Which of the following is NOT a core component of a data governance program?

Data governance centers on how data is owned, described, and managed across the organization. The core elements include clear data ownership and stewardship roles, formal data policies that define how data can be accessed, used, and retained, and a data catalog with metadata that provides context, definitions, and lineage for data assets. The option describing network security groups falls outside these governance activities. Network security groups are infrastructure security controls aimed at protecting networks and systems, not governing the data assets themselves. So while security is essential, it isn’t a core governance component; governance relies on who is responsible for data, the rules governing its use, and the metadata that helps people find and understand data.