Skip to main content

Golden copies, data stewards, and sensitivity

The University stores and manages quite a lot of data - nothing like the scale of Google or similar behemoths, but not insignificant either.  Some of this data is quite sensitive.  It can include personal information (including the "protected characteristics" such as race or sexuality); medical information (for staff & students, or for NHS patients on research projects), commercially sensitive information, and information vital to the teaching process such as exam questions.  We are responsible for looking after this data and keeping it secure, a set of procedures that goes by the dry name of "data governance".

One of the key concepts in our approach to data governance is the "golden copy"; the one true source for a particular kind of information.  For example, the student record is the golden copy for data about students.  I have made this one of our Enterprise Architecture principles:
Principle D1: All data held in enterprise systems have a golden copy that holds the definitive value of that data.
We have had this principle in practice for many years. But if you want to know which system is the golden copy for a particular type of data, or who looks after that system, or how you access the data for yourself, you have had to know who to ask.  So I am creating a golden copy data catalogue that publicises this information.  I'm also working with the data governance group to come up with a default process for requesting access.

This throws a spotlight on the people who look after our data.  The usual name for this role in EA circles is the data steward.  As the name implies, someone who has this role is responsible for looking after the data, ensuring it is up-to-date and good quality.  Their responsibilities also include assessing requests for access, and making the data available to people who need it.  So we are working to define this role and work with people across the university so that our data is stewarded consistently.

I am also working with our Chief Information Security Officer (CISO) and our Data Protection Office (DPO) to agree a classification for information sensitivity.  The goal is to provide consistent advice for which data can be made public, which needs "normal" levels of security, and which needs more stringent controls.

So far, the response to this work has been very positive.  Much remains to be done, not least wider consultation with the people who do the crucial role of looking after our data.



Comments

Popular posts from this blog

A new EA Repository

One of my goals since starting this job two years ago has always been to create a repository for architecture documents.  The idea is to have a central store where people can find information about the University's applications, data sources, business processes, and other architectural information.  This store will make it easier for us to explain our plans, to show the current state of the University's information systems, and to explain what Enterprise Architecture is all about.

It's taken a long time to reach this goal, mainly because we're often had more pressing and immediate work to be done.  The creation of a repository is one of those tasks that is very important but never quite urgent.  So I'm now very happy to say that we are in the process of deploying a repository and modelling tool.


This is the culmination of a careful process to select the most appropriate tool for our needs.  We began by organising several workshops to gather requirements from a rang…

A brief summary of our major initiatives

I notice that in 2016 I wrote 34 posts on this blog.  This is only my fifth post in 2017 and we're already three-quarters of the way through the year.  Either I've suddenly got lazier, or else I've had less time to spend writing here.  As I'm not inclined to think of myself as especially lazy, I'm plumping for the latter explanation.

There really is a lot going on.  The University has several major initiatives under way, many of which need input from the Enterprise Architecture section.

The Service Excellence programme is overhauling (the buzzword is "transforming") our administrative processes for HR, Finance, and Student Administration.  Linked to this is a programme to procure an integrated ERP system to replace the adminstrative IT systems. 

Enabling Digital Transformation is a programme to put the middleware and architecture in place so that we can make our processes "digital first".  We're implementing an API framework, a notification…

Business Model Canvas

A Business Model Canvas is a tool for mapping the core functions and capabilities of an organisation.  Compared to the Core Diagrams that I described in an earlier post, the business model canvas attempts to present more aspects of the business, starting with the value proposition – a statement of what the organisation offers to its users (in the business world, to its customers).  It shows the activities and resources, as Core Diagrams do, but also shows user relationships & channels, and also benefits and costs.  I’m not aware of any universities that have used this tool but you can find examples from elsewhere on the web.

We are considering business model canvases as a tool for mapping the strategic capabilities of units at the University of Edinburgh.  Phil Taylor, our EA contractor, sketched an outline of what a business model canvas might begin to look like for HR:
This is only intended to be suggestive: the real canvas would need to result from in-depth discussions about th…