I have often found that it is useful to divide business rules into two different types:
- External business rules, which are rules based on laws, regulations within industries and other rules imposed from outside your organization.
- Internal business rules, which are rules made up within your organization in order to make you do business more competitive than colleagues in your industry do.
External imposed business rules are most often different from country to country (or group of countries like the EU). Internal business rules may be that too but tend to be rules that apply worldwide within an organization.
The scope of external business rules tend to be fairly fixed and so does the deadline for implementing the derived data policy and standard. With internal business rules you may minimize and maximize the scope and be flexible about the timetable for bringing them into force and formalizing the data governance around the rules. It is often a matter of prioritizing against other short term business objectives.
The distinctions between these two kinds of business rules may not be so important in the first implementation of a data governance program but comes very much into play in the ongoing management of data policies and data standards.