Data governance in higher education institutions: a study of the concept and a presentation of the Experiences

RESEARCH ARTICLE Data governance in higher education institutions: a study of the concept and a presentation of the Experiences ' Benaida Faouzia Doctor University Oran 1 - Ahmed Ben Bella Algeria Email: < Doi Serial                  Keywords Data, governance, data governance, higher education institutions, data governance maturity models. \ Abstract

The term governance has recently gained significant attention among institutions at the international level, including higher education institutions. The latter seek to apply the concept of governance to achieve better performance, effectiveness, and efficiency. They also aim to enhance education through a shift towards the use of information technology, given that these institutions are the largest beneficiaries of funding and support provided by the state. The higher education sector also needs to protect the educational system from administrative corruption in general, and data control in particular, especially in light of the COVID-19 pandemic, based on the critical role of data. Data governance is essential in the digital transformation processes of all institutions, including Algerian universities. Given the massive growth in the amount of data that universities produce, collect, and store today, the concept of data governance has grown in recent years, as universities have recognized the need to enact laws to govern this vast amount of data and information, in addition to fears of security and privacy risks and violations. This is achieved by complying with laws and adopting strategies and mechanisms to implement data governance. Among these mechanisms, we find e-governance as a system supporting the implementation of data governance. The important question remains: Is personal data used in decision-making? Given the changes and transformations brought about by the digital environment as a result of growing awareness of the emergence of modern technologies, it has become difficult for institutions to control data. Universities are not isolated from this ongoing change, which hinges on adopting modern methods of management and rational administration based on the principles of transparency, accountability, disclosure, and other governance principles that contribute to participation and independence. This requires the integration and concerted efforts of all stakeholders in the university environment, including administrators, faculty, students, and other stakeholders, to control their data.

• •    In recent years, the information age has witnessed a significant increase in the volume of data used by many institutions, regardless of the sector in which they operate. Our digital world is characterized by strong interconnectedness, which increases the volume of data, with many viewing data as the new oil.

• •    Although it is difficult to determine the exact amount of data circulating in the digital space, an example can be given, as an example, but not limited to: we capture and store 1 trillion digital images annually. This is regardless of the personal data we enter into various websites, including those affiliated with the higher education sector, such as universities and others.

Data control has become an urgent necessity, especially with the growing issue of information protection and security, which has become more prevalent than ever before. This requires institutions, including those affiliated with the higher education sector, to resort to data governance and take it seriously as an integral part of their strategies. Furthermore, the world has recently witnessed a radical shift from in-person learning to the adoption of digital technology in the higher education sector. Here, we must ask: To what extent do universities control data, and what are the mechanisms and strategies adopted to implement this governance? The study aims to demonstrate the extent to which data governance mechanisms and strategies are applied in higher education institutions. We also seek to achieve the following objectives:

• 1.    Highlight the importance of data in the higher education sector, as well as the strategies and mechanisms adopted for its governance.

• 2.    Identify the extent to which data governance is applied in higher education institutions and its adoption as part of the general information system policy.

• 1- The Nature of Data

We review the nature of data, the concept and emergence of data governance, and its most important functions and principles.

• 1--1 The Concept of Data Governance

  Before addressing the concept of data governance, it is necessary to clarify the terms data and governance as follows:It is all the facts, numbers, letters and symbols that refer to or describe a general topic, a specific idea, a situation, a condition, or any other factor (Miftah Muhammad, Diab, 2014, p. 43). It also means the facts that can be completed, arranged and processed to reach the information or answers necessary to make certain decisions (Yasser Youssef, Abdel Moaty; Tresa, Lasher, 2016, p. 114). Therefore, data is an input that is processed, organized and stored by a computer; therefore, we can say that data is a part of information (Amer Ibrahim, Qandilji, 2016, p. 225).

As a procedural concept, data is defined as those facts, concepts, symbols, letters, texts, and other types that have not been interpreted or processed, have no connotations or meanings used to explain something, and are not usable except after being processed.

2-1-1 Governance

Governance is defined from a management perspective as a set of mechanisms that influence the decision-making process by managers, when there is a separation between ownership and management (Kafia, Shenafi, 2015, p. 338). The World Bank defines "governance" as the way in which power is exercised in managing a country's economic and social resources for development (Philipp, Schmitter; Nicolas, Guilhot; Inco, Brouwer, 1997, p. 2).

As a procedural concept, and referring back to previous concepts, we define governance as good governance by which matters are directed, guided and controlled, by establishing rules, principles and controls that govern behaviour; this is done by referring to references or experiences seeking justice, transparency, accountability, disclosure, participation and oversight in society, to avoid the deviation of power and administrative corruption in institutions of all sectors, through which administrative, political and economic authority is exercised for the public good; with the aim of moving towards achieving long-term strategic goals by applying and implementing mechanisms and means that control these institutions and guarantee equality and participation in decision-making for its members.

• -1-1 3- Data Governance (DG):Data Governance

  • •    Data Governance (DG) encompasses the people, processes, and information technology required to create consistency and manage an organization's data properly (Jayant, Dani; Sameer, Rane, 2016, p. 79). In short, DG defines the policies and procedures that must be ensured for proactive and effective data management (Zimasa, Ndamase, 2014, p. 14).

Data governance is defined procedurally as: all policies, standards, and procedures that enable data management, ease of use, and ensuring its integrity, security, and quality, and identifying its resources, based on a clear strategic plan that governs institutions.

• - 2-1 The emergence of the term data governance

The term data governance has emerged over the past two decades and has been widely used in the 21st century, but its meaning remains vague. Current debates in political science about risk have guided our understanding of the term, for example: governance is framed as “multiple actors and processes that lead to binding collective decisions.”

Governance broadly refers to the network of actors involved, with different roles, in the process of managing a system. The term emphasizes the discontinuity of so-called "command and control" by the state, and recognizes that a wide range of actors and institutions are also involved in managing societies (the private sector, civil society, and other nongovernmental entities). Governance is thus the outcome of a process that occurs not only through rule-making and enforcement, but also evolves from (social) interactions, cooperation, and negotiations among stakeholders.

Interest at the horizontal level       (Marina,micheli; Marisa, pont; Max, craglia…et al, 2020, p. 2).

Data governance is an emerging topic in information systems (Information Systems (IS) has emerged in recent years due to the significant increase in the volume of data used within organizations, playing a crucial role in business processes.        (Ibrahim, al-Hassan; David, Sammon; Mary, Daly, 2016, p. 64).

1--3 Data Governance Functions

Strategic planning provides institutions and actors with decision-making and institutional arrangements through performing several functions that will be explained in the following table:

Table No. (1): Illustrates the institutions and actors involved in performing data governance functions.

Groups and Data Governance Functions	Guidance institutions and actors
Strategic planning: •    Develop strategies and policies including: Aligns with the social contract for data. •    Establishing    institutional arrangements.	Data management arrangement: •    Centralized approach: Data governance agency/unit integrated into An existing institution such as (NSO, Ministry of Digital Economy •    Decentralized approach: Data governance units and responsibilities Embedded across government. • Civil society organizations. • Universities, research institutions.
Making and enforcing rules: •    Legislation/regulation.    • Standard setting. •    Providing clarifications and guidance.	National Legislature and Sectoral Regulators: •    Telecommunications Regulator. • Securities and Banking Market Regulator. •    Industry associations. • Civil society organizations. • Institutional review boards, international institutions.SS Os for sectors. •    International organizations (World Bank, International Monetary Fund, United Nations, World Trade Organization).
compliance: •   Enforce.    •   Audit.   • Arbitration. • Process.	Monitoring and Judgment: • Data Protection Authority. • Access to Information Agency. • Antitrust Authority. • Consumer Protection Agency. • Review Authority. • Courts. • Ombudsman.
Learning and Evidence: •    Engage in review, monitoring and evaluation. •    Engage in forward-looking	Knowledge society: • Monitoring and evaluation unit within the entity or independent monitoring and evaluation body. • Civil society organizations, non-governmental organizations, and multilateral development institutions. International

learning and risk management.

development banks. • Academic institutions. • Think tanks, policy institutes, and research institutions. • Media. • Training bodies. • Professional associations.

Source: Uruguay's Institutions for data governance: Building trust through collective action. World Development Report, Uruguay's: Uruguay government, 2021. P. 272,

[on line]:, Consulted (19,02,2022).

• - 4-1 Data Governance Principles

A set of high-level principles is needed to visually define all forms of data for the purpose of governance and ensuring confidence in the management and use of data as a whole.Promoting human flourishing is the overarching principle guiding the development of data governance systems. Other principles have been followed to provide practical support for this overarching principle, through various approaches to data governance and its use, as follows:

• -    Protection of individual and collective rights and interests.

• -    Search for good practices and learn from success and failure,

  -Strengthening existing democratic governance(British Academy and the Royal Society, 2017, p. 3),

• -    Integrity: Open discussion of the needs, constraints, impact, and fairness of all stakeholders,

• -    Transparency: Clarity for participants about decisions, policies and processes,

• -    An auditable, documented, procedural, and comprehensive data governance program: avoiding gaps (no one person is responsible), and ensuring that overlap is collective (a large number of leaders). This is achieved through the roles provided by this program, as follows:

• a)    Stewardship: specific accountability and responsibility to shareholders,

• b)    Balance: between IT and business functions and between data creators and custodians, managers and users,

• c)    Measurement across the enterprise: proactive and reactive change management and systematic use of data and metadata (Acredit union service organization).

• - 2 Mechanisms and strategies for applying and implementing data governance in higher education institutions

In this section, we review the concept of data governance in higher education institutions, its most important mechanisms, strategies, legal framework, and objectives.

• - 1-2 The concept of data governance in higher education institutions

Before addressing the concept of governance in higher education institutions, the following concepts must be defined:

• - 1-1-2 Higher education

  • • Higher education is defined as “any type of training provided at the post-secondary level by higher education institutions and which may provide high-level technical training by state-accredited institutions.” This concept highlights that higher education is not limited to universities only, but extends to state-accredited institutions.(Ibrahim, Ashouri, 2017, p. 95).

  • -2-1-2 Higher education institutions

    • •    It is known in the Higher Education Regulations (501) In Article Two, of 2010, it is defined as “universities, academies, technical colleges, higher institutes, and research centers” (Omar Muhammad, Abu Shaala; Abdul Qader Muhammad, Abu Jalala, 2019, p. 30).

2-1--3 Governance in Higher Education Institutions

There is no single agreed-upon definition of the concept of governance in higher education institutions, due to the recent application of it in university institutions, whileHere are some of them:

• •    Governance in the context of higher education is defined as “the process of distributing authority, power, and influence over academic decisions among campus constituencies” (elouazizi, 2014, p. 213).       Noureddine,).

• •    Many studies and experiments around the world have proven that governance in higher education institutions is a necessary step towards developing the quality of higher education and one of the basic elements that lead to improving educational outcomes.(Sarah, Barakat; Iman, Rahal, 2018, p. 346).

• •    Governance in higher education institutions addresses multiple dimensions of the institution: how its parts cohere, how it exercises authority, how it communicates it to internal members (students and faculty members), how it makes decisions, how it delegates responsibility, and the extent to which it does so (Yasser, Abdul Rahman, 2018, p. 192).

• - 4-1-2 Data Governance in Higher Education Institutions

  The concept of data governance is becoming increasingly prevalent in many sectors, including higher education. Data governance initiatives are relatively new and have gained momentum over the past decade. As they find themselves dealing with larger and increasingly complex data sets, as well as greater data security and privacy concerns, data governance is emerging as an increasingly pressing topic. Data governance has been defined bySeiner" in 2004 as the formal implementation and enforcement of authority over the management of data and data-related assets ( Plaid consulting, 2021, p. 8).

Data governance in an organization is unique, as each organization has a form of data management tailored to its needs. By creating a data governance program based on data quality needs to achieve organizational goals, some research has shown that data quality management is the foundation for developing data governance. To determine the effectiveness of well-implemented data governance in an organization, a maturity measurement mechanism is needed. To determine whether measurements are being made in line with the organization's goals, this requires a clear foundation for defining measurement dimensions. (Hanung,Nindito Prasetyo, 2016, p. 1). An example of this is the data governance maturity level used as a benchmark.IBM, which we will discuss later, and there are other models that we will also discuss.

Furthermore, the concept of data governance refers to the comprehensive management of data availability, usability, integrity, quality, and data security.

• - 2-2 Data governance mechanisms and strategies

Higher education institutions rely on mechanisms and strategies to implement data governance as maturity models to measure and improve their performance.

• - 1-2-2 Data governance mechanisms

  Through Joan's report2020, by Steven Coutts, Research Analyst, Open North Applied Research Lab, Toronto, Canada, on Data Governance and Digital Infrastructure: Analysis and Considerations for the City of Toronto, identified a variety of approaches and mechanisms for data governance in the public sector, including higher education. This report is informed by Open North's approach to data and technology, as a leading Canadian nonprofit organization, to enable transparent and accountable societies. These mechanisms are highlighted below:

Firstly-Structural mechanisms: Structural mechanisms exist to ensure a chain of accountability within a data governance program. They define reporting structures and governance bodies, define roles and responsibilities, and allocate decision-making authority. Governance bodies include boards that provide strategic direction for data governance programs and align them with organizational goals. Data governance offices also include data governance offices, where various functions are performed by traditional IT staff, as well as emerging new positions such as data stewards to support data governance implementation.

The various data governance committees can also play a role in providing guidance and oversight of compliance with policies and standards, separating the roles of strategic decision-making for the broader data governance program and monitoring compliance, for example, with regard to the use of personal data for important purposes. This report notes a range of organizational structures and different divisions of responsibilities at work: Leadership mechanisms Structural compliance mechanisms(Steven, Coutts, 2020, p. 47).

Second: Procedural mechanisms : Provides assurance that problems and challenges that arise can be mitigated and addressed. Several types of these mechanisms are noted throughout the case studies in this report, including risks, assessment tools, processes, and data access controls. The data lifecycle is one way to operationalize procedural mechanisms and has already been observed in open data implementation in Canada. The data lifecycle is a management framework that defines the stages and transitions of a dataset. Procedural mechanisms that govern data include planning, data acquisition, data security and access controls, data storage, data sharing, and data dissemination. (Steven, Coutts, 2020, p. 53).

Third: Relational mechanisms : These are strategies or practices that facilitate collaboration among stakeholders. They include communication and training, as well as collaboration. They are approaches that enhance formal and informal coordination mechanisms for decision-making. Various relational mechanisms, including communication, education, and stakeholder engagement, have been observed as some of the most important elements in establishing a data governance framework in cases such as the Regional Data Fund in Silicon Valley, the Matrix of Things in Chicago, andAutomated Decision Systems in New York City (Steven, Coutts, 2020, p. 58).

• - 2-2-2Data Governance Strategies

There are numerous studies and research that have discussed the importance of implementing data governance in various sectors, including higher education, as a strategic choice. We will review some studies that evaluate data governance maturity models for five countries that have adopted strategies to implement data governance in the public sector, as follows:

First: A case study of South Korea

In 2018, Hee Young proposedHeeYeong and JuneSuh developed a big data governance framework to analyze the status of the National Pension Service (NPS) in South Korea. The NPS is the fourth largest pension system in the world, and the Korean government is expected to explore the data of the National Pension Service with its open government policy called "Government 3.0." The vision of the NPS is to provide a successful life for the national pension service, operating under two divisions: the Information Security Division and the Personal Information Protection Division to prevent cyber attacks.

The researchers realized that to develop an effective data governance system, it must be linked to IT governance, corporate governance, and IT architecture. Therefore, they proposed a big data governance framework to establish a new data-driven analysis in conjunction with the organization's objectives. The framework utilizes several strategies to achieve these objectives, such as defining data responsibility, protecting personal data, and maintaining data quality. Data processing is controlled by an independent audit body within the IT department, and monitoring, procedures, and guidelines must be maintained during system audits within this framework. The primary goal of the big data governance framework, as explained by the researchers, is to prevent failures in organizational policies through the successful implementation of big data projects.

Second: A case study from China

Another big data governance framework was proposed in 2019 by Kuan Li.Quan Li et al. studied the Regional Health Information Networks (RHINs) in China. The researchers focused on the process of using big data in RHINs to solve the major problems of data utilization and improve the quality of healthcare services.

The proposed framework contains three domains and 12 elements. The domains are: the domain driver, which determines whether the framework can be run; the domain support, which determines its speed of operation; and the domain capability, which determines the extent to which it can be run. The researchers presented the framework based on Chinese practices, which provide interesting references for RHINs discussed the governance needs of each domain within its leadership framework, and recommended that governance should encompass four areas: strategic planning, open transaction governance, industry support and governance, and governance of laws and regulations.

The aforementioned studies were about data governance in various sectors, while the following studies will focus on data governance in higher education institutions in particular, as follows:

Third: A case study of the office at Stanford University

In 2019, he conducted a study titled “Duita MahriadiDwitamaHeryadi et al. assessed the maturity level of the IT office within the State Audit Bureau, which has several roles closely related to data, such as database administrator, database controller, database user, etc. The researchers stated that the audit can enable the board to reach the level of data governance maturity in DAMA by adjusting and reorganizing their strategy based on the assessment. Their study used the Stanford Maturity Model, which has two main components: the first is the foundation components that measure data governance (Hmood, Al-Dossari; Aisha, Ali Sumaili, 2021, p. 21) and program resource development across three themes: awareness, formalization, and metadata. The second component is the project components that focus on measuring the effectiveness of data governance concepts across three themes: data quality, stewardship, and master data.

Their results showed that department leaders scored higher in most of the dimensions except for two: oversight and master data components. They also found that management remains weak, and this sector requires significant improvements to its maturity level. Some of the improvements they suggested were defining the coordination and operational aspects of oversight, increasing control over oversight processes, and reforming data governance; individuals' perspectives on the oversight role. Finally, they concluded that the IT audit office scored 2.63 according to the Stanford Data Governance Maturity Model.(Hmood, al-Dossari; Aisha, Ali Sumaili, 2021, p. 22). Based on the above, and referring to the experiences and studies on data governance maturity models, the Stanford University Data Governance Maturity Model (DG Maturity Model) is chosen as a suitable model and strategy for many organizations, including higher education institutions. Therefore, organizations can understand their strengths and weaknesses, as well as the opportunities that exist using the DMBOK®. The Stanford University Data Governance maturity level measurement tool is the Capability Maturity Model (CMM), which has five levels ranging from Initial, Managed, Defined, Quantified; Managed and Improved, as shown in Figure (1).

In many previous researches, many refer to the International Data Management Association.DAMA as a basic framework of the Data Governance Body of Knowledge (DMBOK), such as (Prasetyo, 2016) in his book (Sari, agustin wulandari ; Yova, ruldeviyani; Viktor, suwiyanto, 2020, p. 30…et al) that the International DAMA Association is a reference for solving data governance problems (Sari,(Agustin Wulandari; Yova, ruldeviyani; Viktor, suwiyanto, 2020, p. 31…and others). We explain the levels of data governance maturity as follows:

Figure No. (1): Illustrates the characteristics of maturity levels.

The figure above shows the maturity levels and their characteristics. At the initial level, processes are unorganized and unstructured, even chaotic. Success is likely to depend on individual efforts and is not considered repeatable, as the processes will not be sufficiently defined and documented to allow for replication. At the second, repeatable, level, basic project management techniques are established, and successes can be replicated, as the required processes have been established, defined, and documented.

At the specific level: The organization has developed its standard software process by increasing its focus on documentation, standardization, and integration. At the managed level: The organization monitors and controls its own processes by collecting and analyzing data. Finally, the improvement level: Processes are continuously improved by monitoring feedback from current processes and introducing innovative processes to better serve the organization's specific needs. Tech target contributor).

Fourth: A case study of the United States of America

The status of data governance implementation across top-tier universities in the United States for the yearIn 2018, Carey and Hsa investigated the state of data governance and its relationship with IT governance across 30 top-tier university websites. Their study was based on rankings from the Carnegie Classification of Institutions of Higher Education, a recognized ranking system for higher education in the United States. The researchers followed a specific methodology by selecting 30 top-tier research universities based on their business structure and geographic location. Their websites were then examined, identifying information related to the university's data governance practices and using it as an indicator of their awareness of data governance. A data governance checklist was developed containing seven key criteria appropriate for the higher education context: data quality, data access, data governance body, data stewardship, data security, metadata documentation, and business process integration.

The results showed that most universities have data access procedures in place at their institutions, three-quarters of universities have established a data governance committee or council to promote data governance practices at their institution, and more than half of universities have implemented data governance principles in their data quality and data stewardship. They concluded that most higher education institutions in the United States have an awareness of data governance and have made progress in formulating procedures and policies for their institutions.

Fifth: Indonesia case study

Alivia Yelveteri suggestedAlivia Yulfitri developed an operational model for data governance for a government agency in Jakarta. The researcher used the Data Governance Body of Knowledge (DMBOK) framework, which has 10 data management functions, but focused on only 3 functions: data governance, metadata management, and data quality.

The study evaluated the organization, human resources, and business processes and concluded with the following findings: Organizationally, there is no unit to manage data governance activities; Business processes, there are no data governance standards and policies, although some data governance activities exist but are not formalized; Human resources and employees do not implement data governance activities in their work; these activities are only performed by IT staff. In conclusion, the researcher recommended the development of a data governance operational model to enhance the effective implementation of data governance. (Hmood, al-dossari; Aisha, ali sumaili, 2021, p. 22) .

Based on the above, we will discuss three common models as strategies that can be used to evaluate data governance maturity models in organizations as follows:

A- Capability Maturity ModelCapabilityMaturity Model(CMM)

The Software Engineering Institute developed the Capability Maturity Model in August.1986 and originated as a framework developed by Carnegie Mellon University. This model was first published in 1987 as a five-level program focused on improving the software process. Version 1.0 of the model was published in 1991, version 1.1 in 1993, and it was published as a book in 1995 (Mark C, Paulk, 2009, p. 5), and it was trained in 2008 (Mark C, Paulk, 2009, p. 13).

It is organizedCMM has five maturity levels, where the organization first conducts a self-assessment to establish its current maturity level and then determines the steps and goals necessary to achieve subsequent levels. For CMMI

(Kenneth, B yeh; Martin l, Adams; Edith S, marshal…and others, 2017, p. 3)L in:

• -    Maturity level1 (Initial): Processes are typically ad hoc and chaotic; that is, they are not organized and reliable, and the organization typically does not provide a stable environment to support the processes. Success in organizations depends on the competence of individuals, not on the use of proven processes. Despite this chaos, Maturity Level 1 organizations often produce workable products and services, but they often exceed the budget and schedule documented in their plans. Maturity Level 1 organizations tend to overcommit, abandon their processes in times of crisis, and are unable to replicate their successes.

• -    Maturity level2 (Organized) Processes are repeatable and may lead to consistent results. Organizations at this level employ skilled and capable individuals; processes are planned and implemented in an organized manner. Projects are well documented, and existing processes are maintained during times of stress. For example, if an organization successfully implements a project, it may want to identify the specific processes that led to its success and then replicate them in projects with similar applications (Jeanne, Yamfashije, 2017, p. 3).

• -    Maturity level3 (Specific) Processes are well-defined and understood, and are described in standards, procedures, tools, and techniques. A standard process set is used to create consistency across the organization. Specific processes are created by adapting the organization's set of standard processes according to detailed guidelines, which are the basis for maturity at Level 3, and are established and improved over time.

A critical distinction between maturity levels 2 and 3 is the scope of the standards, process descriptions, and procedures. At maturity level 2, the standards, process descriptions, and procedures can be quite different for each specific instance of the process, for example, on a given project. At maturity level 3, the standards, process descriptions, and procedures are specific to the project design from the organization's standard set of processes to suit a particular project or organizational unit; therefore, they are more consistent except for differences. Another critical distinction is that at maturity level 3, processes are more typically and rigorously described than at maturity level 2, i.e., a clearly defined process that articulates purpose, inputs, entry criteria, activities, roles, measures, verification steps, outputs, and exit criteria. At maturity level 3, processes are proactively managed using an understanding of the interrelationships of process activities and detailed measures of the process, its work products, and services. The organization further refines its processes related to the maturity level 2 process areas. General practices associated with the overall objective that were not addressed at maturity level 2 are used to achieve maturity level 3.

• -    Maturity level4 (Quantitatively Driven) At this level, the organization establishes quantitative project, quality, and process performance objectives and uses them as project management criteria. Quantitative objectives are based on the needs of the client, end users, the organization, and process implementers.

Quality, on the other hand, understands process performance statistically and is managed throughout the life of the project. For selected subprocesses, specific measures of process performance are collected and analyzed statistically. When selecting subprocesses for analysis, it is critical to understand the relationships between the various subprocesses and their impact on achieving quality and process performance objectives. This approach helps ensure that the subprocess, where monitoring is applied using statistical and other quantitative techniques, has the greatest overall value to the business. For process performance, baselines and models can be used to help control quality and the process, and thus performance objectives help achieve business objectives. (Software Engineering Institute, 2010, p. 28) .

The critical distinction between maturity levels 3 and 4 is the predictability of process performance. At maturity level 4, project performance and selected subprocess control are achieved using statistical and other quantitative forecasts, based in part on statistical analysis of accurate process data.

Maturity Level 5 (Improvement): At this level, the organization continuously improves its processes based on a quantitative understanding of its business objectives and performance needs. The organization uses a quantitative approach to understand inherent process variation and its causes. Maturity Level 5 focuses on continuous improvement of process performance through incremental, innovative, and technologically driven process improvements. Organizational quality and process performance are defined by goals that are continually reviewed to reflect changing business objectives and organizational performance, and are used as benchmarks in process improvement management. The impact of the pervasive process is that improvements are measured using statistical and quantitative techniques and compared to quality and process performance objectives. The project-specific processes are the organization's set of standards, and the supporting technologies are the measurable targets for improvement activities.

The critical distinction between maturity levels 4 and 5 is focused on managing and improving organizational performance. At maturity level 4, the organization and projects focus on understanding and controlling performance at the sub-process level and using the results to manage projects. At maturity level 5, the organization is generally concerned with organizational performance using data collected from multiple projects. Data analysis identifies deficiencies or gaps in performance; these gaps are used to drive organizational improvement that generates tangible performance improvements. (Software Engineering Institute, 2010, p. 29) .

Based on the above, the concept of “maturity” was proposed for the management approach as a way to assess “the state of completeness, perfection, or readiness” and “the fullness or perfection of growth or development.” Maturity as a measure to assess the capabilities of an organization in relation to a particular discipline has become popular since the Capability Maturity Model was proposed (CMM) by the Engineering Institute program at Carnegie Mellon University, this model has been diversified into a number of methods that are now applied to IT infrastructure assessment, enterprise architecture management, and knowledge management, to name a few.     (Michael,

Rosemann; Tonia, de Bruin, 2005, p. 3) .

b- Institutional maturity modelGartner

In reference to the analyst and consultant "Gartner"Gartner has developed numerous charts with graphical models and standard tools widely used for evaluation and decision support in organizations (Sabrina, Bresciani; Martin, J. Eppler, 2008, p. 1). It is the largest research and advisory firm in the information technology industry worldwide. Founded in 1979, it currently serves 10,000 organizations in 75 countries. It has 4,000 employees, including 1,200 analysts and consultants. Gartner is headquartered in Stamford. The organization focuses on providing objective, in-depth analysis and actionable advice to enable clients to make more informed business and technology decisions (Sabrina, Bresciani; Martin, J. Eppler, 2008, p. 2).

The organization's maturity model focuses on:Gartner focuses on three main areas: people, processes, and measurement or technology across five maturity levels: unaware, tactical, strategically focused, and pervasive. This model uses business maturity levels and individual department maturity levels to assess it. It provides a more nontechnical view (Min-hooi, Chuah; Kee-luen, Wong, 2011, p. 3426); it focuses on the technical side of the business. It is well documented and easily searchable on the web. The assessment uses a series of questionnaires to form a table; however, the criteria for assessing maturity levels are not well defined. The classification is based on individual maturity levels, but not on business users and IT staff (Min-hooi, Chuah; Kee-luen, Wong, 2011, p. 3427).

C- Institutional maturity model:International Business Machine (IBM)

International Business Machine listed on the New York Stock Exchange under the symbol "IBM is an integrated solutions organization that leverages data to create value for customers. IBM is currently transitioning from a hardware and software services company to a cognitive services and cloud platform company. We conclude that this organization's transformation to cognitive computing and cloud computing is not fully discounted in the current valuation, warranting multiple reclassifications in the future (Shiv, Krishnan, 2016, p. 3).

This data governance model was introduced in 2007 and addresses 11 areas including data risk, governance, organizational structure, awareness, data quality management, data engineering, and other areas. The model consists of five levels. This model assesses each of the 11 data governance categories individually, helping organizations tailor their approach to their needs and objectives. When most organizations begin data governance, they are at Level 2, and few organizations achieve Levels 4 and 5. These levels include:

Level (1) Initial: There is little or no awareness of the importance of data and no set of data management standards. The estimated scheduled budget for the data project is often exceeded.

Level (2) Managed: The importance of data and how it can benefit the organization is recognized; it is considered an asset to the organization. However, a set of data, tools, and management processes are required.

Level (3) Defined: Data organization and management guidelines are defined and integrated into the organization's processes; there is better use of technology for data governance and data management; practices are widely implemented throughout the organization.

Level (4) Quantitatively Managed: At this level, all projects follow data governance guidelines, data models are documented and made available across the organization, measurable quality objectives are defined for each project, and data processing and maintenance are maintained. Business process performance is continuously measured against established targets. (Hmood, al-Dussari; Aisha, Ali Sumaili, 2021, p. 24).

Level (5) Enhanced: At this level, data governance becomes an enterprise-wide effort whose production and effectiveness are improved. (Hmood, al-dossari; Aisha, ali sumaili, 2021, p. 25). And the operations are more efficient and of higher quality.

The objective of this model is to identify the importance of large-scale investments to support planned business projects; the model is designedIBM To assess the desired target state, find gaps, and provide feedback on the metrics required to achieve the desired target state, IBM's Big Data Maturity Model measures an organization's ability to pursue Big Data initiatives consisting of an assessment survey. In addition, the model aims to identify the appropriate stages and technologies that lead an organization toward Big Data maturity (Nda, mr; Tasmin, r; Hamid a- abdul, , 2020, p. 1686).

Therefore, we conclude that these models are strategies aimed at measuring organizational performance, the extent of control over their data, and its use in making management decisions. However, the Stanford Data Maturity Model has been highlighted as a suitable model for organizations, and it encompasses all levels of other maturity models.

• -3-2 The legal framework for data governance in higher education institutions

In this section, we have chosen to present the Irish experience as a detailed model of regulations, legislation, and data protection policies in the higher education sector. This is due to the control we have observed over data, including personal data, and the focus on balancing the right to privacy and the right to information. We also want to evaluate these laws in line with technology, given the threats and violations facing data today.

Developing strategies for implementing data governance in higher education institutions requires adherence to legal regulations and legislation for data and information protection, including but not limited to the following:

Compliance with laws while working or studying in higher education institutions is often fraught with challenges. One example is the Irish Data Protection Act of 1988, which was amended in 2003. This law protects individuals from potential misuse of their personal data. Advances in technology enable educational institutions to improve efficiencies and reduce costs. However, we will identify salient features of the law and assess its compatibility with technologies such as cloud computing and biometrics. In an effort to align the law with these technologies, we will discuss cases where precedents have been set by the Irish Data Protection Commissioner. Consequently, we will propose a data protection policy for higher education. The conclusions will be based on the research conducted, and we will suggest whether the law, as currently drafted, is appropriate for cloud computing technologies. (Nigel,McKelvey, 2014, p. 133) .

Furthermore, a salient feature of Irish data protection law is that the Irish Constitution seeks to provide a number of fundamental rights. The courts have analyzed and interpreted these rights to include certain rights not specifically enumerated in the Constitution. These human rights are not explicitly enumerated in the Constitution, but are interpreted by the courts to have a unified meaning. The unenumerated human right is the right to privacy. Article 8 of the European Union Charter of Fundamental Rights refers to the protection of personal data as follows:

• 1-    Every individual has the right to protect his personal data.

• 2-    This data must be processed fairly for specific purposes and on the basis of the data subject's consent or any other legitimate basis provided by law. Every individual has the right to access and correct the data concerning him.

• 3-    Compliance with these rules is subject to oversight by an independent authority.

Determining the policy that will take these provisions into account can encompass many aspects. These rules consider the individual's right to access information as their core. Access to information facilitates transparency and accountability, and the right to information positively refers to the enhancement of community knowledge. However, it is only enforceable if it is protected by law. The Freedom of Information Act 2003 seeks to protect this right from data in its first section. The Protection Acts of 1988 and 2003 state:

The right granted by this law does not prejudice the exercise of a right granted by the Freedom of Information Act of 1997.

The Commissioner and the Information Commissioner shall cooperate in performing their duties and provide assistance to each other.

Section 7 of the Freedom of Information Act imposes a duty on public bodies to assist persons requesting

Information or access to a record from a public body other than under the Freedom of Information Act. In light of this, Ireland strives to balance the right to privacy and the right to information with the appointment of the Data Protection Commissioner.The Data Processing Commissioner (DPC) points out that rights cannot simply be integrated into society without including measures to ensure that different institutions respond appropriately to different groups. This is arguably a crucial issue in a society where technology has the potential to impact human rights, and thus the appointment of a commissioner is essential.

In Part II of the Irish Data Protection Act 1988 and the Data Protection Act as amended in 1988,2003

Data Processing AgreementData Processing Agreement (DPA) refers to personal data as follows:

Personal Data “means data relating to a living individual who is identified or identifiable from either the data or from the data together with other information which is or is likely to come into the possession of the data controller.” As set out in Section 11 of the AgreementUnder the DPA, one of the Commissioner's powers is to prohibit the transfer of data abroad. It could be argued that the use of cloud computing contravenes Article 11 of the Act; however, the Commissioner has provided some guidance on how to overcome this obstacle. The data of the controller (a college or university) does not violate the Data Protection Act if the cloud services used are located within a country approved by the EU Commission or located within a US "safe harbor." Given the above, the data controller can still protect the data subject (employees and students) by using an EU-approved model contract that sets out data protection measures in accordance with EU standards. If a suitable contract cannot be established, there are nine alternative measures specified in Section 11 of the DPA; the data controller only needs to provide evidence that they are able to accept one or more alternative measures that allow data transfer when necessary if:

• -    required or authorized by law,

• -    The data subject has given consent,

• -    Execution of a contract to which the data subject is a party,

• -    The contract is concluded at the request of the data subject,

• -    Reasons of essential public interest,

• -    Obtain legal advice,

• -    Prevent injury/damage or danger,

• -    Data extracted from the legal public register,

• -    Authorized by the Data Commissioner.

It is clear that data subject consent can be widely used by data controllers. However, the question arises regarding the level of informed consent present in an educational setting, if student grades are stored in a cloud-based form, and the extent to which they are aware of where this data is located. This refers to how the data processing agreement is defined.The DPA requires that data be accessed fairly, that it be retained only for one or more specified and lawful purposes, that it be processed only in compliant ways (Nigel & McKelvey, 2014, p. 134), that it be relevant and not excessive, so that it is not retained for longer than necessary for the specified purpose(s); and finally, that a copy of the individual's personal data be provided, upon request. The evolution of technology has tested the scalability and robustness of existing laws and made it difficult to comply with data protection guidelines. With cloud computing and biometrics often used in conjunction with each other, it is essential to consider the security implications of using such technologies within an educational institution and whether or not the DPA will continue to protect the data subject.

After reviewing the salient features of the above-mentioned law, we will briefly discuss the suitability of cloud computing technologies in higher education institutions.

Cloud Computing in Education Technological advancements in higher education institutions and organizations have facilitated reducing the amount of storage required to maintain administrative records, email, data, student/staff records, relevant medical data, library resources, research and admissions information.

Cloud computing enables universities to access a wide range of services on demand with transparency. Control over data is critical for data controllers, such as higher education institutions. Cloud services reduce these capabilities, and therefore, trust in the cloud services used is critical. (Nigel, Mckelvey, 2014, p. 135) .

• - 2-4 Data governance objectives in higher education institutions

By implementing data governance, universities achieve several goals, including the following:

S Identify, map, document, and increase visibility of corporate data resources and systems, and establish data resource sharing policy and agreements.

S Develop policies and procedures to ensure consistency in how data is obtained and used across university units in order to ensure data quality and integrity.

S Develop, implement, maintain, and assist in the enforcement of university-wide data governance policies, standards, guidelines, and operating procedures related to institutional data assets.

S Defining the roles and responsibilities that govern corporate data governance,

S Define and document appropriate derivation logic for measurements and data collection,

S Develop a communication plan so that data consumers are aware of data governance standards and available resources for accurate reporting of university data.

S Build a central repository of large-scale metadata to capture information about institutional data assets that can be used systematically and confidently in business applications across the university,

S Promote communication and knowledge exchange among data governance practitioners across the university. (Kathleen, w; Stephanie w, 2019).

conclusion

In the midst of what has been presented, we have concluded that governance is a newly applied concept and is important in many institutions that have resorted to adopting it as a system based on principles, standards, and mechanisms to manage and administer their resources, including higher education institutions. These institutions face challenges and difficulties in controlling their data through education and the quality of services they provide to their beneficiaries, in addition to protecting their data; especially in light of the Corona pandemic, which forced them to shift to distance learning and the use of digital technology by applying the rules and establishing the principles of governance as an approach to change in management and administration methods and techniques with the emergence of e-governance.

Data governance has emerged in higher education institutions as a reform of the educational system and a means of reducing administrative corruption. It is considered an important driver of change in all procedures and operations related to university stakeholders. Its implementation varies from one institution to another, depending on the choice of mechanisms and strategies for its governance. The goal is to achieve transparency, accountability, independence, and participation in decision-making, which supports the higher education sector, its development, and its improvement. This is reflected in the importance of the digital economy in the transformation towards smart institutions in the field of cloud computing and artificial intelligence, which are considered future visions for countries.

Institutions in general, and the higher education sector in particular, face difficulties and barriers that prevent the adoption of a policy based on a strategic plan for the application and implementation of data governance. These barriers are represented by eight barriers: the organizational barrier, the technological barrier, the environmental barrier, the functional barrier, the financial barrier, the cultural barrier, the knowledge barrier, and finally the human barrier.

Furthermore, we present some recommendations related to our study as follows:

• -    Reviewing the educational regulatory environment, the legal environment, and the infrastructure of higher education institutions,

• -    Compliance with standards, laws and policies in implementing data governance according to a clear strategy,

• -    Working on selecting appropriate mechanisms and strategies for the organization, especially with regard to data protection and security.

• -    Institutions’ awareness of the data governance program and how to work with it, to reduce the risks to which data, including personal data, is exposed.

• -    Awareness of the importance of data in the higher education sector, and the best use of information technology in implementing data governance,

• -    The appropriate choice in applying data governance maturity models to measure capabilities, evaluate performance and improve it in institutions, according to the work environment.

• -    Working on using and sharing data across higher education institutions in administrative decision-making,

• -    Commitment to implementing data governance principles in higher education institutions to achieve transparency, accountability, and equality among stakeholders.

• -    The necessity for higher education institutions to adopt policies and laws specific to data protection.

• -    Comprehensive audit of the data governance system and framework, to avoid the failure of institutional policies,

Higher education institutions must control their data according to strategic planning that is achieved through the governance of laws and standards, in addition to progress in formulating procedures and policies to implement data governance.

• -    Working to formalize data governance policies and implementation standards, which contributes to making documented administrative decisions.

The question remains: to what extent can organizations control, use, and protect data? And to what extent are they compliant with policies, laws, and standards in their implementation?