Business rules compliance
| Characteristic Name: | Business rules compliance |
| Dimension: | Validity |
| Description: | Data should comply with business rules |
| Granularity: | Element |
| Implementation Type: | Rule-based approach |
| Characteristic Type: | Declarative |
Verification Metric:
| The number of tasks failed or under performed due to lack of data precision |
| The number of complaints received due to lack of data precision |
GuidelinesExamplesDefinitons
The implementation guidelines are guidelines to follow in regard to the characteristic. The scenarios are examples of the implementation
| Guidelines: | Scenario: |
|---|---|
| Identify data related business rules separately (business rules that determines the value of data elements and business rules that get executed depending on the values of data elements) and organise them into a separate executable data rules engine | (1) The system maintains price routines to handle price related data Element :Discount rate A price routine (procedure) can be maintained to calculate the discount rate considering the rules R1:All registered customers get a discount of 6% |
| Implement a stewardship structure for business rules (parallel to stewardship structure for data) and manage the changes to the rules properly | (1) Sales director is responsible for discounts and his approval is needed to change a discount rate. Only the sales manager can change the rules related to discounts. |
| Maintain an error log to identify the problems resulted in the data rules repository where the problematic data records can be identified precisely | (1) Rules engines |
| Continuously monitor the root causes for the errors recorded in the log and take preventive actions by amending the rules, fixing the technical defects in the system etc. | (1) Some trip data is missing for a particular journey in the go card system and as a result an unacceptable journey duration was resulted. New rules were implemented to process such data using a different criteria |
Validation Metric:
| How mature is the creation and implementation of the data related business rules |
These are examples of how the characteristic might occur in a database.
| Example: | Source: |
|---|---|
| One common example in education is the student school of record. While most students do not change schools during an academic year, many do, especially in urban settings. Thus, the school at which students are tested may not be the school at which they received most of their instruction. Because school-level student achievement measures become increasingly invalid as the number of mobile students increases, many districts will hold schools accountable only for those students who were enrolled for a full academic year. In this case, student achievement measures for a given school lose validity as the percentage of mobile students increases. | J. G. Watson, S. B. Kraemer, and C. A. Thorn, “Data Quality Essentials. Guide to Implementation: Resources for Applied Practice”, August 2009. |
The Definitions are examples of the characteristic that appear in the sources provided.
| Definition: | Source: |
|---|---|
| Determines the extent to which data is not missing important relationship linkages. For example, the launch date for a new product must be valid and must be the first week of any quarter, since all new products are launched in the first week of each quarter. | D. McGilvray, “Executing Data Quality Projects: Ten Steps to Quality Data and Trusted Information”, Morgan Kaufmann Publishers, 2008. |
| 1) Data values conform to the Specified Business Rules.
2) A derived or calculated data value is Produced Correctly according to a specified Calculation Formula or set of Derivation Rules. |
ENGLISH, L. P. 2009. Information quality applied: Best practices for improving business information, processes and systems, Wiley Publishing. |
Data access control
| Characteristic Name: | Data access control |
| Dimension: | Availability and Accessability |
| Description: | The access to the data should be controlled to ensure it is secure against damage or unauthorised access. |
| Granularity: | Information object |
| Implementation Type: | Process-based approach |
| Characteristic Type: | Usage |
Verification Metric:
| The number of tasks failed or under performed due to lack of data access control |
| The number of complaints received due to lack of data access control |
GuidelinesExamplesDefinitons
The implementation guidelines are guidelines to follow in regard to the characteristic. The scenarios are examples of the implementation
| Guidelines: | Scenario: |
|---|---|
| Periodically evaluate the security needs considering the criticality of data (Value, confidentiality, privacy needs etc.) and accessibility requirements of data and then update the information security policy consistently. | (1) Employee salary is a confidential data and hence need security against unauthorised access. (2) Master data has a high economic value to the organisation and hence need security against unauthorised access and change |
| Continuously evaluate the risks threats and identify the vulnerabilities for data and update the information security policy | (1) The frequency of security assessment for data associated with online transactions was increased due to the high volume of online transactions. |
| Implementation of access controls for each critical information as prescribed by the information security policy. | (1) An Employee’s salary data can be viewed only by his or her superiors. (2) Master data can be created and updated only by the authorised executives. (3) Login credentials are required for system access |
| Data is stored in secured locations and appropriate backups are taken | (1) Databases are stored in a special server and backups are taken regularly (2) Documents are saved using a content management system in a file server |
| Restrict the accessibility of information using software based mechanism | (1) Data encryption (2) Firewalls |
| Restrict the accessibility of information using hardware based mechanism | (1) Security tokens |
Validation Metric:
| How mature is the process of ensuring data access control |
These are examples of how the characteristic might occur in a database.
| Example: | Source: |
|---|---|
| if the official version of the minutes of a meeting is filed by the records manager and thus protected from change, the unauthorised version will not form part of the official record. | K. Smith, “Public Sector Records Management: A Practical Guide”, Ashgate, 2007. |
The Definitions are examples of the characteristic that appear in the sources provided.
| Definition: | Source: |
|---|---|
| Is the information protected against loss or unauthorized access? | EPPLER, M. J. 2006. Managing information quality: increasing the value of information in knowledge-intensive products and processes, Springer. |
| Data is appropriately protected from damage or abuse (including unauthorized access, use, or distribution). | PRICE, R. J. & SHANKS, G. Empirical refinement of a semiotic information quality framework. System Sciences, 2005. HICSS'05. Proceedings of the 38th Annual Hawaii International Conference on, 2005. IEEE, 216a-216a. |
| The extent to which information is protected from harm in the context of a particular activity. | STVILIA, B., GASSER, L., TWIDALE, M. B. & SMITH, L. C. 2007. A framework for information quality assessment. Journal of the American Society for Information Science and Technology, 58, 1720-1733. |
| Access to data can be restricted and hence kept secure. | WANG, R. Y. & STRONG, D. M. 1996. Beyond accuracy: What data quality means to data consumers. Journal of management information systems, 5-33. |