Governance begins with the establishment of data and security policies in an organization. Many of these policies are likely pre-existing in the organization you are defining a solution for. So, your first step is to understand these policies, as the architecture that you define should provide some consistency in its ability to support the policies already in place.
IIoT projects can also introduce extensions to the architecture that were not previously deployed in the organization (such as those caused by the introduction of new devices and extended networking). These extensions will take a look at the additional standards and policies that will need to be put into place.