Standards and regulatory compliance
| Characteristic Name: | Standards and regulatory compliance |
| Dimension: | Validity |
| Description: | All data processing activities should comply with the policies, procedures, standards, industry benchmark practices and all regulatory requirements that the organization is bound by |
| Granularity: | Information object |
| Implementation Type: | Process-based approach |
| Characteristic Type: | Usage |
Verification Metric:
| The number of tasks failed or under performed due non adherence of standards and regulations |
| The number of complaints received due to non adherence to standards and regulations |
GuidelinesExamplesDefinitons
The implementation guidelines are guidelines to follow in regard to the characteristic. The scenarios are examples of the implementation
| Guidelines: | Scenario: |
|---|---|
| Identify the policies, procedures, standards, benchmark practices and any regulatory requirements that an Information object is bound by | (1) Each person's compensation criteria must be determined in accordance with the Annuities Based on Retired or Retainer Pay law. |
| Ensure that all data processing activities are well defined and documented based on the policies, procedures, standards, benchmarks and regulatory requirements. | (1) Process of making a damage estimate is well defined based on industry benchmarks |
| Ensure that the application programs cater for standards and regulatory compliance | (1) A software program to make damage estimates which includes all benchmark data |
| Regularly monitor the data processing activities and identify the problems and inefficiencies so that the corrective and preventive actions can be taken. | (1) Frequent delays in time sheet approvals results in delayed payments |
| Signs should be standardised and universally used | (1) In the line efficiency report, low efficiency lines are indicated using a RED light while a green light indicates high efficiency |
| Relevant standard, procedures, policies and regulations should be communicated to the users effectively | (1) Providing a guidelines for signs |
| Ensure that proper conversion tables are maintained and used in converting attribute vales to different measurement bases. | (1) Metric conversion tables are used to convert lbs to kgs. |
Validation Metric:
| How mature is the process maintain the adherence to standards and regulations |
These are examples of how the characteristic might occur in a database.
| Example: | Source: |
|---|---|
| The age at entry to a UK primary & junior school is captured on the form for school applications. This is entered into a database and checked that it is between 4 and 11. If it were captured on the form as 14 or N/A it would be rejected as invalid. | N. Askham, et al., “The Six Primary Dimensions for Data Quality Assessment: Defining Data Quality Dimensions”, DAMA UK Working Group, 2013. |
The Definitions are examples of the characteristic that appear in the sources provided.
| Definition: | Source: |
|---|---|
| A measure of the existence, completeness, quality, and documentation of data standards, data models, business rules, metadata, and reference data. | D. McGilvray, “Executing Data Quality Projects: Ten Steps to Quality Data and Trusted Information”, Morgan Kaufmann Publishers, 2008. |
| The data element has a commonly agreed upon enterprise business definition and calculations. | B. BYRNE, J. K., D. MCCARTY, G. SAUTER, H. SMITH, P WORCESTER 2008. The information perspective of SOA design Part 6:The value of applying the data quality analysis pattern in SOA. IBM corporation. |
| SIGNS AND OTHER Information-Bearing Mechanisms like Traffic Signals should be standardized and universally used across the broadest audience possible. | ENGLISH, L. P. 2009. Information quality applied: Best practices for improving business information, processes and systems, Wiley Publishing. |
| Validity of data refers to data that has been collected in accordance with any rules or definitions that are applicable for that data. This will enable benchmarking between organisations and over time. | HIQA 2011. International Review of Data Quality Health Information and Quality Authority (HIQA), Ireland. http://www.hiqa.ie/press-release/2011-04-28-international-review-data-quality. |
Data access control
| Characteristic Name: | Data access control |
| Dimension: | Availability and Accessability |
| Description: | The access to the data should be controlled to ensure it is secure against damage or unauthorised access. |
| Granularity: | Information object |
| Implementation Type: | Process-based approach |
| Characteristic Type: | Usage |
Verification Metric:
| The number of tasks failed or under performed due to lack of data access control |
| The number of complaints received due to lack of data access control |
GuidelinesExamplesDefinitons
The implementation guidelines are guidelines to follow in regard to the characteristic. The scenarios are examples of the implementation
| Guidelines: | Scenario: |
|---|---|
| Periodically evaluate the security needs considering the criticality of data (Value, confidentiality, privacy needs etc.) and accessibility requirements of data and then update the information security policy consistently. | (1) Employee salary is a confidential data and hence need security against unauthorised access. (2) Master data has a high economic value to the organisation and hence need security against unauthorised access and change |
| Continuously evaluate the risks threats and identify the vulnerabilities for data and update the information security policy | (1) The frequency of security assessment for data associated with online transactions was increased due to the high volume of online transactions. |
| Implementation of access controls for each critical information as prescribed by the information security policy. | (1) An Employee’s salary data can be viewed only by his or her superiors. (2) Master data can be created and updated only by the authorised executives. (3) Login credentials are required for system access |
| Data is stored in secured locations and appropriate backups are taken | (1) Databases are stored in a special server and backups are taken regularly (2) Documents are saved using a content management system in a file server |
| Restrict the accessibility of information using software based mechanism | (1) Data encryption (2) Firewalls |
| Restrict the accessibility of information using hardware based mechanism | (1) Security tokens |
Validation Metric:
| How mature is the process of ensuring data access control |
These are examples of how the characteristic might occur in a database.
| Example: | Source: |
|---|---|
| if the official version of the minutes of a meeting is filed by the records manager and thus protected from change, the unauthorised version will not form part of the official record. | K. Smith, “Public Sector Records Management: A Practical Guide”, Ashgate, 2007. |
The Definitions are examples of the characteristic that appear in the sources provided.
| Definition: | Source: |
|---|---|
| Is the information protected against loss or unauthorized access? | EPPLER, M. J. 2006. Managing information quality: increasing the value of information in knowledge-intensive products and processes, Springer. |
| Data is appropriately protected from damage or abuse (including unauthorized access, use, or distribution). | PRICE, R. J. & SHANKS, G. Empirical refinement of a semiotic information quality framework. System Sciences, 2005. HICSS'05. Proceedings of the 38th Annual Hawaii International Conference on, 2005. IEEE, 216a-216a. |
| The extent to which information is protected from harm in the context of a particular activity. | STVILIA, B., GASSER, L., TWIDALE, M. B. & SMITH, L. C. 2007. A framework for information quality assessment. Journal of the American Society for Information Science and Technology, 58, 1720-1733. |
| Access to data can be restricted and hence kept secure. | WANG, R. Y. & STRONG, D. M. 1996. Beyond accuracy: What data quality means to data consumers. Journal of management information systems, 5-33. |