Your SlideShare is downloading. ×
Data Integration Presentation
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Data Integration Presentation

717
views

Published on


0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
717
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
9
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. UC Berkeley Business Officer Institute “ Data Integration” Helen Kelly, COIS – DSC Jill Martin, COIS/OPA - DSC July, 2003
  • 2. Business Officer Institute “Taking Control and Loving IT” Data Integration – Presentation Objectives What we will be covering:
    • Campus data integration commitment and efforts
    • Information as an asset
    • Roles and responsibilities
    • Data Classifications and Risk Assessment
    • Best Practices
  • 3. Business Officer Institute “Taking Control and Loving IT” Data Integration Data Integration Overview Chancellor’s Initiative 2001 Data Stewardship Council (DSC) DSC Projects
  • 4. Business Officer Institute “Taking Control and Loving IT” Data Integration – Chancellor’s Initiative Chancellor’s Initiative recognizing the need for data integration in order to further:
    • Improve central campus response to department’s data needs
    • Address inconsistent rules regarding data
    • Address problem of poorly defined data
    • Address issues of missing data
    • Reduce data duplication across systems
    • Assess campus risk associated with data
    • Develop an integrated and collaborative data environment
    A Data Integration Working Group was formed in 2001 to develop a plan for moving forward.
  • 5. Business Officer Institute “Taking Control and Loving IT” Data Integration – DSC Current Activities Data Stewardship Council Activities
    • Current
    • Data Integration Projects
      • Student Data Warehouse Prototype (currently under development)
      • Sponsored Projects Office and Extramural Funds Accounting
      • Facilities and Spatial Data Integration (FASDI) http://fasdi.vcbf.berkeley.edu/
    • Campus Data Management, Use, and Protection Policy
    • Inventory of Locally Administered Data Systems (LADS)
    • Upcoming
    • Enterprise Data Dictionary
    • Policy Implementation and Education
    • http://dataintegration.vcbf.berkeley.edu/
  • 6. Business Officer Institute “Taking Control and Loving IT” Data Integration – IA Management and Use Information Asset Management and Use Data integrity and integration throughout the University are requisites for organizational effectiveness and efficiently managed resources. Information Asset Information (Data) is a valuable campus asset that must be managed and protected as such.
  • 7. Financial Management/Information Management
    • Ensure appropriate staff training
    • Developing and adhering to procedures to ensure compliance with applicable laws, regulations, and policies
    • Providing adequate explanations and documentation
    • Establish monitoring controls
    • Identifying unauthorized transactions
    • Providing adequate safeguards to protect against loss or unauthorized use (e.g. Separation of Duties)
    • Ensure appropriate staff training
    • Developing and adhering to procedures to ensure compliance with applicable laws, regulations, and policies
    • Develop and maintain data dictionaries
    • Inventory data systems and establish access and security procedures
    • Monitor data system activities
    • Providing adequate safeguards to protect against loss or unauthorized use (e.g. Separation of Duties)
    Financial Assets Information Assets Business Officer Institute “Taking Control and Loving IT” Data Integration – Asset Management
  • 8. Relevant Laws, Regulations, and Policies Users of campus data resources are responsible for familiarizing themselves with and complying with all UC Berkeley policies, guidelines, standards and procedures relating to information privacy and security. Business Officer Institute “Taking Control and Loving IT” Data Integration – Relevant Policies
    • Control’s Initiative – Guide to Administrative Responsibilities
    • UC B&F Bulletin – Records Management Program (RMP) Series
    • UC B&F Bulletin – Information Systems, IS-3
    • UC Berkeley Data Management, Use, and Protection Policy (Draft)
    • Berkeley Campus IT Security Policy
    • Interim E-Berkeley Policy
    • Berkeley Campus Departmental Security Contact Policy
    • Guidelines and Procedures for Blocking Network Access
    • SB 1386
  • 9. UCB Data Management, Use, and Protection Policy (Currently being developed by the Data Stewardship Council)
    • Complies with federal and state law, University of California and Berkeley campus policies. Interprets and further implements aspects of UCOP RMP’s and IS-3
    • Applies to all campus data, in any form of communication or presentation. (e.g. data file, document, email, website)
    • Defines campus data management roles and responsibilities
    Business Officer Institute “Taking Control and Loving IT” Data Management, Use, and Protection Policy
  • 10. UC Berkeley Data Access and Security Policy con’t. (Currently being developed by the Data Stewardship Council)
    • Establishes principles, guidelines, standards, and campuswide procedures for data management and use
    • Promotes the use of best practices across the campus
    • Contributes to the further development of an integrated and collaborative data environment for the Berkeley campus
    Business Officer Institute “Taking Control and Loving IT” Data Integration – Relevant Policies
  • 11. Business Officer Institute “Taking Control and Loving IT” Data Integration – Roles & Responsibilities Roles and Major Responsibilities
    • Administrative Official
    • Data Proprietor
    • Data Custodian
    • Data Integrator
    • User
    • Office of Record
    • System of Record
  • 12.
    • Administrative Official
    • Is ultimately responsible for implementing campus requirements and guidelines, establishing local procedures, and promoting best practices for the management and use of data
    • Data Proprietor
    • Has primary responsibility for determining the purpose and function of an essential data resource
    • Data Custodian
    • Is the technical partner of the data proprietor and is responsible for the implementation of data systems and the technical management of data resources
    Business Officer Institute “Taking Control and Loving IT” Data Integration – Roles & Responsibilities Roles and Major Responsibilities (See Handout)
  • 13.
    • Sensitivity
      • Restricted
      • Unrestricted
    • Criticality
      • Essential
      • Required
      • Deferrable
    Business Officer Institute “Taking Control and Loving IT” Data Integration – IA Management Practices Information Asset Management Classification of Data (From UC B&F Bulletin IS-3)
  • 14.
    • Restricted
    • Data that is considered sensitive to some degree
      • Personal
        • refers to any information that identifies or describes an individual, including but not limited to, name, social security number, medical history, and financial matters
      • Limited
        • refers to data whose unauthorized access, modification or loss could seriously or adversely affect the University or adversely affect the public. Or data that the Proprietor chooses to protect from general access or modification
    Business Officer Institute “Taking Control and Loving IT” Data Integration – Classification of Data Sensitivity of Data
  • 15.
    • Unrestricted
    • Access or modification is not restricted by law or University policy and is permitted by the Proprietor
    • Pertains to individuals and equates to “non-personal” information as defined in BFB RMP-8. Equivalent to “public information” in Federal Privacy Act and FERPA
    Business Officer Institute “Taking Control and Loving IT” Data Integration – Classification of Data Sensitivity of Data
  • 16.
    • Essential
    • Failure to function correctly and on schedule could result in a major failure to perform mission-critical business functions, a significant loss of funds, or a significant liability or legal exposure
    • Required
    • Performs an important function, but the operation of the campus could continue for some designated period of time without the function
    • Deferrable
    • Campus could continue operation for an extended period of time without the information resource performing correctly or on schedule
    Business Officer Institute “Taking Control and Loving IT” Data Integration – Roles & Responsibilities Criticality of Data
  • 17. Business Officer Institute “Taking Control and Loving IT” Data Integration – Classification of Data Summary Chart Minimal security required; need not be in Disaster Recovery plan Minimal security required; may be in Disaster Recovery plan Minimal security required; must be in Disaster Recovery plan Unrestricted Requires access security; need not be in Disaster Recovery plan Requires access security; may be in Disaster Recovery plan Requires access security; must be in Disaster Recovery Plan Restricted Deferrable Required Essential Criticality / Sensitivity
  • 18. Reduction of Risks through Preventative Measures and Controls
    • Absolute security against all threats is unrealistic. A risk assessment should include:
      • The criticality of the information asset to business operations
      • The sensitivity of the data residing within or accessible through information systems
      • The cost of preventative measures and controls designed to detect errors or irregularities
      • The amount of risk that management is willing to absorb
    Business Officer Institute “Taking Control and Loving IT” Data Integration – Risk Assessment
  • 19. Business Officer Institute “Taking Control and Loving IT” Data Integration – IA Management Practices Information Asset Management Know What, Where, Who, and When
    • What data do you have?
    • Where is it?
    • Who has access to it and do they know their responsibilities?
    • When something goes wrong, what to do?
    Have an Inventory http://dataintegration.vcbf.berkeley.edu/ Email to: jmartin1@uclink.berkeley.edu
  • 20.
    • Restrict use of restricted data
    • Systems with restricted data should be managed by a System Administrator
    • Choose key fields carefully
    • Do not maintain actual data in a test environment when using restricted data
    • Use caution when downloading restricted data
    • Do not email restricted data
    • Remember common-sense rules
    • Consider data integration issues when designing new systems
    • Maintain up-to-date data dictionaries
    • Maintain appropriate physical security
    Business Officer Institute “Taking Control and Loving IT” Data Integration – Information Asset Management Practices Information Asset Management Best Practices – Top Ten List