A business glossary is essentially a list of terms used by a business, including their definitions, and any other relevant information. The purpose of a business glossary is to create a standardized, unambiguous vocabulary used by all members of an organization.
To illustrate why this is important, consider the term “customer”. This could refer to either an individual or an organization, which might result in miscommunications, skew business logic and distort analytics.
Business glossaries are also a key component of data governance.
Benefits of a Business Glossary
The main benefits of developing a business glossary are as follows;
- It will help organizations make sense of the data they store, thus enabling them to implement effective safeguards.
- It will help to provide visibility into the data held by an organization, thus making it easier to locate data in a fast and efficient manner.
- It will help organizations meet compliance regulations. For example, different data privacy regulations will have subtly different definitions for personal data, and these definitions need to be documented to avoid confusion.
- It will help to provide context around the data, thus enabling organizations to make better business decisions.
- It will ensure that the language used by employees, executives, stakeholders, and customers is consistent.
- It will simplify the process of training new employees.
The Main Components of a Business Glossary
A typical glossary will have two fields: Term and Definition. However, you will likely want to include more fields such as; Abbreviation, Data type, Department (e.g. General, Sales & Marketing, IT, Accounting, and so on).
Each department will have its own unique set of terms that are not relevant to other departments. As such, you should provide the option for users to filter the terms based on their relevancy. Glossaries are usually listed in alphabetical order.
In addition to the fields mentioned above, most business glossaries will also contain some or all of the following components;
Data Classifications
This includes a schema used for classifying data, and typically includes categories such as public, private, confidential, and restricted. The data classification schema should serve as the primary structure for the glossary, as this will make it easier for companies to keep track of where their most sensitive data resides.
Reference Data
In addition to the classification schema, reference data is used to define the characteristics of an identifier. Reference data can include complex hierarchies, mappings, and more. Examples of reference data include; postal codes, transaction codes, language codes, country codes, payment methods, and so on.
Data Lineage
This includes a map that delineates what data is retained, where it is located, who has access to it, and how it is used and shared.
Data Governance Policies
These are policies designed to ensure that all critical assets defined in the business glossary have the necessary safeguards in place to prevent unauthorized access and to ensure that organizations are able to satisfy the relevant regulatory compliance requirements.
Technical Metadata
This enables data analysts to analyze company data in the appropriate context.
Tips for Developing a Business Glossary
- Establish and document the protocols for creating, updating, deleting, publishing, and approving business glossary terms. Organizations should delegate specific employees to carry out these tasks to ensure traceability and accountability. Organizations must periodically review the business glossary to ensure that the glossary is up-to-date and the terms are still relevant.
- Ensure that definitions don’t contain any of the same terms used in the title.
- Avoid using any acronyms or abbreviations in the term definitions, as this may introduce ambiguities. Also, try to avoid using too many synonyms.
- Monitor access to the glossary to see how often users are accessing it, and which terms they are looking for. This will help organizations improve the quality of the glossary. For example, if employees frequently search for a specific term, it’s likely that the term definition is ambiguous, and thus needs to be simplified and/or expanded.
- Use a dedicated data classification solution that will either scan your repositories for sensitive data and classify it as it is found, and/or classify data at the point of creation/modification.
- Map all sensitive data to an owner, including information about who created the data, who is authorized to access and edit the data, and why.
- Ensure that all users are aware of the business glossary and know where to find it. If the glossary is not immediately accessible, then it’s unlikely that anyone will bother to reference it. If the glossary consists of complex hierarchies and mappings, you will need to provide training to ensure that users can easily navigate the glossary.
If you’d like to see how the Lepide Data Security Platform can help you locate, classify and secure regulated data, schedule a demo with one of our engineers today.