Bedrock – The Data Foundation
Bedrock – The Data Foundation Framework is a structured maturity assessment that tells you exactly where your data governance stands, what the risks are, and what to fix first.
Your OfS submission is built on your data. Most institutions have never checked the foundations.
Bedrock — The Data Foundation Framework is a structured maturity assessment that tells you exactly where your data governance stands, what the risks are, and what to fix first.
The problem
OfS does not assess your intentions. It assesses your data.
Your B3 and B4 conditions require effective management information and data systems. Your Access and Participation Plan is built on the accuracy of that data. Your TEF submission, your continuation rates, your published student outcome metrics – all of it rests on how well your institution governs its data.
Most institutions have never formally assessed that. Data governance work happens in pockets, driven by whoever cares enough to do it. Retention policies exist but nobody enforces them. Lawful basis is documented somewhere but not reviewed since GDPR came into force. The CRM and SRS hold different definitions of the same student. The DPO has a processor register that is two years out of date.
None of this is unusual. It is the sector norm.
What has changed is the context. OfS is increasingly active in monitoring. AI is arriving in admissions, in student support, in assessment — and AI built on ungoverned data produces ungoverned outcomes. The gap between where most institutions are and where they need to be is widening.
Bedrock is designed to close it.
What Bedrock is
Bedrock is a proprietary data governance maturity assessment developed by Sparkline Advisory Ltd, designed specifically for UK higher education providers.
It is not a generic GDPR audit. It is not a data strategy document. It is a structured, evidence-based assessment of your institution’s data governance capability across ten dimensions – from data ownership and data quality through to statutory return management and AI readiness – scored against a five-level maturity model and delivered as a clear, actionable report.
The 10 Bedrock dimensions:
- Data ownership and accountability
- Data definitions and dictionaries
- Data quality
- Retention and disposal
- Consent and lawful basis
- Third-party and processor management
- Policy and documentation
- Statutory and regulatory return management
- Culture and capability
- AI and emerging technology readiness
Each dimension is assessed at one of five maturity levels, using a weighted scoring model that reflects the regulatory significance of each dimension in a higher education context. The result is a scored profile that tells you not just where you are, but where the risks are highest and what to address first.
How the assessment works
The Bedrock Assessment is delivered over four to six weeks. It involves:
- A structured document review using a defined pre-assessment checklist
- Six role-differentiated interviews: senior leadership, DPO, data or information governance lead, IT, statistical returns, and a frontline data user
- Scoring and analysis against the Bedrock Maturity Model
- A written assessment report across all ten dimensions
- A 90-minute findings presentation with senior leadership
The interview methodology uses three question layers – existence, practice, and evidence – specifically designed to distinguish between governance that exists on paper and governance that is actually practised day to day. The difference matters, and it shows up clearly in the results.
What you receive
Maturity profile A scored profile across all ten dimensions, with an overall weighted maturity score and RAG status for each dimension. A dashboard of your governance position.
Dimension assessments Detailed findings for each of the ten dimensions: evidence reviewed, strengths, gaps and risks, and priority actions. This is the substance of the report — specific, evidenced, and written to be shared with your senior leadership team.
Improvement roadmap A consolidated action plan organised by timeframe – immediate, short term, medium term, and longer term – with a suggested owner for each action. Something you can take into a governance meeting and start working from the same week.
Findings presentation A 90-minute session presenting the results and priorities with your senior leadership team. Designed to land the findings, answer questions, and agree the most important next steps.
All outputs are formatted for internal use and governance reporting. The assessment report is structured to be shared with your senior leadership team, your board, and where relevant your DPO or information governance lead.
The maturity levels
| Level | Name | What it means in practice |
|---|---|---|
| 1 | Unmanaged | No governance in any meaningful sense. Practice is absent, undocumented, or dependent on individuals. |
| 2 | Aware | The need is recognised but practice is inconsistent and not institutionalised across the organisation. |
| 3 | Developing | Structures exist and are documented but not consistently embedded across teams and systems. |
| 4 | Embedded | Governance is actively practised, owned, and maintained. Gaps are identified and managed. |
| 5 | Optimised | Governance is part of the institution’s operating culture, reviewed, and connected to strategic decision-making. |
Most institutions we work with sit between levels 2 and 3. The assessment shows precisely where you are on each dimension and gives you a clear, prioritised path forward.
Who it is for
Bedrock is designed for UK higher education providers that:
- Are preparing for OfS regulatory engagement or monitoring and want to understand their data position before the conversation starts
- Are implementing or evaluating AI tools and need data governance foundations in place first
- Have received a data quality concern from HESA or OfS and need to understand the root cause
- Have a new DPO, Head of Data, or senior leader who wants to establish the institution’s current position quickly and credibly
- Are planning a significant system change – new SRS, new CRM – and need to assess data governance readiness before they build on it
Bedrock is relevant to universities, specialist institutions, and smaller and alternative providers. The three-tier pricing model reflects institutional scale.
Investment
| Foundation | Standard | Comprehensive | |
|---|---|---|---|
| Institution size | Under 5,000 students | 5,000–20,000 students | Over 20,000 students |
| Fee | £6,500 | £9,500 | £13,500 |
Each tier includes the full Bedrock Assessment: document review, six interviews, scored maturity profile, ten-dimension assessment report, improvement roadmap, and findings presentation. There are no hidden day rate surprises – the fee is fixed.
Introductory pricing is available for early engagements.
Bedrock and the Sparkline framework suite
Bedrock is part of the Sparkline Advisory framework suite for responsible data and AI governance in higher education.
ICE/BERG – the Responsible AI Framework for evaluating AI tools before adoption. If Bedrock tells you your foundations are ready, ICE/BERG tells you whether the AI tool you are considering is appropriate.
CLEAR – the AI Fairness Audit for testing whether AI tools already in use are producing fair, lawful, and auditable outcomes.
Bedrock is the starting point. It tells you where your data governance stands and what needs to be in place before you build anything on top of it. ICE/BERG and CLEAR take you through what comes next.
About Sparkline Advisory Ltd
Sparkline Advisory Ltd is a data governance and AI consultancy working exclusively in UK higher education. Founded by Martha Horler, Sparkline supports universities and colleges with data governance, AI readiness, and the regulatory compliance foundations that make good data practice sustainable.
Martha has over 20 years of experience working in and alongside UK higher education. Bedrock is built on that experience – the ten dimensions, the maturity descriptors, and the assessment methodology reflect the specific governance challenges and regulatory context of the UK HE sector, not a generic framework adapted from elsewhere.