Effective data governance depends on clear roles, shared accountability, and collaboration across the institution. As McMaster continues to strengthen its approach to managing institutional data, the Data Governance RACI Model provides a transparent framework that clarifies who is responsible, accountable, consulted, and informed in the management of university data assets.

This page outlines the roles and responsibilities that support McMaster’s Data Governance Program. The model is designed to ensure that data across the university is trusted, well-managed, secure, and used responsibly to support decision-making, operations, research, and institutional planning.

The Data Governance RACI Model helps the McMaster community:

• Clarify ownership and accountability for institutional data

• Support consistent data management practices across functional areas

• Strengthen collaboration between business units, technology teams, and governance bodies

• Improve data quality, transparency, and trust

• Ensure alignment with privacy, security, and institutional policies

Data governance at McMaster is not the responsibility of a single office or team. Instead, it is a shared institutional practice involving leadership, data stewards, system owners, and data users across the university. The roles described on this page illustrate how different groups contribute to ensuring that institutional data is accurate, accessible, protected, and used appropriately.

The framework also supports the implementation of key governance tools and practices, including the Data Cookbook, institutional data standards, data classification guidelines, and stewardship processes.

This page is intended to help members of the McMaster community understand how they participate in the data governance framework, whether as a data steward, system owner, data consumer, or institutional leader.

Data Governance RACI Matrix

RACI Legend

The terms ‘functional area’ and ‘domain/subdomain’ are used interchangeably. 

The term ‘Data Steward’ may refer to a Domain Steward or a Subdomain Steward. 

Any of the activities listed under Domain Stewards may also apply to the Subdomain Steward if that activity has been delegated to them by the Domain Steward. 

Domain Stewards 

All Domain Steward activities may be delegated to a Subdomain Steward or Data Custodian at the Domain Steward’s discretion. 

• Responsible for  

• • Implementing initiatives to improve data integrity within their domain. → [DG Activity: Data Quality Management]

• • The definition of subdomains and the assignment of subdomain stewards. → [DG Activity: Data Stewardship & Ownership]

• • The approval of definitions and specifications within the Data Cookbook. → [DG Activity: Metadata & Data Catalog Management]

• • Informing the Privacy Office of the uses, storage, and retention of Personal Information within their domain for the Personal Information Bank (PIB) Directory. → [DG Activity: Privacy & Security Compliance]

• • Informing Data Systems Stewards about systems or process updates affecting the data within their domain. → [DG Activity: Data Integration & System Governance]

• • Working with Data Systems Stewards to ensure the correct logic and modelling has been applied to the source data. → [DG Activity: Data Integration & System Governance]

• • Providing guidance on data engineering. → [DG Activity: Data Integration & System Governance]

• • Recommending the use of data within their Subdomain. → [DG Activity: Data Access & Usage Governance]

• • Escalating approval for PIAs deemed ‘high risk’ → [DG Activity: Privacy & Security Compliance]

• Accountable for  

• • Making data within their domain available to the university community in accordance with relevant policies and appropriate security & access controls.  → [DG Activity: Data Stewardship & Ownership Management] + [DG Activity: Data Access & Usage Governance]

• • The quality of data within their domain. → [DG Activity: Data Quality Management]

• • Authorizing the use of data within their domain.  → [DG Activity: Data Access & Usage Governance]

• • Classifying data within their domain according to McMaster’s Data Classification Policy and the DG Program Data Classification Guidelines. → [DG Activity: Data Stewardship & Ownership Management] + [Privacy & Security Compliance]

• • Understanding the logic, interpretation, and limits of the data within their domain. 

• Consulted on  

• • The integration of the Data Cookbook on reporting platforms, when appropriate. → [DG Activity: Data Integration & System Governance]

• • Any new use of data from their domain that had previously been provisioned. → [DG Activity: Data Integration & System Governance]

• • Systems change that may affect data within their domain. → [DG Activity: Data Integration & System Governance]

• • Data engineering & data modelling data from their domain. → [DG Activity: Data Integration & System Governance]

• • Systems or process updates affecting shared (cross-functional) data. → [DG Activity: Data Integration & System Governance]

• • PIAs involving data from their domain → [DG Activity: Privacy & Security Compliance]

• Informed about  

• • organizational standards for creating Data Cookbook documentation. → [DG Activity: Policies, Standards & Guidelines]

• • Results of PIAs for data systems requesting data from their domain  → [DG Activity: Privacy & Security Compliance]

Any of the activities listed under Domain Stewards may also apply to the Subdomain Steward if that activity has been delegated to them by the Domain Steward. 

• Responsible for  

• • Providing guidance to the Data Stewards about any data-related issues within their functional area. → [DG Activity: Data Quality Management]

• • Initiating, reviewing and recommending approval of definitions, specifications and data systems to the Data Stewards.  → [DG Activity: Metadata & Data Catalog Management]

• Accountable for fixing data quality issues when they arise. → [DG Activity: Data Quality Management]

• Responsible for  

• • Informing Data Stewards about new and ongoing uses of source data within their data system. → [DG Activity: Data Access & Usage Governance]

• • Working with Data Stewards or Data Custodians to ensure the correct logic and modeling has been applied to the source data. → [DG Activity: Data Integration & System Governance]

• • Communicating results of PIAs to Data Stewards → [DG Activity: Privacy & Security Compliance]

• Accountable for  

• • Using source data only for the purposes agreed upon with Data Stewards. → [DG Activity: Data Access & Usage Governance]

• • Handling data in accordance with best practices according to the classification assigned by the Data Steward. → [DG Activity: Privacy & Security Compliance]

• • Documenting the justification for ingesting Restricted data. → [DG Activity: Metadata & Data Catalog Management]

• • Documenting all relevant Data Systems in the Data Cookbook. → [DG Activity: Metadata & Data Catalog Management]

• • Managing security and access to data within the Data System according to the requirements set by the Data Steward. (Please see Data Consumer role for further information on roles and responsibilities of data system users once access has been provisioned.) → [DG Activity: Data Access & Usage Governance]

• Consulted by the relevant Data Steward about any changes to the source data. → [DG Activity: Data Integration & System Governance]

• Informed about Data Cookbook best-practices and institutional conventions. → [DG Activity: Policies, Standards & Guidelines]

• Responsible for 

• • Participation in the development of all DG Program activities. → [DG Activity: Governance Strategy & Program Direction]

• • Guiding and prioritizing the strategic direction of the DG Program. → [DG Activity: Governance Strategy & Program Direction]   

• • Championing DG initiatives across the university. → [DG Activity: Data Governance Communication & Adoption]

• • Articulating challenges or roadblocks to the implementation of DG practices. → [DG Activity: Monitor Program Performance & Compliance]

• • Endorsing guidelines developed by the DG. → [DG Activity: Policies, Standards & Guidelines]

• Accountable for recommending DG projects, initiatives, or policies to EATC for approval. → [DG Activity: Governance Strategy & Program Direction]

• Consulted on the ongoing progress of DG initiatives. → [DG Activity: Monitor Program Performance & Compliance]

• Informed about the progress of data governance-related projects across the university that may not fall under the direct responsibility of the DG. → [DG Activity: Data Integration & System Governance]

• Responsible for  

• • Supporting Data Stewards to help them understand and implement DG policies and initiatives. → [DG Activity: Data Stewardship & Ownership Management]

• • Socializing Data Governance guidelines, best practices and initiatives across the university. → [DG Activity: Data Governance Communication & Adoption]

• • Administering the Data Cookbook and liaising with iData (software vendor of the Data Cookbook). → [DG Activity: Metadata & Data Catalog Management]

• • Developing and communicating organizational standards for the Data Cookbook. → [DG Activity: Metadata & Data Catalog Management]

• • Developing guidelines for the DG Program. → [DG Activity: Policies, Standards & Guidelines]

• • Developing metrics and KPIs to track progress in the DG Program. → [DG Activity: Monitor Program Performance & Compliance]

• Accountable for  

• • Managing and facilitating the implementation of the McMaster Data Governance Framework. → [DG Activity: Governance Strategy & Program Direction]

• • Executing the direction and priorities of the Data Governance Program. → [DG Activity: Governance Strategy & Program Direction]

• Consulted on  

• • The progress of DG initiatives within each functional area. → [DG Activity: Data Integration & System Governance]

• • The integration of the Data Cookbook with reporting platforms, when appropriate. → [DG Activity: Data Integration & System Governance]

• • McMaster DG best practices and conventions for new data systems and integrations.  → [DG Activity: Data Integration & System Governance]

• • DG best practices for IT projects. → [DG Activity: Data Integration & System Governance]

• Informed about  

• • DG non-compliance issues. → [DG Activity: Privacy & Security Compliance]

• • Emerging privacy, IT security, or risk assessment priorities. → [DG Activity: Privacy & Security Compliance]

• Responsible for  

• • Technical administration (including troubleshooting) of the Data Governance software, including integration with McMaster data systems. → [DG Activity: Governance Tools & Technical Support]

• • Assisting with setting up Data Governance software APIs and integrations. → [DG Activity: Data Integration & System Governance]

• • Setting-up Data Cookbook integration on reporting platforms (e.g., Data Governance website, Mosaic, Power BI). → [DG Activity: Data Integration & System Governance]

• Responsible for  

• • Assisting with setting up Data Cookbook connections (iData Hub) to source systems. → [DG Activity: Data Integration & System Governance]

• • Troubleshooting data governance software technical issues and assisting with system updates and patches. → [DG Activity: Data Integration & System Governance]

• Responsible for  

• • Providing records and privacy requirements to service owners and users. → [DG Activity: Privacy & Security Compliance]

• • Defining audit requirements and conducting privacy investigations when necessary. → [DG Activity: Privacy & Security Compliance]

• • Conducting privacy impact assessments (PIA), algorithmic impact assessments (AIA) are required → [DG Activity: Privacy & Security Compliance]

• Accountable for defining privacy policies and delivering privacy training. → [DG Activity: Privacy & Security Compliance]

• Consulted on  

• • Data privacy best practices and how to meet privacy requirements. → [DG Activity: Privacy & Security Compliance]

• • Additions of personal information banks (PIB) for the PIB Directory → [DG Activity: Privacy & Security Compliance]

• • Artifacts for ensuring privacy requirements are considered. → [DG Activity: Privacy & Security Compliance]

• • Data sensitivity classification and tagging. → [DG Activity: Privacy & Security Compliance]

• • Recommendations based on privacy risk identification for service / support model. → [DG Activity: Privacy & Security Compliance]

• Informed about privacy breaches, use of new systems or applications, and issues related to privacy and/or records management. → [DG Activity: Privacy & Security Compliance]

• Responsible for  

• • Providing IT Security requirements and security certification criteria to service owners and users.  → [DG Activity: Privacy & Security Compliance]

• • Defining data security policies and auditing requirements. → [DG Activity: Privacy & Security Compliance]

• • Defining and verifying data residence. → [DG Activity: Privacy & Security Compliance]

• • Assigning sensitivity labels as appropriate. → [DG Activity: Privacy & Security Compliance]

• Accountable for security of university IT environment. → [DG Activity: Privacy & Security Compliance]

• Consulted on IT security risks. → [DG Activity: Privacy & Security Compliance]

• Informed about IT security breaches and non-compliance issues. → [DG Activity: Privacy & Security Compliance]

• Responsible for  

• • Ensuring they access and use university data in accordance with University Policy and in a manner that minimizes risk to the University. → [DG Activity: Data Access & Usage Governance]

• • Completing Primer on Privacy training → [DG Activity: Privacy & Security Compliance]

• Accountable for 

• • Sharing data in accordance with the Data Steward’s requirements at the time the data was provisioned. → [DG Activity: Data Access & Usage Governance]

Responsible for following established procedures to ensure data meets institutional quality requirements. → [DG Activity: Data Quality Management]

What is a Data System? 

A data system is generally defined as any structured environment or platform designed to collect, store, process, manage, and provide access to data. To qualify as a data system, it typically meets most of these criteria: 

Key Characteristics of a Data System 

1. Data Storage
   It holds data in a persistent manner (e.g., databases, data warehouses, cloud storage). 

1. Data Processing
   It transforms, aggregates, or manipulates data (e.g., ETL tools, analytics engines). 

1. Data Access & Retrieval
   It provides mechanisms for querying or retrieving data (e.g., APIs, SQL interfaces). 

1. Governance & Security
   It enforces rules for data integrity, security, and compliance. 

1. Integration
   It can connect to other systems or applications for data exchange. 

Examples 

• Yes: ERP systems, CRM platforms, data warehouses, transactional databases, cloud data platforms (e.g., Snowflake, Azure Data Lake). 

• Sometimes: BI tools like Power BI or Tableau Excel if they store and manage datasets beyond simple visualization. 

• No: Pure visualization dashboards or static reports that do not store or process data. 

Data Governance Council (DGC): Oversees the processes required to manage, protect, and access institutional data assets. The DGC will consult on processes, tools, and practices to ensure data quality, security, privacy, and compliance while maximizing the value derived from data across the institution. 

Domain Steward: Responsible for overseeing the use, integrity, and governance of data within their domain, including data quality, classification, and authorized use. They ensure domain data is accurately defined, appropriately modeled, and available in alignment with institutional policies, and champion data governance practices. 

Sub-Domain Steward: Subject area expert for their data sub-domain, guiding domain stewards, approving data definitions and specifications (data processes), recommending data use, reviewing access, and leading initiatives to improve data integrity and support data governance efforts.   

Data Custodian: Subject matter expert responsible for managing data entry, reporting, and operational procedures, providing guidance to stewards, and ensuring responsible data management within their area. 

Data System Steward: Accountable for the approved use, documentation, security, and governance alignment of data within an institutional data system, ensuring compliance with data classifications, steward decisions, and institutional data standards. 

Data Consumer: Accesses and uses university data in accordance with institutional policies and approved access conditions. They are accountable for using and sharing data responsibly, in alignment with the requirements established by the Data Steward at the time access was granted. 

Data Creator: Responsible for creating or capturing university data in accordance with established standards and procedures, ensuring that data meets institutional quality standards, accuracy, and consistency requirements at the point of creation.