This is a very broad request, and I am sure there will be numerous more knowledgeable DBA’s than I commenting on this, but some of the area’s that I would concentrate on would be:
· Buy in from Top level management and directors before you start. CxO’s need to understand what the policy is about and must support it in all ways – if you don’t have this then you may as well not start down this road.
· Ownership of data is critical. Organisation Data is owned by the organisation and not by individual departments or managers. All employees must understand that management of this data is critical to the success of the business
· Data must be secure! This is an essay all of its own, some subtopics could be:
o Physical security and access (Server room is locked, fireproof, etc)
o Direct access to servers is limited (VNC is not allowed, only DBA/NA has access, etc)
o Service security is well defined (what do the various DB services run under)
o Internal SQL Security types (mixed vs. Integrated)
o Utilisation of SQL Policies (2005/2008)
o Application security
o Replication (Services / Subscription access/ etc.)
· Data should be accessible except where security defines
· All tables should be documented / modelled.
· Change management must be implemented and audited
· Define standards
o Table structure
o Metadata
o Relationships
· The policy should also consist of sub policies
o Backup and recovery (critical)
o Disaster recovery (Critical)
o Data management policy (remember GIGO)
How is that to start with???
Kind Regards
James!