Tackling NDMO Regulations One Deliverable at a Time

Executive Summary

The National Data Management Office (NDMO) and its regulations are essential topics to consider. AI data products can aid compliance with Saudi Arabia's data regulation, which is crucial for business maturity. It is vital to manage data efficiently for business growth. Additionally, the Certified Data Management Professional (CDMP) transformation and NDMO regulations are observed, and feedback and challenges from executive CEOs are analysed. The current challenges in Saudi Arabia's data governance framework are also discussed.

The DMBOK covers mapping deliverables and activities, data architecture, and data modelling. Breaking down tasks and subtasks is necessary to tackle data management challenges. The deliverables and dependencies are also overviewed. Power BI, maturity assessment, and compliance information are summarised.

Maturity assessments can help track compliance progress, and NDMO utilises them in its review and assessment process. Project management and deliverables process are also discussed. Implementing NDMO regulations can have misconceptions and challenges, especially in data submission and compliance. Additionally, Enhancing submissions can bring both challenges and benefits. An agile approach in data strategy and governance is also discussed, and the importance of maturity assessment in data management practices is emphasised.

Webinar Details

Title: Tracking NDMO Regulations

Date: 22-Feb-23

Presenter: Howard Diesel & Paul Bolton

Meetup Group: DAMA SA User Group

Write-up Author: Howard Diesel

Contents

National Data Management Office (NDMO) and its Regulations

Benefits of AI Data Products in Compliance and Saudi Arabia's Data Regulation

Importance of Data Management for Business Maturity

Observations on CDMP Transformation and NDMO Regulations

Feedback and Challenges from Executive CEOs

Overview of Data Governance Framework and Current Challenges in Saudi Arabia

Mapping Deliverables and Activities in the DMBOK

Data Architecture and Data Modelling

Breaking Down Tasks and Subtasks for Data Management Challenges

Overview of Deliverables and Dependencies

Summary of Information on Power BI, Maturity Assessment, and Compliance

Using Maturity Assessments for Compliance Progress

Review and Assessment Process and the Use of Maturity and Compliance in NDMO

Project Management and Deliverables Process

Misconceptions and Challenges in Implementing the NDMO Regulation

Challenges in Data Submission and Compliance

Challenges and Benefits of Enhancing Submissions

Implementation of an Agile Approach in Data Strategy and Governance

Discussion on the importance of maturity assessment in data management practices

National Data Management Office (NDMO) and its Regulations

Howard and the team have been working diligently on integrating templates into Modon (the Saudi Authority for Industrial Cities and Technology Zones). We are thrilled to share our progress with you. Additionally, if you have any questions or requests regarding NDMO, please direct them to us.

The National Data Management Office (NDMO) is an SDAIA (Saudi Data and AI Authority) department responsible for creating and enforcing regulations. NDMO significantly impacts ministries, authorities, and government institutions, as they must follow the regulations. Even banks like ANB have contacted us for assistance in understanding and complying with NDMO regulations.

It's important to note that open data and Freedom of Information also play a crucial role in government institutions. If you require further information on NDMO domains, we would happily provide you with free documentation upon request.

Benefits of AI Data Products in Compliance and Saudi Arabia's Data Regulation

CEOs often question the value and benefits of compliance efforts when collaborating with various Ministries and organisations. It is crucial for executives to recognise the potential advantages of AI data products, such as generating return on investment (ROI) and revenue for the organisation.In Saudi Arabia, the Crown Prince and government have initiated data regulation to achieve a high maturity level by 2030, with data and AI contributing 14-15% of the GDP. The comprehensive regulations, similar to the DMBOK, prioritise data value realisation.

To comply with the regulation, all organisations must reach a defined maturity level (level three) which involves a shared understanding, set standards, and consistent behaviour across the organisation. However, many organisations struggle to establish uniform standards and behaviour as they have yet to be at level three.Unfortunately, making profits often overshadows prioritising compliance efforts in the commercial sector.

Importance of Data Management for Business Maturity

It's imperative for organisations to properly manage their data, both for compliance and to fuel AI and machine learning models. Unfortunately, many organisations fall short in this area, with only a select few reaching Level 3 maturity in their data management practices. However, achieving this level is crucial as it marks the beginning of effective knowledge management and collaborative decision-making.

Despite the challenges, there's a significant opportunity to progress in a relatively short time frame, going from 0.6 to 3 in just two years. To achieve this, professionals must have the appropriate knowledge and certification capabilities. It's promising that Saudi Arabia has made strides in this area, with an increasing number of certified data management professionals.

Observations on CDMP Transformation and NDMO Regulations

On LinkedIn, approximately 250-260 individuals have added CDMP to their names, indicating the rapid growth of this field. The success of this transformation can be attributed to the incredible drive and support from the Crown Prince. In alignment with the shift towards rights and governance, performance goals (Key Performance Indicators - KPIs) are being revised. However, concerns have been raised regarding the timing of KPIs implementation, with some suggesting an introduction in P1 instead of P3. It is crucial to emphasise the significance of KPIs early on as they provide direction and clarity for operations.

The NDMO regulations are among the most comprehensive sets observed, comparable to the efforts of Malaysia and Abu Dhabi. Unlike the General Data Protection Regulation’s (GDPR) sole focus on privacy and protection, the regulations cover a broader range of aspects. The UK's disproportionate emphasis on GDPR approval overlooks other critical elements of data management. The NDMO regulations offer a more comprehensive approach, covering all relevant areas.

Feedback and Challenges from Executive CEOs

Some CEOs have expressed doubts regarding the relevance of the presented information to their businesses. However, removing certain parts of the information may result in loss as it is intended to function as a whole. Additionally, complaints have been made about the amount of work required to create 709 deliverables. One CEO has even voiced concerns about the value they get from the work despite having access to 14 consultants.

It is recommended to prioritise the restructuring of work according to the P1 domain for data value realisation. This will ensure that the focus is on maximising the value derived from the data management regulations and supervision. Lastly, various challenges and topics need to be addressed, such as identifying whether data management is a benefit or a burden, training needs, and mapping specifications to deliverables.

Overview of Data Governance Framework and Current Challenges in Saudi Arabia

In Saudi Arabia, there exists a comprehensive data governance framework that comprises of oversight, culture, strategy, and foundational activities. The foundational activities entail data classification, availability, and handling of Freedom of Information (FOI) requests. Saudi citizens can make FOI requests to comprehend the purpose and collection of specific data by authorities, with ethical considerations and reviews used to determine the legitimacy of data collection for FOI purposes. Moreover, data protection is an essential layer within the framework, addressing data monetisation, quality, metadata, and operations. The framework also encompasses data content, architectural modelling, reference data, master data, and open data initiatives.

Currently, the NDMO is developing version 1.6 of the framework, which will be reviewed. Effective implementation of the framework is crucial in Saudi Arabia to avoid challenges faced during submissions. As such, continuous development of data-driven processes is recommended to handle the significant number of submissions required annually.

Mapping Deliverables and Activities in the DMBOK

Howard, the Speaker, started by mapping knowledge areas to domains in the demo domain. Then, he proceeded to map the DMBOK deliverables to related activities. However, the DMBOK needs improvement as it needs a more precise mapping between deliverables and activities. He then connected the DMBOK to the demo specification deliverable and identified missing deliverables, which he addressed accordingly. Concerns about the absence of data handling ethics in the mapping were raised during the process. Two options were considered to address this issue: distribute data handling ethics across different domains or consolidate it into one domain.

Change management was identified as a crucial factor in achieving a higher level of maturity in the ministry. The maturity assessment exists separately in the Indie mode P1.The mapping includes elements such as data governance, data catalogue, metadata, data quality, operations documents, and data architecture.

Data Architecture and Data Modelling

The DMBOK is a comprehensive framework that covers various domains such as data architecture, data modelling, reference data, business intelligence, analytics, data sharing, interoperability, and data integration. However, it needs to address the domains of data value realisation and data governance.

Other crucial domains that require attention are open data, Freedom of Information, data classification, personal data protection, and data security. To help with better control and specification details and provide insights into challenges and sub-tasks within each specification, the NDMR mapping spreadsheet is available.

The DMBOK recommends conducting a maturity assessment to tackle current data challenges effectively. The mapping spreadsheet also showcases the alignment of NDMR and DMBOK with multiple levels of mapping deliverables. The spreadsheet contains 709 rows across all domains.

Breaking Down Tasks and Subtasks for Data Management Challenges

During the webinar, Howard discusses how to handle data management challenges within a given specification. These challenges are broken down into five task numbers, and each deliverable and submission is assigned a unique process sequence number for cross-referencing.

The mapping process involves linking the process sequence number to the DMBOK deliverable and the name of the NDMO submission. Any questions about mapping the NDMA submissions to the DMBOK deliverables are addressed. It is crucial to implement all domains and specifications seamlessly.

The example provided focuses on data governance and its underlying elements. While the priority of submissions is not visible in the Excel sheet, Howard explains that they use the NDMO priority and consider interdependencies. Both Indie priority and internal project priorities exist. The deliverable has three phases: strategy and planning, principles and policies, and awareness and performance.

Overview of Deliverables and Dependencies

Howard shared that he had devised a diagram connecting all deliverables to establish a comprehensive sequence for deliverables. Additionally, he incorporated dependencies in the database, mentioning GT1 1.2 as an example that relies on DMA 1.1.

Moving on to slide 47 (the above image), Howard showcased the set-up of deliverables, encompassing domains, controls, and submissions. He discussed the availability of a Power BI tool in Teams, which displays various submissions and interdependencies. This tool has filters for reference data, compliance levels, and submission documents.

When asked about priorities and phases, Howard emphasised the resources available. He also provided spreadsheets with links, completed mappings, and aligned deliverables. Howard explained that overlapping tasks could be delivered together, like an operations plan covering 16 task elements.

Summary of Information on Power BI, Maturity Assessment, and Compliance

The Power BI tool is valuable for understanding interdependencies, distance to target, and submission levels. Three jumps are needed to reach level three in a maturity assessment starting from level zero. The burn-down chart displays the distance to compliance or target to track progress in an agile approach. The Deliverable Maturity Model Assessment (DMMA) is similar to a maturity assessment and involves assessing work products and submissions, including principles and policies, across the entire process. Compliance is binary, with submissions being either 0% or 100% compliant. P1 submissions require full compliance.

Using Maturity Assessments for Compliance Progress

Throughout the project, the team focused on measuring their compliance progression at various levels. Our team member Paul conducted several maturity assessments to track and evaluate how well we complied. We used these assessments to demonstrate progress and presented our results to the project office. In the provided image, you can see an example of five maturity assessments over time. Our goal was to reach a maturity level of three by the project's end, which we accomplished. These assessments were conducted monthly and aligned with our project milestones.

Our project methodology followed the Data Management Maturity Assessment (DMMA) thinking and maturity levels to guide our documentation process. Our work went through different stages, starting with the SME, then the senior solution architect, and finally undergoing a review process to ensure compliance. By following this approach, we ensured that the entire team had the opportunity to share knowledge and experience, not just limited to the project team.

Review and Assessment Process and the Use of Maturity and Compliance in NDMO

Throughout the review process, business owners and other stakeholders played an active role in ensuring that all work was agreed upon and approved. To facilitate this, the stakeholders were given training to sign off on the work effectively. During the discussion, the difference between maturity assessment and compliance in NDMO was brought up, with a request for clarification on their relationship.

Howard explained that they use the same technique to assess both maturity and compliance and that they have been discussing maturity during Thursday afternoon sessions. However, Howard noted that NDMO has a unique approach to maturity assessment that needs deliverable-level evidence and consistency among departments. To address this, Howard suggested using the DMMA approach to validate the NDMO P1 Journey and assess deliverable maturity. The possibility of combining compliance and maturity assessment was also discussed, with an auditor expressing interest in reviewing evidence of deliverable maturity. Howard shared an Excel workbook to aid in monitoring both maturity and compliance.

Project Management and Deliverables Process

Paul's contributions are vital resources for the current phase of the project. To aid in project planning, the work breakdown structure employs a folder system that allows drilling down from domain to control, specification, tasks, and deliverables. Each deliverable has a unique naming convention with a sequence number, such as the DMBOK deliverable for the NDMO submission. Collaborative work is conducted through a Teams folder with a review process and project owner verification. Automated power bi is utilised to check submissions of the 709 deliverables. Various templates, including Excel, Word, text, PNG, and ERD, are employed for submission documents. Implementing the NDMA regulations and making the Data Management Office (DMO) operational pose challenges and misconceptions.

Misconceptions and Challenges in Implementing the NDMO Regulation

Remembering the NDMO regulation, which prioritises proof of compliance rather than just carrying out operations is important. Even when delivering what's required, certain components of the NDMA specifications, like change management and awareness of behavioural changes, still need to be included. Simply submitting deliverables doesn't automatically make an effective DMO. It needs to be corrected to assume that the NDMO regulation covers all necessary controls for a DMO, as important aspects like issue management may be overlooked.

Procedures, guidelines, and standards are only sometimes included in the regulations, except for data sharing and open data. The challenge lies in the complexity of the tasks and subtasks, which go beyond the initial specifications and involve multiple resources. Different individuals, such as data governance specialists, project managers, HR, and learning and development staff, are needed to handle different aspects concurrently. Initially, this was challenging, but it quickly scaled up.

Challenges in Data Submission and Compliance

The ongoing management and integration of data models face various challenges due to the need for templates for specification submission. Generating submissions manually using Excel can result in outdated data and potential issues. The absence of critical data elements can be attributed to the unavailability of templates, thus necessitating the need to define and agree on minimum data requirements for submission. It is crucial to determine data quality expectations for compliance and audit purposes and establish guidelines and development guides for shared understanding.

Executives and business areas need to recognise the importance of ROI to gain commitment. Supporting DMO managers and CDOs in promoting the significance of NDMO regulation is vital, and NDMO and SDAIA have already tried to address these challenges, but the initial phase is already completed. Justifying the importance of NDMO regulation upfront can take time and effort.

Challenges and Benefits of Enhancing Submissions

Howard recommended adding certain elements to submissions, such as maturity assessments, strategy action plans, readiness roadmaps, mandates measurement, roles and expectations, and resource planning. These additions aim to fill in any gaps in the current view. To address the issue of too many submissions, he proposed two levels of submission: high-level and low-level. Both are necessary to ensure alignment with project managers and data governance. High-grain and low-grain regulations differ regarding audit stability, project management, and deliverable alignment.Howard also discussed the potential impact of implementing a new version (1.6) on deliverables, citing a possible increase or savings of 32%. Lastly, he requested feedback and comments on the presented ideas, including whether the NCAA covers security and protection concerns.

Implementation of an Agile Approach in Data Strategy and Governance

The role of the DMO is to oversee the packaging, submission, and management of the Auditors. During this process, it is vital to prioritise data security. SAMA has adopted an agile approach that aligns with its data strategy and domains. The data governance manager creates a portfolio of use cases to ensure the realisation of data value.

The data strategy is thoroughly assessed against open data, architecture, and data governance. Additionally, personal data protection and data classification oversight are carried out. Data quality sharing, integration, cataloguing, and Business Intelligence and Advanced Analytics are also implemented. These efforts aim to simultaneously deliver use cases and submissions to add value. Finally, Howard expresses gratefulness to the Saudi participants for their valuable insights.

Discussion on the importance of maturity assessment in data management practices

Drew acknowledges and values the diverse approaches to data management. He emphasises the significance of conducting a maturity assessment to improve data management practices. Paul is satisfied with the productive discussion and appreciates the participants' contributions. He recognises the project's potential for enhancing skills and knowledge in data management.

The benefits of mapping data management practices to the DMBOK and creating a personal data management portfolio are discussed among the participants. They express gratitude and suggest additional opportunities for sharing resources and further discussion. The discussion concludes with expressions of appreciation and good wishes among the participants.

If you would like to join the discussion, please visit our community platform, the Data Professional Expedition.

Additionally, if you would like to be a guest speaker on a future webinar, kindly contact Debbie (social@modelwaresystems.com)

Don’t forget to join our exciting LinkedIn and Meetup data communities not to miss out!