© 2011 IBM Corporation Information Agenda Information Management May 24, 2012 Information Governance for Smarter Government Strategy and Solutions
May 17, 2015
© 2011 IBM Corporation
Information Agenda Information Management
May 24, 2012
Information Governance for Smarter Government Strategy and Solutions
© 2011 IBM Corporation
Information Management
2
Questions from Legislature
How many children under 15 also have children utilizing our services?
How many people over 100 years of age receive benefits?
How many indigenous people receive income support payments?
Why is Governance Important?
Data Profiling by Business Intelligence department
Several one-year old children also had children
Number of people over 100 years of age exceeded the number of people from the
national census
The percentage of indigenous people receiving income support payments was
significantly lower than the average population
Outcomes
Focus on Date of Birth and Race as critical data elements
People creating the mess (front office) were not the people consuming the mess
(Business Intelligence)
© 2011 IBM Corporation
Information Management
3 3
The Information Challenge Is Only Making It Harder…
An Explosion In Volume, Variety & Velocity
Inefficient Access 1 in 2 don’t have access to the information across their
organization needed to do their jobs
Lack of Insight 1 in 3 managers frequently make
decisions without information they need
Inability to Predict 3 in 4 leaders say more predictive
information would drive better decisions
Variety of Information
Volume of Digital Data
Velocity of Decision Making
Source: IBM Institute for Business Value
“…40 exabytes of data created in 2008…
more than created in the previous 5,000 years combined…”
•Scope & Size of Data Sets
• Complexity, Connectedness and Growth Rates
• Context & Importance Of Integration
© 2011 IBM Corporation
Information Management
4
People Process Technology
INFORMATION GOVERNANCE
Proactively leveraging information to unlock value and manage risk Guide decision-making
Ensure information is consistently defined and understood
Increase the use and trust of data as an enterprise resource
Protect data and comply with regulatory requirements
Objectives of an Information Governance Program
Information Governance is the exercise of decision rights to
optimize, secure and leverage data as an enterprise asset.
© 2011 IBM Corporation
Information Management
5
Information
Governance Govern
Quality Security & Privacy
Lifecycle Standards
Transactional &
Collaborative
Applications
Business Analytics
Applications
External
Information
Sources
Success requires governance across the “Information Supply Chain”
Analyze
Integrate
Manage Cubes
Streams
Big Data
Master Data
Content
Data
Streaming
Information
Data Warehouses
Content Analytics
……a holistic approach
© 2011 IBM Corporation
Information Management
6
IBM’s thought leadership history in Information Governance
Enhances
Requires
Supports
The organization processes for monitoring and measuring the data value, risks, and efficacy of governance.
Audit and Reporting
The methods and tools used to create common semantic definitions for business and IT terms, data models, types, and repositories. Metadata that bridge human and computer understanding.
Data Classification / Metadata
The architecture design of structured and unstructured data systems and applications that enable data availability and distribution to appropriate users.
Data Architecture
Stewardship is a quality control discipline designed to ensure custodial care of data for asset enhancement, risk mitigation, and organizational control.
Stewardship
Describes the level of mutual responsibility between business and IT, and recognition of the fiduciary responsibility to govern data at different levels of management.
Organization
Policy is the written articulation of desired organizational behaviour.
Policy
Describe the policies, practices, and controls used by an organization to mitigate risk and protect data assets.
Security / Privacy / Compliance
Manage a systemic policy-based approach to information collection, use, retention, and deletion.
Information Life Cycle
Methods to measure, improve, and certify that quality and integrity of production, test, and archival data.
Data Quality
The methodology by which risks are identified, qualified, quantified, avoided, accepted, mitigated, or transferred out.
Data Risk Management
The process by which data assets are qualified and quantified to enable the business to maximize value created by data assets.
Value Creation
DescriptionCategory
The organization processes for monitoring and measuring the data value, risks, and efficacy of governance.
Audit and Reporting
The methods and tools used to create common semantic definitions for business and IT terms, data models, types, and repositories. Metadata that bridge human and computer understanding.
Data Classification / Metadata
The architecture design of structured and unstructured data systems and applications that enable data availability and distribution to appropriate users.
Data Architecture
Stewardship is a quality control discipline designed to ensure custodial care of data for asset enhancement, risk mitigation, and organizational control.
Stewardship
Describes the level of mutual responsibility between business and IT, and recognition of the fiduciary responsibility to govern data at different levels of management.
Organization
Policy is the written articulation of desired organizational behaviour.
Policy
Describe the policies, practices, and controls used by an organization to mitigate risk and protect data assets.
Security / Privacy / Compliance
Manage a systemic policy-based approach to information collection, use, retention, and deletion.
Information Life Cycle
Methods to measure, improve, and certify that quality and integrity of production, test, and archival data.
Data Quality
The methodology by which risks are identified, qualified, quantified, avoided, accepted, mitigated, or transferred out.
Data Risk Management
The process by which data assets are qualified and quantified to enable the business to maximize value created by data assets.
Value Creation
DescriptionCategory
1
2
6
7
8
9
10
11
4
5
3
The IBM leading practice Information Governance Framework is composed of eleven disciplines of governance across 4 distinct focus layers.
© 2011 IBM Corporation
Information Management
7
Good governance requires process and accountability IBM Information Governance Unified Process
Define
Business
Problem
Obtain
Executive
Sponsorship
Conduct
Maturity
Assessment
Build
Roadmap
Establish
Organization
Blueprint
Build
Business
Glossary
Understand
Data
Create
Metadata
Repository
Define
Metrics
Govern
Lifecycle
Management
Govern
Security &
Privacy
Govern
Analytics
Measure
Results = Enable through Process
= Enable through Process & Technology
Govern
Master Data
Management
Govern Data
Quality
© 2011 IBM Corporation
Information Management
8
Where do we get started?
Define
Business
Problem
Obtain
Executive
Sponsorship
Conduct
Maturity
Assessment
Build
Roadmap
Establish
Organization
Blueprint
Define
Metrics
Measure
Results = Enable through Process
= Enable through Process & Technology
© 2011 IBM Corporation
Information Management
9
Obtain executive sponsorship
Information Governance will only succeed if the
process engages the right stakeholders from IT
and the business
Identify an owner of the Information Governance program – Processes will generally fail if it isn’t an owned responsibility
Identify additional stakeholders – As a general rule, it is any function that relies on
information for effective performance
Establish the business case
Focus on “quick hits”, measure outcomes and
show success – Improve data quality to support better customer activities
– Manage data lifecycle to reduce costs of storage
– Monitor database activity to protect data and
enhance compliance
© 2011 IBM Corporation
Information Management
10
Case Study: Information Governance over date of death and mailing address at a social services agency
A social services agency found that:
A number of individuals continued to receive payments, and did not inform the agency
when a family member passed away.
Because 20 different parts of the organization needed to be notified when a person died,
it was always possible that a death would be “lost in the mix.”
In addition, the agency knew that the quality of its customer mailing addresses was
poor.
As a result:
The agency was paying extra fees to the postal service for returned mail.
Because the location of an individual was a critical factor in the formula for income
support payments, the agency was potentially over-paying persons who had moved but
did not update their mailing address.
Finally, the agency had to deal with privacy issues if letters were sent to the wrong
address.
© 2011 IBM Corporation
Information Management
11
Case Study: Information Governance over date of death and mailing address at a social services agency
The agency established an information governance program to:
Improve the quality of data for just two attributes: date of death and mailing address.
It created a special team that pored over newspaper records to identify deaths that had
not been recorded in its systems.
The team also used data quality tools to standardize mailing addresses. Finally, the
team began to validate mailing addresses with a standardized list from the postal service.
Because of these activities, the social services agency was able to reduce fraud and the
costs of serving its constituents by a significant percentage.
© 2011 IBM Corporation
Information Management
12
Establish Organizational Blueprint Define the Information Governance charter
Define the organization structure for information
governance
Establish the Information Governance council
Establish the Information Governance working group
Identify data stewards
Conduct regular meetings
– Information Governance council
– Information Governance working group
“ Remember that when Information Governance roles are created, they should be explicitly
made part of the job, and the individuals assigned to them must be accountable for their
performance in those roles. It's not good enough to say ‘we know you have a day job,
but we'd like you to be responsible for this information as well’.
Gartner Research, Q&A: Information Governance, Anne Lapkin, Debra Logan, Jan 19, 2011
© 2011 IBM Corporation
Information Management
13
Ownership of Information Governance Programs in Government
• Social services agency – The data quality team, within the business integrity branch,
had ownership for information governance. The data quality team developed a close
working relationship with the information technology branch that acted as the data
custodian.
• Local child welfare services agency – The information technology team assumed
ownership for the information governance program that had an intense focus on
improving the privacy of sensitive data regarding child services. The objective was to
hand over ownership of the program to the office of privacy once there was widespread
organizational buy-in to the severity of the problem.
• Provincial health system – The director of client registry was a newly created position
with responsibility to establish a common patient master record across the province. The
director was also accountable for the quality of data within the patient registry.
• Veterans agency – The information committee was chaired by the deputy commissioner
with representatives across the business. The data integrity sub-committee was
responsible for data quality issues.
© 2011 IBM Corporation
Information Management
14
Define Metrics
Data Governance Metrics Goal Oct
2011
Sept
2011
Aug
2011
July
2011
June
2011
May 2011
(Baseline)
Percent of customer duplicates in Unica 5% 9% 10% 11% 12% 13% 14%
Percent of customer duplicates in Oracle 3% 4% 5% 7% 7% 8% 14%
Percent of public domain email addresses Unica 13% 11% 13% 15% 18% 21% 23%
Percent of non-validated email addresses in Unica 8% 10% 10% 11% 11% 12% 15%
Percent of null bill-to email addresses in Oracle 2% 6% 8% 12% 15% 18% 22%
4. Develop rules for
measuring data elements
2. Define your KPI’s and critical
data element measurements
5. Establish the acceptable
threshold or goal with the Data
Governance Council
6. Report periodic progress to the Data
Governance Council.
3. Discover location of
critical data elements
1. Plan for metrics within
your governance initiative
© 2011 IBM Corporation
Information Management
15
Define
Business
Problem
Obtain
Executive
Sponsorship
Conduct
Maturity
Assessment
Build
Roadmap
Establish
Organization
Blueprint
Build
Business
Glossary
Understand
Data
Create
Metadata
Repository
Define
Metrics
Govern
Lifecycle
Management
Govern
Security &
Privacy
Govern
Analytics
Measure
Results = Enable through Process
= Enable through Process & Technology
Govern
Master Data
Management
Govern Data
Quality
Product Mapping – Unified Governance Process Support
InfoSphere
Blueprint
Director
InfoSphere
Business
Glossary
InfoSphere
Information
Analyzer /
Discovery
InfoSphere
Metadata
Workbench
IBM Cognos
InfoSphere
Information
Server
InfoSphere
MDM Server /
Initiate
InfoSphere
Optim /
Guardium
InfoSphere
Optim
IBM
Cognos
© 2011 IBM Corporation
Information Management
16
Using the right tools – and using the tools right!
© 2011 IBM Corporation
Information Management
17
Understanding data quality You can’t manage what you don’t understand
Understand the structure and content of heterogeneous data
Apply business rules to test and verify data quality
Understand complex, poorly documented data relationships
Develop a shared understanding of the data you have
Discover the location and extent of sensitive data
?
? ?
? ?
? ?
?
? ? ?
?
?
?
?
?
?
?
? ?
?
? ?
?
? ?
?
?
?
?
Distributed Data Landscape
© 2011 IBM Corporation
Information Management
18
Governments must tame the chaos of their data
What’s the Problem?
– There’s too much information, and you can’t tell what’s important or reliable
– Multiple versions of the truth lead to problems with regulatory compliance and
problems managing customer, product and partner interactions
– Lack of business agility to identify and take advantage of opportunities
The Data Quality Challenge and Desired Outcome
• Redundancies • Lack of standards • Unlinked records • Incorrect data
Complete & accurate view of information
It’s essential to cleanse your data then continually manage it to retain high quality
© 2011 IBM Corporation
Information Management
19
Case Study Security and Privacy at Child Welfare Agency
The department received a complaint from a relative who cared for a family member’s
child.
On numerous occasions she requested that her home address, telephone number and
other details about the child remain private. The complainant was concerned about the
child’s parents’ criminal history, violence and drug use.
The complainant’s address details were included in documentation and sent to the
child’s parents by the department. As a result, the complainant moved house because
of safety concerns. She complained to the department which provided her with some
financial assistance as a result of the move.
The complainant requested that her new address be recorded as ‘withheld’ by the
department. However, the department failed to comply with this request.
The department subsequently sent documentation to the child’s parents which included
the complainant’s new address details as well details concerning the child. The
complainant requested compensation to cover the cost of insurance and security
measures for her home, as well as increased rental costs.
The complainant’s payout was then reassessed and she was provided with a higher
level of compensation.
© 2011 IBM Corporation
Information Management
20
Establish Metadata Repository to demonstrate the lineage of data
© 2011 IBM Corporation
Information Management
21
Metadata
Case Study: Multiple definitions for “child” at a social services department
A social services department had 14 different definitions for the term “child.” In some
instances, the legislation would define a child as being under 16 years of age. In other
instances, the legislation would define a child as being under 18 years of age to
determine their eligibility for homeless benefits.
The business glossary at the social services agency included all the 14 definitions of child
along with a reference to the specific page in the legislation that defined the term.
Every government entity struggles with the inconsistency of data definitions
For example, a government health department had different hospitals in the same area using different testing codes for the same procedure
In many cases, the proliferation of definitions is compounded by the fact that different pieces of legislation define the same term differently to achieve a multitude of social and economic goals (see case study)
© 2011 IBM Corporation
Information Management
22
Metadata Benefits
A. Number of new applications per year 100
B. Number of hours by business analysts per application per year 200
C. Number of hours by data modelers per application per year 200
D. Average hourly cost of a business analyst $40
E. Average hourly cost of a data modeler $25
F. Total application development cost for analysts and data modelers
{(AxBxD)+(AxCxE)} $1,300,000
G. Number of developer hours spent on data discovery per application 100
H. Average hourly cost of a developer $30
I. Total annual cost of data discovery (AxGxH) $300,000
J. Conservative savings from efficiency improvements based on a metadata
platform 25%
© 2011 IBM Corporation
Information Management
23
Metadata Benefits (Cont’d.)
K. IT savings from a metadata platform in year 1 (F+I)xH $400,000
L. Number of users of business reports 5,000
M. Total number of working hours per year 2,000
N. Percentage of time spent on reviewing reports 5%
O. Percentage of report-viewing time that can be saved based on access to common
data definitions and data lineage
3%
P. Cost per hour of business users $50
Q. Business savings from a metadata platform in year 1 (LxMxNxOxP) $750,000
R. Total financial benefits to IT and the business from a metadata platform in year 1
(K+Q)
$1,150,000
© 2011 IBM Corporation
Information Management
24
Designate Enterprise Master Data
What is “Master Data Management”?
Disciplines, Technologies, Processes …
… that accommodate, control and manage master data, across the organization
Master Data Management – Foundational to Information Governance
Customer
Support
Sales
Claims
INFORMATION
Bill
35 West 15th Street
Toledo
Jones
OH / 12345
M
50
1/1/65
First:
Last:
Address:
City:
State/Zip:
Gender:
Age:
DOB:
CRM
B. Jones
Toledo, OH 12345
35 West 15th Street
Name:
Address:
Address:
ERP
William Jones
Toledo, OH 12345
35 West 15th St.
Name:
Address:
Address:
Legacy
Billie Jones
Toledo, OH 12345
36 West 15th St.
Name:
Address:
Address:
SOURCE SYSTEMS ENTERPRISE
APPLICATIONS MASTER DATA
MANAGEMENT
© 2011 IBM Corporation
Information Management
25
Improve the quality of data to support citizen-centric initiatives
Several state and local governments are implementing different flavors of “single view”
initiatives. For example, some social services agencies provide a single view of all their
services to the citizen. The objective is to allow caseworkers to view a person’s family
history, financial information, employment background, and eligibility for programs such
as food stamps and public healthcare.
In another scenario, a single view of the client might be shared across divisions in a
human services department so that services can be offered based on a “client-journey.”
As a result, a single view of a homeless person might be tracked across employment
services, housing services, complex needs, and disability. In yet another scenario, child
services needs to ensure that children are paired with the appropriate caregivers and not
exposed to individuals that might do them harm.
These projects are typically quite challenging because most health and human services
organizations need to collect data about their clients from service providers, other
agencies, and non-governmental organizations. This data is often in different formats and
requires information governance policies to link client data across silos.
© 2011 IBM Corporation
Information Management
26
Volume and run rate costs are probably doubling every 3 years
While information governance capabilities haven’t improved – resulting in a vicious cycle
Data Volume and Storage Growth Are Cost Crisis and Risk Driver
Run Rate May Be Growing Faster than Budget
Storage OpEx 2008: 2014F ($ M)
High Risks & Mitigation Burden
Without capability to align how information is stored with its value, you over spend and over store Processes have not matured to reflect volume, including how we:
Define and execute legal holds and data collection
Communicate and execute retention schedules for electronic information
Ensure transparency and associate information duties and business value with information assets
Provision, decommission and dispose of data
Unable to defensibly dispose of unnecessary data which just increases your costs and risks in a vicious escalation.
© 2011 IBM Corporation
Information Management
27
27
Very Simple Savings Proposition: Dispose of Unnecessary Data
Hold & Collect Evidence
Archive for Value & Dispose
Retain Records & Dispose
Dispose of Data Debris
Cost Reduction and Risk Reduction The value of Defensible Disposal
Change Your Data & Value Curve:
A new definition of Archiving:
Archiving is an intelligent process for effectively
managing inactive, infrequently accessed, or currently
unmanaged data, both structured and unstructured,
while providing the ability to discover, search, and
retrieve it during a specified retention period while it
has value to the organization as a whole and
ideally, to defensibly dispose of it when it does not.
© 2011 IBM Corporation
Information Management
28
A. Number of applications to be retired 10
B. Number of technical staff assigned to maintaining each application
including developers, DBAs, and managers 5
C. Annual cost per employee $60,000
D. Total employee cost for applications to be retired (AxBxC) $3,000,000
E. Annual cost of hardware and storage per application $50,000
F. Total hardware and storage costs for applications to be retired (AxE) $500,000
G. Total annual cost savings from application retirement (D+F) $3,500,000
State and Local Government – Information Governance around Application
Retirement
© 2011 IBM Corporation
Information Management
29
Protecting data is both an external and internal issue
Prevent “power users” from abusing their access to sensitive data (separation of duties)
Prevent authorized users from misusing sensitive data
Prevent intrusion and theft of data
Prevent “power users” from abusing their access to sensitive data (separation of duties)
Prevent authorized users from misusing sensitive data
Prevent intrusion and theft of data
Security makes it possible for us to take risk, and innovate confidently.
© 2011 IBM Corporation
Information Management
30
Business Benefits from Security and Privacy at a Government Agency
Top-level business benefits
Reduce the risk of data breaches for structured data stored in various databases
Improve regulatory compliance by implementing real-time database monitoring controls
to identify policy violations and suspicious activity
The agency identified two categories of quantifiable business benefits associated with the
reduction of risk and operational costs.
Quantifiable business benefits
1. Five-year business case for risk reduction
– Reduction of risk reduction of $10 million per year, or $51 million over five years
– Return on investment was 1,195 percent
– Payback in four months
2. Five-year operational cost benefits
– Reduction of total operational cost by $13 million
– Return on investment was 230 percent
– Payback in 10 months
© 2011 IBM Corporation
Information Management
31
Next Steps in Information Governance
IBM Information Governance Council
– Established Information Governance Council over five years ago
– Developed Maturity Model for Information Governance leveraged by over 250 customers
– Community now exceeds 1500 members
– Join the community www.infogovcommunity.com
– Self assessment
Free workshops and assessments
For more information www.ibm.com/informationgovernance
© 2011 IBM Corporation
Information Management
32
Resources: IBM Information Governance Workshop
Focus is on four key disciplines
1. Data Quality
2. Information Lifecycle Management
3. Data Security & Privacy
4. Standards
Workshop Components
Understand Business Objectives & Related Technical Challenges
Conduct an Information Governance Maturity Assessment
Create an Information Governance Roadmap
Quantify Cost Savings with a Business Value Assessment (BVA)
© 2011 IBM Corporation
Information Management
33