Define data ownership, stewardship roles, data classification, retention policies, and access control frameworks.
Defines data ownership, stewardship, classification, retention, and access control frameworks. Use when planning governance structures for compliance, security, or data quality initiatives.
/plugin marketplace add melodic-software/claude-code-plugins/plugin install data-architecture@melodic-softwareThis skill is limited to using the following tools:
Use this skill when:
Data governance establishes the framework for managing data as a strategic enterprise asset. It defines who can do what with data, ensures compliance, and maintains data quality standards.
┌─────────────────────────────────────────────────────────────────┐
│ DATA GOVERNANCE │
│ (Planning, Control, Monitoring across all areas) │
├─────────────────────────────────────────────────────────────────┤
│ │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │
│ │ Data │ │ Data │ │ Data │ │
│ │ Architecture│ │ Modeling │ │ Storage │ │
│ └─────────────┘ └─────────────┘ └─────────────┘ │
│ │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │
│ │ Data │ │ Data │ │ Reference & │ │
│ │ Security │ │ Integration │ │ Master Data │ │
│ └─────────────┘ └─────────────┘ └─────────────┘ │
│ │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │
│ │ Document & │ │ Data │ │ Data │ │
│ │ Content │ │ Quality │ │ Warehousing │ │
│ └─────────────┘ └─────────────┘ └─────────────┘ │
│ │
│ ┌─────────────┐ │
│ │ Metadata │ │
│ │ Management │ │
│ └─────────────┘ │
└─────────────────────────────────────────────────────────────────┘
| Role | Responsibility | Scope |
|---|---|---|
| Data Owner | Strategic decisions, policy approval | Domain-level |
| Data Steward | Day-to-day management, quality | Domain/system |
| Data Custodian | Technical implementation | System-level |
| Data Consumer | Appropriate use | Access-level |
| Data Protection Officer | Privacy compliance | Enterprise |
# Data Governance RACI Matrix
| Activity | Owner | Steward | Custodian | Consumer | DPO |
|----------|-------|---------|-----------|----------|-----|
| Define data standards | A | R | C | I | C |
| Approve access requests | A | R | I | I | C |
| Monitor data quality | I | R | A | I | I |
| Handle data breaches | A | C | R | I | A |
| Data classification | A | R | C | I | C |
| Retention enforcement | A | C | R | I | A |
| Privacy impact assessment | A | C | I | I | R |
| Metadata maintenance | I | R | A | I | I |
| Audit compliance | A | R | C | I | A |
A = Accountable, R = Responsible, C = Consulted, I = Informed
# Data Domain: Customer
## Data Owner
- Name: Jane Smith
- Title: VP of Sales
- Authority: Approve policy, access, changes
- Contact: jane.smith@company.com
## Data Stewards
| System | Steward | Backup |
|--------|---------|--------|
| CRM | John Doe | Mary Brown |
| E-Commerce | Sarah Lee | Tom White |
| Marketing | Bob Jones | Amy Green |
## Data Custodians
| System | Team | Contact |
|--------|------|---------|
| CRM | Salesforce Admin Team | sf-admin@company.com |
| Data Warehouse | BI Team | bi-team@company.com |
| Level | Description | Examples | Controls |
|---|---|---|---|
| Public | No restrictions | Marketing content | None required |
| Internal | Business use only | Org charts, policies | Authentication |
| Confidential | Need-to-know basis | Customer PII, financials | Encryption, access log |
| Restricted | Highly sensitive | PCI data, health records | Strong encryption, MFA, DLP |
-- Data classification metadata table (PascalCase - SQL Server Convention)
CREATE TABLE DataClassification (
ClassificationId INT IDENTITY PRIMARY KEY,
TableSchema VARCHAR(100) NOT NULL,
TableName VARCHAR(100) NOT NULL,
ColumnName VARCHAR(100),
ClassificationLevel VARCHAR(20) NOT NULL,
DataCategory VARCHAR(50), -- PII, PHI, PCI, etc.
RetentionPolicy VARCHAR(50),
EncryptionRequired BIT,
MaskingRequired BIT,
Owner VARCHAR(100),
Steward VARCHAR(100),
LastReviewed DATE,
NextReview DATE,
CONSTRAINT CHK_ClassificationLevel
CHECK (ClassificationLevel IN ('Public', 'Internal', 'Confidential', 'Restricted'))
);
# Table: customers
| Column | Classification | Category | Controls |
|--------|---------------|----------|----------|
| customer_id | Internal | None | None |
| email | Confidential | PII | Masked in lower envs |
| full_name | Confidential | PII | Encrypted at rest |
| ssn | Restricted | PII/Sensitive | Encrypted, tokenized |
| phone | Confidential | PII | Masked in reports |
| address | Confidential | PII | Encrypted at rest |
| credit_card | Restricted | PCI | Tokenized, never stored |
| purchase_history | Internal | None | None |
# Data Retention Schedule
| Data Category | Retention Period | Legal Basis | Disposal Method |
|---------------|-----------------|-------------|-----------------|
| Customer PII | 7 years post-relationship | GDPR, CCPA | Secure deletion |
| Transaction Data | 7 years | Tax regulations | Archive, then delete |
| Audit Logs | 7 years | SOX compliance | Archive, then delete |
| Marketing Consent | Duration of consent | GDPR | Delete on withdrawal |
| Employee Records | 7 years post-employment | Employment law | Secure deletion |
| Web Analytics | 26 months | GDPR | Automatic purge |
| Backup Data | 90 days | Business continuity | Overwrite |
public class DataRetentionService
{
private readonly IDataContext _context;
private readonly ILogger<DataRetentionService> _logger;
public async Task ApplyRetentionPolicies(CancellationToken ct)
{
var policies = await _context.RetentionPolicies
.Where(p => p.IsActive)
.ToListAsync(ct);
foreach (var policy in policies)
{
var cutoffDate = DateTime.UtcNow.AddDays(-policy.RetentionDays);
switch (policy.DisposalMethod)
{
case DisposalMethod.HardDelete:
await HardDeleteExpiredRecords(policy, cutoffDate, ct);
break;
case DisposalMethod.SoftDelete:
await SoftDeleteExpiredRecords(policy, cutoffDate, ct);
break;
case DisposalMethod.Archive:
await ArchiveExpiredRecords(policy, cutoffDate, ct);
break;
case DisposalMethod.Anonymize:
await AnonymizeExpiredRecords(policy, cutoffDate, ct);
break;
}
_logger.LogInformation(
"Applied retention policy {PolicyName} for data before {CutoffDate}",
policy.Name, cutoffDate);
}
}
}
┌─────────────────────────────────────────────────────────────────┐
│ ACCESS CONTROL LAYERS │
├─────────────────────────────────────────────────────────────────┤
│ │
│ ┌─────────────────────────────────────────────────────────┐ │
│ │ ROLE-BASED ACCESS CONTROL (RBAC) │ │
│ │ Users → Roles → Permissions │ │
│ └─────────────────────────────────────────────────────────┘ │
│ ▲ │
│ ┌─────────────────────────────────────────────────────────┐ │
│ │ ATTRIBUTE-BASED ACCESS CONTROL (ABAC) │ │
│ │ User Attrs + Resource Attrs + Environment → Decision │ │
│ └─────────────────────────────────────────────────────────┘ │
│ ▲ │
│ ┌─────────────────────────────────────────────────────────┐ │
│ │ DATA-LEVEL SECURITY │ │
│ │ Row-Level Security + Column-Level Masking │ │
│ └─────────────────────────────────────────────────────────┘ │
│ │
└─────────────────────────────────────────────────────────────────┘
# Data Access Request
## Requestor Information
- Name: [Employee Name]
- Department: [Department]
- Manager: [Manager Name]
- Business Justification: [Why access is needed]
## Access Details
| Data Asset | Access Type | Duration | Classification |
|------------|-------------|----------|----------------|
| Customer Database | Read | Permanent | Confidential |
| Sales Reports | Read | 6 months | Internal |
| Analytics Dashboard | Read/Write | Permanent | Internal |
## Approvals Required
| Approver | Role | Status | Date |
|----------|------|--------|------|
| Data Owner | Jane Smith | Pending | |
| IT Security | Security Team | Pending | |
| Manager | [Manager Name] | Approved | YYYY-MM-DD |
## Conditions
- [ ] Security training completed
- [ ] NDA signed
- [ ] Access will be reviewed in [X] months
-- SQL Server Row-Level Security
CREATE SCHEMA Security;
GO
CREATE FUNCTION Security.fn_CustomerAccess(@Region VARCHAR(50))
RETURNS TABLE
WITH SCHEMABINDING
AS
RETURN SELECT 1 AS access_result
WHERE
@Region = USER_NAME()
OR IS_MEMBER('DataAdmin') = 1
OR @Region IN (
SELECT region
FROM dbo.UserRegionAccess
WHERE user_name = USER_NAME()
);
GO
CREATE SECURITY POLICY CustomerFilter
ADD FILTER PREDICATE Security.fn_CustomerAccess(region)
ON dbo.Customers
WITH (STATE = ON);
# Data Asset: Customer Master
## Overview
| Property | Value |
|----------|-------|
| Asset Name | customer_master |
| Asset Type | Table |
| Database | DataWarehouse |
| Schema | dbo |
| Owner | Sales Domain |
| Steward | John Doe |
| Classification | Confidential |
## Description
Single source of truth for customer information, consolidated from CRM, E-commerce, and ERP systems.
## Schema
| Column | Type | Description | Classification | PII |
|--------|------|-------------|----------------|-----|
| customer_id | UUID | Primary key | Internal | No |
| email | VARCHAR | Contact email | Confidential | Yes |
| full_name | VARCHAR | Customer name | Confidential | Yes |
| segment | VARCHAR | Customer segment | Internal | No |
## Lineage
- Source: CRM.customers, Ecom.users, ERP.accounts
- Transforms: MDM matching/merging, standardization
- Consumers: BI Reports, Marketing, Sales
## Quality Metrics
| Metric | Target | Current |
|--------|--------|---------|
| Completeness | 98% | 96% |
| Accuracy | 99% | 97% |
| Timeliness | Daily | Daily |
## Related Assets
- customer_addresses
- customer_orders
- customer_preferences
| Metric | Description | Target |
|---|---|---|
| Data Quality Score | Composite quality rating | > 95% |
| Classification Coverage | % of data classified | 100% |
| Policy Compliance | % compliant with policies | 100% |
| Access Review Completion | % reviews completed on time | 100% |
| Issue Resolution Time | Avg days to resolve | < 5 days |
| Stewardship Coverage | % domains with stewards | 100% |
Inputs from:
conceptual-modeling skill → Data domainsOutputs to:
data-quality-planning skill → Quality standardsschema-design skill → Security implementationmdm-planning skill → Stewardship modelThis skill should be used when the user asks to "create a slash command", "add a command", "write a custom command", "define command arguments", "use command frontmatter", "organize commands", "create command with file references", "interactive command", "use AskUserQuestion in command", or needs guidance on slash command structure, YAML frontmatter fields, dynamic arguments, bash execution in commands, user interaction patterns, or command development best practices for Claude Code.
This skill should be used when the user asks to "create an agent", "add an agent", "write a subagent", "agent frontmatter", "when to use description", "agent examples", "agent tools", "agent colors", "autonomous agent", or needs guidance on agent structure, system prompts, triggering conditions, or agent development best practices for Claude Code plugins.
This skill should be used when the user asks to "create a hook", "add a PreToolUse/PostToolUse/Stop hook", "validate tool use", "implement prompt-based hooks", "use ${CLAUDE_PLUGIN_ROOT}", "set up event-driven automation", "block dangerous commands", or mentions hook events (PreToolUse, PostToolUse, Stop, SubagentStop, SessionStart, SessionEnd, UserPromptSubmit, PreCompact, Notification). Provides comprehensive guidance for creating and implementing Claude Code plugin hooks with focus on advanced prompt-based hooks API.