mark Mosley et al., DAMA guide to the data management body of knowledge, 2010).

The master data in social security institutions consists of the subset of all the managed data that is required to carry out the social programmes. That data is also known as “corporate information systems” or “single registries”. They are especially relevant because they provide a formalized and single institutional framework of the most relevant concepts used in the institution: employees, beneficiaries, families, contributors, employees’ work history, and so on. Social security institutions require reliable information systems capable of supporting all master data and master data management operations. It is important that such information systems manage the quality of the data as regards completeness and accuracy to the greatest extent possible.

In its glossary, Gartner describes Master Data Management (MDM) as “a technology-enabled discipline in which business and IT work together to ensure the uniformity, accuracy, stewardship, semantic consistency and accountability of the institution official shared master data assets”.

In turn, Master Data Management is defined in the DAMA guide to the data management body of knowledge as “the process of defining and maintaining how master data will be created, integrated, maintained, and used throughout the enterprise. The challenges of master data management are: I) to determine the most accurate, golden data values from among potentially conflicting data values; and ii) to use the golden values instead of other less accurate data”.

The following guidelines address master data management concepts and activities, as well as organizational aspects to implementing master data in social security institutions. They complement Guideline 17, Developing a master data model and system, Section A.5, Data and Information Management.

Background: Programmes and committees in MDGP and MDMP

Social security institutions need to manage data through clear lines of decision-making and authority from an organization-wide strategic perspective. This activity is known as data governance. When the data to be governed are master data, the activity is sometimes known as master data governance. When several actions related to master data governance are planned to bring about a specific implementation, it can be said that a Master Data Governance Programme (MDGP) is to be designed and executed.

To bring a Master Data Governance Programme to tactical and/or operative levels, a master data management group consisting of data owners and stewards should be in charge of the data management operations by means of a Master Data Management Programme (MDMP).

The group of staff in charge of the Master Data Governance Programme is commonly referred to as the Master Data Governance Bord or Committee. The group of staff in charge of the Master Data Management Programme is commonly called the Master Data Management Group, Master Data Stewardship Council or Master Data Management Committee, depending on the organizational structure of the institution.

There is a close relationship between the Master Data Governance Programme (MDGP) and Master Data Management Programme (MDMP). The MDGP aligns the master data initiatives with the institutional goals in order to maximize the value of the master data and according to the Data Governance Programme; the MDMP implements and maintains the master data information systems in support of the master data operations. In general, there are three main communities of stakeholders with multiple roles within Master Data Management: (i) Data Governance, (ii) Information Technology, and (iii) Data Stewards.

To carry out the activities defined in these guidelines, social security institutions should create teams with the appropriate skills and mandate. It is particularly important that the Master Data Governance and Master Data Management Programmes be supervised to ensure that they are performed in a manner that is aligned with the social security institution’s goals and objectives. For the purpose of these guidelines, we distinguish the following bodies:

  • Executive level – Information Management Steering Board (IMSB)

The institution must install an Information Management Steering Board. It is the role of the Steering board to sponsor, approve, understand and champion the enterprise strategic data governance plan and policy at the highest level of the organization, such as at the Executive or Leadership level. The board must communicate effectively with lines of business, the expectations and requirements for governing data and identify and prioritize data initiatives. This will require significant education and understanding on the part of the Executives of the institution. The board delegates responsibility for strategic decision making to the Data Governance Board.

This board is responsible for:

  • Establishing a strategic vision on the relevance of master data management for achieving the social security functions in the institution’s mandate;
  • Driving organizational and cultural evolution towards corporate, institution-wide management of the institution’s core data;
  • Supporting, among others, the Master Data Governance Programme institution wide, as a backbone for the institution’s activities. This involves budgetary and organizational measures.
  • Strategic level – Master Data Governance Board

It is the role of the Data Governance Board to be educated in what data governance means, how it can and will work for the organization, and what it means to embrace and activate the data owners and stewards. The board provides guidance, presides over programme activities, and approves data policy, methods, priorities, and tools. It promotes governance in their areas by actively engaging in improved data practices. The board makes data decisions at a strategic level in a timely manner when it has the appropriate knowledge to make such decisions and meets regularly to remain informed about programme activities.

This board is responsible for:

  • Appointing high-ranking representatives of data-owning business functions who can make decisions about master data for the institution;
  • Appointing members of the Master Data Management Group;
  • Approving the decisions of the Master Data Management Group;
  • Approving policies related to master data.
  • Tactical level – Master Data Management Group or Committee

To enhance (interservice or interinstitutional) coordination on data matters and to facilitate the implementation of data policies in the institution, a number of committees, networks and communities should be established. These are represented in corporate data governance as data management groups.

A data management group is a formal or informal network, body, committee or community of practice that deals with certain master data-related matters on business processes, data analytics or standardization.

Each data management group has a clear mandate. The mandate is approved by the Data Governance Board requesting its formation. Some data program groups may be permanent while others may be active for a specific period of time. The IMSB will have the overview of existing groups and should be consulted on the establishment of new groups.

This Committee, or Group, is responsible for:

  • Carrying out development projects on the master data system;
  • Maintaining organizational expertise on the social security master data;
  • Maintaining the meaning and value of data;
  • Making recommendations on data decisions and writing data-related procedures.
Components of the master data architecture

In order to address the necessary issues, the following components of the master data architecture are identified:

  • Architecture of the master data system, which is responsible for storing and supporting operations on the master data. The architecture has to provide the means of achieving both the functional and the non-functional requirements established in the institution, and may have to take into account interaction with external institutions to access data as well as to provide services to them.
  • Architecture for the master data management systems, which should provide support to the specific master data operations, for example those related to master data quality cleansing, master data quality profiling, and master data management configuration (both entities and models).
  • Architecture for the master data governance system, which should provide support for the various actions related to the Master Data Governance Programme. For instance, it should provide software components for monitoring and efficiency.

All these components are addressed in these guidelines with the aim of supporting social security institutions in their efforts to develop an integrated solution.

ICT standards and frameworks

To gain the widest possible understanding of all the concepts introduced in this document, the reader is encouraged to consult the following international standards – both de jure and de facto – that have been used as a background to support specific guidelines (listed in alphabetical order):


The six principles presented and defined in Section A.1 should also be observed by social security institutions when implementing master data systems. The following guidelines are intended to make the implementation of such master data management systems easier, focusing always on optimizing the value of master data. The first step is to implement a Master Data Governance Programme.


Master data can be considered as among the most important assets for the adequate performance of social security institutions. It is important to highlight the fact that master data management is both an organizational/business-based and technological function. The most difficult part is to establish adequate links between these two functions.

The following guidelines are organized in three sections:

  • Section C.1.1, Master Data Governance and Master Data Management, addresses the institutional decisions that must be taken to guide the design and implementation of master data projects as well as daily operations. The section begins with the design of the master data programmes aligned with the institutional ICT governance principles. The definition of a strategy and action plan follows, including the preliminary scope of the master data. The last guideline in the section addresses the issues of determining and optimizing the value of the master data and aims to provide elements relevant to investment decisions on master data systems.
  • Section C.1.2, Master Data Quality Management, addresses the key issues of managing the quality and reliability of the master data. These guidelines focus on specific recommendations to manage quality in master data through preventive and corrective measures.
  • Section C.1.3, Master Data Architecture, Design and Implementation, addresses the activities involved in the implementation of master data systems, starting with the specification of architectures, continuing with implementation and change management, and finishing with the interoperability and security features to be considered in master data systems.
  • COBIT® 4 and COBIT® 5
  • DAMA-DMBOK (2009) and/or (2015)
  • ISO 20000 and ITIL®
  • ISO 27000
  • ISO 38500
  • ISO 8000, parts 100–140