DAMA CDMP Data Governance Specialist Quick Reference

Last revised: June 25, 2026

Compact exam-prep reference for DAMA International CDMP Governance data governance concepts, roles, controls, artifacts, and decision points.

Exam Identity

ItemDetail
Vendor/providerDAMA International
Official exam titleDAMA CDMP Data Governance Specialist
Official exam codeCDMP Governance
Page purposeIndependent Quick Reference for focused review and practice support

Core Data Governance Definition

Data governance is the exercise of authority, control, and shared decision-making over data assets. It defines who can make which decisions about data, under what rules, using which processes, with what accountability.

ConceptExam-useful meaning
Data governanceDecision rights, accountability, policy, oversight, and control for data assets
Data managementExecution of practices that plan, build, operate, protect, and improve data assets
Data stewardshipFormal accountability for data definition, quality, usage, and issue resolution
Data ownershipBusiness accountability for data meaning, value, risk, and authorized use
Data custodianshipTechnical responsibility for storage, processing, backup, access enablement, and operations
Data policyHigh-level statement of required behavior or control
Data standardSpecific rule or convention that supports a policy
Data procedureStep-by-step method for performing governance or management work
Data controlMechanism used to prevent, detect, or correct noncompliance, risk, or poor quality

High-Yield Distinctions

DistinctionRemember this
Governance vs managementGovernance decides, directs, prioritizes, and monitors; management executes and operates.
Owner vs stewardOwner has business accountability and decision authority; steward performs ongoing coordination, definition, quality, and issue work.
Policy vs standardPolicy says what must be true; standard says how it must be implemented or measured.
Accountability vs responsibilityAccountability is answerability for outcomes; responsibility is performing assigned work.
Data governance vs data qualityGovernance defines accountability, rules, and escalation; data quality applies profiling, monitoring, remediation, and prevention.
Data governance vs metadata managementGovernance requires trusted definitions and lineage; metadata management captures, manages, and publishes that knowledge.
Data governance vs securityGovernance sets rules for acceptable data use and access accountability; security enforces confidentiality, integrity, and availability controls.
Centralized vs federated governanceCentralized maximizes consistency; federated balances enterprise standards with domain-level ownership.
Compliance vs valueCompliance is one driver; governance also improves trust, reuse, efficiency, analytics, and decision quality.
Committee vs stewardshipCommittees make decisions and resolve escalations; stewards do working-level coordination and control execution.

Data Governance Purpose and Drivers

DriverGovernance response
Regulatory or contractual riskPolicies, controls, accountability, evidence, retention, privacy, auditability
Poor data qualityStewardship, definitions, quality rules, issue workflow, root-cause remediation
Conflicting definitionsBusiness glossary, authoritative definitions, data ownership, metadata standards
Siloed dataEnterprise principles, shared standards, master/reference data governance
Analytics inconsistencyCertified data sources, lineage, semantic consistency, quality thresholds
Digital transformationData product accountability, domain stewardship, platform standards
Mergers or reorganizationData inventory, harmonized definitions, ownership reassignment, migration controls
Security and privacy exposureClassification, access governance, acceptable use, data handling standards

Governance Operating Model Choices

ModelBest fitStrengthsRisks / traps
CentralizedHighly regulated, enterprise-wide standardization neededConsistency, strong policy control, clear escalationCan become slow or disconnected from local business needs
DecentralizedIndependent business units with limited data sharingLocal agility, domain knowledgeInconsistent definitions, duplicate controls, weak enterprise reuse
FederatedMost large enterprises with shared and domain-specific dataBalances enterprise rules with domain ownershipRequires clear decision rights and escalation paths
HybridTransition state or varied maturity across domainsFlexible adoptionCan be ambiguous if roles are not documented
Data-domain alignedCustomer, product, supplier, finance, employee, etc.Assigns accountability by meaning and usageDomains must be defined carefully to avoid overlap
Data-product alignedAnalytics, platform, or mesh-style operating modelsStrong ownership of published data outputsNeeds explicit quality, metadata, and lifecycle obligations

Governance Role Reference

RolePrimary accountabilityCommon exam clues
Executive sponsorAuthority, funding, strategic alignment, issue escalationRemoves barriers; connects governance to business objectives
Data governance council / boardApproves policies, priorities, standards, and escalated decisionsCross-functional decision-making body
Chief data officer / data leaderEnterprise data strategy, governance program leadership, value realizationAligns governance with data management capabilities
Data ownerBusiness accountability for a data domain or critical data elementApproves definitions, quality expectations, and access rules
Data stewardOperational coordination of definitions, quality, issues, metadata, and standardsMaintains glossary entries, raises issues, supports controls
Data custodianTechnical operations and control implementationDatabase/platform/file/storage administration
Data architectData models, integration patterns, standards alignmentEnsures structure supports enterprise principles
Data quality analystProfiling, rules, monitoring, defect analysisMeasures and reports data quality
Security/privacy officerClassification, access, privacy, risk controlsEnsures protection and compliant handling
Business process ownerProcess-level data creation and usage accountabilityImportant when root cause is process behavior
Project/product teamImplements governance requirements in change deliveryMust follow standards, metadata, and control requirements

RACI Pattern for Common Governance Activities

ActivityExecutive sponsorGovernance councilData ownerData stewardCustodian / ITSecurity / privacy
Approve enterprise data policyARCCCC
Define critical data elementCCARCC
Approve business definitionCCARCC
Implement access controlCCA/CCRA/R
Resolve cross-domain definition conflictCA/RRRCC
Monitor data quality ruleIIARR/CC
Remediate root cause in business processCCA/RR/CCC
Maintain technical metadataIICCA/RC
Approve retention requirementCCA/CCR/CA/R
Report governance metricsIAR/CRCC

Legend: A = accountable, R = responsible, C = consulted, I = informed. Exact assignments vary by organization; exam questions usually test accountability logic, not one fixed chart.

Key Governance Artifacts

ArtifactPurposeCommon contents
Data governance charterEstablishes mandate, scope, authority, and objectivesVision, goals, principles, roles, decision rights, governance bodies
Data policyDefines required behavior for data handling or managementOwnership, quality, access, classification, retention, metadata, usage
Data standardsTranslate policy into implementable rulesNaming, modeling, quality thresholds, metadata fields, code sets
Data governance roadmapSequences capability buildoutInitiatives, dependencies, milestones, maturity targets
Data domain modelDefines major subject areas of accountabilityCustomer, product, supplier, employee, location, financial data
Data ownership matrixAssigns accountable owners and stewardsDomain, owner, steward, systems, critical elements
Business glossaryShared business terms and definitionsTerm, definition, owner, steward, synonyms, usage notes
Data catalogInventory and searchable metadata repositoryDatasets, lineage, classification, quality indicators, owners
Critical data element listFocuses control on high-value or high-risk dataName, definition, source, owner, quality rules, controls
Data quality rulesDefines measurable expectationsCompleteness, validity, consistency, accuracy, timeliness, uniqueness
Issue logTracks defects, decisions, and remediationIssue, severity, owner, root cause, action, status
Decision logPreserves governance decisions and rationaleDecision, date, participants, impact, policy reference
Data lineage mapShows origin, movement, transformation, and usageSource-to-target flows, transformations, reports, controls
Data classification schemeCategorizes sensitivity, risk, and handling needsPublic/internal/confidential/restricted or equivalent levels
Control evidenceDemonstrates that governance controls operateApprovals, reviews, audit logs, attestations, metrics

Data Governance Process Reference

PhaseKey actionsOutputs
InitiateIdentify drivers, sponsorship, scope, pain points, stakeholdersCharter, business case, initial scope
AssessEvaluate maturity, risks, data issues, existing controlsCurrent-state assessment, gap analysis
DesignDefine operating model, roles, policies, decision rightsGovernance framework, role model, policy set
PrioritizeSelect domains, critical data, initiatives, and metricsRoadmap, backlog, domain priorities
ImplementEstablish stewardship, standards, catalog/glossary, workflowsWorking committees, artifacts, tools, controls
OperateRun issue management, approvals, monitoring, escalationDecisions, issue resolution, metrics
MonitorMeasure adoption, quality, compliance, and valueDashboards, control evidence, maturity updates
ImproveRefine policies, automate controls, expand coverageLessons learned, enhanced standards, new capabilities

Governance Decision Rights

Decision typeTypical decision ownerExample
Policy decisionGovernance council or executive authorityApprove enterprise data classification policy
Domain decisionData owner with steward supportDefine “active customer” for the customer domain
Standards decisionGovernance function, architecture, or councilAdopt naming standard for data elements
Quality decisionData owner, steward, quality leadSet acceptable completeness threshold for a critical field
Access decisionData owner with security/privacy inputApprove access to confidential customer data
Architecture decisionData architecture / architecture boardSelect authoritative source pattern
Exception decisionGovernance council or delegated authorityTemporarily allow nonstandard interface with compensating control
Escalation decisionHigher governance bodyResolve conflicting definitions across business units

Policy, Standard, Procedure, and Guideline

Document typeAuthority levelExampleExam trap
PolicyMandatory, high-level“Customer personal data must be classified and protected.”Do not confuse with step-by-step instructions.
StandardMandatory, specific“Customer ID must be numeric and unique across source systems.”More precise than policy.
ProcedureMandatory process steps“To request access, submit request, obtain owner approval, log ticket.”Operationalizes policy/standard.
GuidelineRecommended practice“Use plain-language business definitions where possible.”Usually advisory unless adopted as required.
PrincipleStable design belief“Data is an enterprise asset.”Guides decisions but may need policies to enforce.

Governance Domains and What to Control

AreaGovernance focusTypical controls
Data architectureAlignment of data structures with business needsArchitecture review, modeling standards, authoritative source rules
Data modeling and designConsistent representation of business conceptsNaming conventions, model review, definition approval
Data storage and operationsReliable, secure, recoverable data platformsBackup, recovery, access, retention, operational controls
Data securityAuthorized and appropriate accessClassification, role-based access, least privilege, monitoring
Data integrationControlled data movement and transformationInterface standards, lineage, reconciliation, transformation rules
Document and content managementGovernance of unstructured/semi-structured dataRetention, classification, versioning, legal hold support
Reference and master dataShared, consistent core entities and code setsGolden record rules, survivorship, stewardship workflows
Data warehousing and BITrusted reporting and analyticsCertified metrics, semantic standards, report lineage
MetadataMeaning, context, lineage, and usage knowledgeGlossary, catalog, required metadata fields, ownership
Data qualityFitness for purposeQuality rules, profiling, scorecards, remediation workflow
Data ethicsAppropriate and responsible useUsage review, fairness considerations, transparency, accountability

Critical Data Elements

Critical data elements are data elements important enough to require explicit governance because they affect business decisions, risk, operations, reporting, compliance, or customer outcomes.

Selection criterionExample question
Regulatory or audit impactIs this element used in required reporting or evidence?
Financial impactDoes an error affect revenue, cost, reserves, or valuation?
Customer or stakeholder impactCould poor data harm customers or service delivery?
Operational dependencyDo key processes fail if this data is wrong or late?
Cross-system reuseIs this element shared across many systems or reports?
Executive reportingDoes leadership use this value for decisions?
Privacy/security sensitivityDoes it identify, classify, or expose a person, account, or asset?

Data Stewardship Reference

Stewardship typeFocusTypical responsibilities
Business data stewardMeaning and business useDefinitions, quality expectations, issue triage, business rules
Technical data stewardTechnical metadata and implementation supportSource mappings, lineage, data structures, transformation details
Domain stewardA subject area such as customer or productCross-application consistency and domain issue resolution
Project stewardGovernance compliance in a projectEnsures new/change work follows standards
Operational stewardDay-to-day data process supportMonitors queues, validates corrections, supports remediation
Enterprise stewardCross-domain alignmentHarmonizes definitions and escalates conflicts

Data Quality Dimensions

DimensionMeaningExample control
AccuracyCorrectly represents real-world valueValidate address against trusted source
CompletenessRequired values are presentRequired fields populated for critical records
ConsistencySame value agrees across systems or contextsCustomer status matches master data
TimelinessAvailable and current when neededDaily feed received before reporting cutoff
ValidityConforms to format, domain, or ruleDate is valid; code exists in reference table
UniquenessNo inappropriate duplicationOne active customer master record per entity
IntegrityRelationships are valid and preservedOrder references existing customer
ReasonablenessValue is plausible in contextBirth date is not in the future
ConformityFollows required representationCountry code uses approved standard

Data Quality Governance Workflow

    flowchart TD
	    A[Profile or monitor data] --> B{Issue detected?}
	    B -- No --> C[Continue monitoring]
	    B -- Yes --> D[Log issue and assign steward]
	    D --> E[Assess severity and business impact]
	    E --> F[Identify root cause]
	    F --> G{Root cause type}
	    G --> H[Source process correction]
	    G --> I[System or integration fix]
	    G --> J[Definition or rule clarification]
	    H --> K[Implement remediation]
	    I --> K
	    J --> K
	    K --> L[Validate fix]
	    L --> M[Update metadata, rules, controls]
	    M --> N[Report metric and close]

Data Quality Issue Triage

If the issue is…Likely response
Isolated bad recordCorrect record, log cause if material
Recurring defectRoot-cause analysis and process/system remediation
Conflicting definitionsEscalate to owner/council for semantic decision
Missing ownershipAssign owner/steward before defining remediation
Unclear business ruleDocument and approve rule before implementing validation
Technical mapping errorFix transformation, update lineage and mapping metadata
Source process errorChange process, training, input controls, or upstream validation
Access-related correction delayReview permissions and workflow accountability

Metadata and Glossary Governance

AssetGovernance purposeKey exam clues
Business glossaryShared business languageTerms, definitions, owners, synonyms, policies
Technical metadataPhysical implementation detailsTables, columns, data types, jobs, schemas
Operational metadataProcessing and runtime informationLoad times, job status, volumes, errors
Lineage metadataMovement and transformation visibilitySource-to-target path, transformations, downstream usage
Usage metadataHow data is consumedReports, queries, users, frequency
Classification metadataRisk and handling requirementsSensitivity level, privacy category, retention class
Quality metadataTrust indicatorsQuality rules, scores, exceptions, thresholds

Master and Reference Data Governance

ConceptGovernance focusCommon decision points
Master dataCore business entities shared across processesCustomer, product, supplier, employee, location
Reference dataPermitted values or code setsCountry codes, status codes, product categories
Golden recordBest representation of an entitySurvivorship rules, matching, stewardship approval
System of recordAuthoritative system for a data element or processOwnership, integration, lineage
System of referenceTrusted source for lookup or reporting usePublication and synchronization rules
Match/mergeIdentifies duplicates and combines recordsThresholds, false positives, manual review
SurvivorshipSelects winning values from sourcesSource priority, recency, completeness
Hierarchy governanceManages parent-child relationshipsApproval, versioning, effective dating

Data Classification and Handling

Classification concernGovernance action
SensitivityDefine classification levels and required handling
PrivacyIdentify personal, confidential, or restricted attributes
AccessRequire owner approval and role-appropriate permissions
RetentionDefine how long data is kept and when disposed
UsageSpecify approved and prohibited uses
SharingControl internal/external transfer conditions
Masking or de-identificationApply when lower-risk use is needed
AuditabilityRetain evidence of approvals and access changes
Third-party useDefine contractual and control expectations

Risk, Compliance, and Control Reference

Governance riskPreventive controlDetective controlCorrective control
Unauthorized accessClassification, approval workflow, least privilegeAccess review, audit logsRevoke access, remediate exposure
Inconsistent reportingCertified metrics, glossary, semantic layer standardsReconciliation, report inventory reviewRetire duplicate reports, align definitions
Poor data qualityInput validation, stewardship, source controlsProfiling, scorecards, exception reportsRoot-cause remediation, data correction
Uncontrolled data changeChange management, model reviewLineage impact analysis, change auditRollback, update mappings, communicate changes
Unknown data ownershipOwnership matrix, domain modelOwnership gap assessmentAssign owner/steward and document accountability
Excessive retentionRetention schedule, lifecycle controlsStorage review, aging reportsDispose/archive according to policy
Unapproved data sharingSharing standards, contract reviewData transfer monitoringStop transfer, remediate, update controls
Metadata decayRequired metadata workflowCatalog completeness metricsSteward review and metadata refresh

Governance Metrics

Metric categoryExample measuresWhat it indicates
AdoptionNumber of governed domains, assigned owners, trained stewardsProgram rollout and coverage
Policy compliancePercentage of datasets with classification, access review completionControl effectiveness
Metadata completenessRequired catalog fields populated, glossary approval statusDiscoverability and accountability
Data qualityDefect rate, rule pass rate, issue aging, recurrence rateFitness for purpose and remediation success
Issue managementOpen issues, severity, time to resolution, escalation countOperational governance performance
ValueReduced rework, improved reporting cycle time, fewer reconciliationsBusiness benefit
Risk reductionFewer unauthorized access exceptions, improved audit findingsControl and compliance impact
Stewardship effectivenessSteward participation, decisions completed, backlog trendOperating model health

Maturity Model Thinking

Maturity levelCharacteristicsGovernance priority
Ad hocInformal ownership, inconsistent definitions, reactive fixesEstablish sponsorship, scope, basic ownership
RepeatableSome policies and stewards, inconsistent executionStandardize processes and decision rights
DefinedDocumented framework, domains, policies, workflowsExpand coverage and integrate with projects
ManagedMetrics, controls, monitoring, formal escalationImprove effectiveness and automate evidence
OptimizedContinuous improvement, embedded governance, measurable valueOptimize value, reduce friction, adapt to change

Do not assume maturity is only about tools. Higher maturity means governance is embedded in decisions, processes, controls, and culture.

Implementation Roadmap Pattern

StepPractical focusAvoid this trap
1. Confirm business driversTie governance to risk, value, quality, or strategyStarting with a tool selection
2. Secure sponsorshipObtain authority for decisions and conflict resolutionTreating governance as a data team-only activity
3. Define scopeChoose domains, data elements, and use casesTrying to govern all data equally on day one
4. Assign rolesName owners, stewards, councils, custodiansAssigning responsibility without authority
5. Establish policiesCreate clear, enforceable expectationsWriting policies that no process can execute
6. Build artifactsGlossary, catalog, quality rules, issue logCreating documentation with no owner
7. Embed in processesProjects, access, change, quality, reportingRunning governance as a separate meeting-only function
8. Measure and improveUse metrics and feedback loopsMeasuring activity only, not outcomes

Decision Matrix: What Governance Mechanism Fits?

SituationBest mechanism
Business units disagree on a termData owner/steward analysis, council decision, glossary update
A dataset has unknown sensitivityClassification standard and owner review
Report numbers do not matchCertified metric definition, lineage, reconciliation, quality rules
New project creates a shared data fieldArchitecture/model review, definition approval, metadata capture
Analysts cannot find trusted dataData catalog, glossary, certified sources, ownership metadata
Access requests are inconsistentAccess policy, owner approval workflow, periodic access review
Duplicate customer records occurMaster data governance, match/merge rules, stewardship queue
Code values differ across systemsReference data governance and synchronization process
Data quality fixes do not lastRoot-cause remediation and source process controls
Data governance has low engagementLink scope to business pain, clarify authority, show metrics

Governance in Change Delivery

Delivery activityGovernance requirement
Business requirementsIdentify data owners, critical data, definitions, quality needs
Solution designApply architecture, integration, metadata, and security standards
Data modelingReview naming, definitions, relationships, and authoritative sources
Data migrationDefine mapping, profiling, cleansing, reconciliation, and signoff
IntegrationDocument lineage, transformation rules, controls, and monitoring
TestingInclude data quality, access, privacy, and reconciliation tests
DeploymentEnsure catalog/glossary updates and operational ownership
Post-implementationMonitor quality, issues, adoption, and control effectiveness

Common Governance Anti-Patterns

Anti-patternWhy it failsBetter approach
“Buy a catalog and call it governance”Tools do not create authority or accountabilityDefine operating model, roles, policies, and workflows first
Govern everything equallyResources are dilutedPrioritize critical data and high-value domains
IT-only ownershipBusiness meaning and accountability are missingAssign business owners and stewards
Committee with no decision rightsMeetings produce discussion, not controlDocument authority, escalation, and decision scope
Policy without enforcementBehavior does not changeAttach controls, procedures, metrics, and consequences
Stewardship as a side job onlyWork is under-resourcedDefine expectations, time allocation, and management support
Metrics only on activityBusy work may not create valueInclude quality, risk, cycle time, adoption, and business impact
Ignoring cultureUsers bypass controlsCommunicate value and embed governance into normal work

High-Yield Scenario Cues

Scenario wordingLikely exam direction
“Who is accountable for the meaning of the data?”Data owner, supported by steward
“Who maintains definitions and coordinates issue resolution?”Data steward
“Who implements database access controls?”Custodian / technical team, under policy and approval rules
“Conflicting definitions across business units”Governance council or cross-domain decision process
“Need trusted reporting metrics”Glossary, certified definitions, lineage, quality controls
“Repeated downstream defects”Root-cause analysis at source process, not only downstream cleansing
“No one knows where data comes from”Metadata and lineage management
“Sensitive data used for analytics”Classification, access control, privacy review, approved use
“Duplicate master records”Master data governance and stewardship workflow
“Governance program lacks authority”Executive sponsorship and charter

Data Governance Principles

PrinciplePractical implication
Data is an enterprise assetManage data for shared value, not only local application needs
Accountability must be explicitAssign named owners/stewards and decision rights
Governance should be risk- and value-basedFocus strongest controls on critical, shared, sensitive, or high-impact data
Business and IT share responsibilitiesBusiness owns meaning and value; IT enables technical management and controls
Definitions should be standardized where sharedAvoid conflicting metrics and semantic ambiguity
Quality must be measured against useFitness for purpose depends on business context
Metadata is a governance enablerYou cannot govern what you cannot find, define, or trace
Governance must be embeddedControls should fit projects, operations, analytics, and access processes
Exceptions must be managedTemporary deviations need approval, rationale, risk acceptance, and review
Continuous improvement mattersGovernance matures through feedback, metrics, and adaptation

Quick Review Checklist

Before exam practice, make sure you can answer:

  • Who makes data decisions, who executes them, and who is accountable for outcomes?
  • How do policy, standard, procedure, control, and metric differ?
  • When should a governance council be used instead of a steward or owner?
  • How do data quality, metadata, master data, security, and architecture connect to governance?
  • What artifacts prove that governance is operating, not just documented?
  • How should governance prioritize domains, data elements, and issues?
  • What does a federated model solve, and what ambiguity can it create?
  • Why is root-cause remediation better than repeated downstream correction?
  • How do classification, access approval, retention, and usage rules reduce risk?
  • Which metrics show adoption, effectiveness, value, and control performance?

Final Exam-Prep Next Step

Use this Quick Reference to build scenario drills: for each practice question, identify the data asset, decision right, accountable role, governing artifact, control, and escalation path before selecting an answer. Then continue with targeted CDMP Governance practice questions focused on roles, operating models, stewardship, data quality, metadata, policy, and risk scenarios.

Scenario Guide
Data Governance Foundations and Principles
Browse Certification Practice Tests by Exam Family