Transcription
Data Governance at the Church ofJesus Christ of Latter‐day Saints:Governance, Quality, and SecurityBy Pablo J. RiboldiInformation Governance, Quality, & Security2007 ‐ 2013
Program Evolution (years 1‐3)Dec 2006May 2007June 2007July 2007Aug 2007Dec 20072007‐2010Jan 2008Apr 2008Feb 2009Jul 2009 IRI 2013Data Stewardship policy is formally approved starting theIGM program for the whole enterprise.Hired Information Governance Manager (Pablo Riboldi).MDM started sharing enterprise reference data sets(Currencies, Geopolitical Locations, Languages).Information Classification & Handling policy is approved.Created template for Data Sharing Agreements (DSA).MDM added 2 main data sets (Organizations, Assignments).Three 1‐year interns worked to supplement IGM team.Created DSA Library as a SharePoint site.Created Data Sharing Agreement Process and DataSteward Designation process.Joined Data Sharing Agreements into one format.Created Common Data Matrix spreadsheet as a precursor tothe Data Sharing Portal (DSP).2
Program Evolution (years 4‐5)Feb 2010Jun 2010Sep 2010Nov 2010Jan 2011Feb 2011Mar 2011May 2011Aug 2011Sep 2011Oct 2011 IRI 2013Launched Data Sharing Portal v1.0. Started documentingdata domains and designated data stewards.MDM added 2 more data sets (Leadership, Finance Config).Created quality matching for Temple Entry System migration.Started working relationship with new Data Privacy Officer.Joined Information Quality team to InformationGovernance, creating IGQ team (1 manager, 3 engineers).Launched Address Standardization service (1 customer).Launched DSP v2.0. Started documenting data elements.Launched IDVault Synchronization Quality Dashboard.Created Information Governance Issue Resolution process.Hosted 1st Data Stewards Conference.MDM added facility information (10 data domains served).3
Program Evolution (years 6‐7 . . .)Jan 2012Apr 2012May 2012Jul 2012Aug 2012Sept 2012Dec 2012Jan 2013Jan 2013Feb 2013 IRI 2013Added Information Security to IGQ team responsibilities,increasing the team to 6 (1 manager, 5 engineers).Database Security Policy is approved.Launched Database Security Dashboard to production.MDM added 2 data sets (IT Infrastructure, HumanResources).Launched MDM Data Model in Data Modeling Portal.Upgraded Address Standardization service (5 customers).Launched DSP v3.0. Started online DSA processing.Facilities Department contracts IGQS engineer forlong‐term quality improvement intervention.IGQS team remains intact after a department‐wide 7%reduction‐in‐force.Online Store becomes user of Address Standardization.4
Scale of the Solution—Structure3) For full disclosure, due toorganizational changes, this committeeso we are committeelooking for a2) wasThis dissolved,high level executivenew,high‐levelsponsor.However,sponsored the Information GovernanceInformationGovernanceis so muchprogramand assertedownershipof all partof thedataenterpriseChurchassets. culture, that theprogram has continued moving forward.1) Even though the InformationGovernance Program was started and issponsored by the Information &Communication Services Department (ITside), it provides data governance as aservice to the whole Church.MICC Executive Committee (CIO)(Executive Decisions, Program Sponsorship, Data Owners)10) Internal and external entitiesrequesting access to Churchenterprise data work with IGQS toobtain authorized access to theinformation. These requestors expandthe scale of Governance worldwide.9) IGQS develops processes, tools,reports to support the Data Stewardsgoverning the information under theirstewardship.8) IGQS and the data stewards designspecific interventions to improvegovernance for their data domains. IRI 2013Managing Directors (22 Departments)(Designate Data Stewards)Data Privacy Office (2)(Ensure compliance with privacy laws worldwide)Data Stewards (60)(Tactical Decisions, Classification)Data Coordinators (29)(Operational Decision, DataDefinitions)7) New data stewards receive trainingfrom IGQS and plan with IGQS whatgovernance initiatives they want to focuson: sharing, security, quality,classification, etc.54) By policy, the MICC delegatesstewardshipof specificdatadomainsto5)The Data PrivacyOffice(DPO,part ofthe Correlationdepartments,and the ManagingtheDepartment)functions asDirectorsdesignateDataStewardsto ofa special Data Steward reviewing usedischargeidentifiabletheir responsibilities.personalinformationworldwide. They engage external legal6) Some Data Stewards designate one orcounsel when necessary.more Data Coordinators to assist them.All the Data Stewards and Coordinatorsreport to the management structurewithin the departments they represent.
Communities served by DG ProgramInformation Governance directly involves and affects: 60 Data Stewards from 22 departments governing data 85 Product Managers from 26 departments requesting data 65 internal organizations requesting enterprise data through DSAs 37 external organizations requesting enterprise data through DSAs 100 developers coordinating data services and connections 86 Solution Managers ensuring proper use of enterprise data 33 database engineers implementing DSAs and database security 24 IT Portfolios receiving DB Security reports for 589 audited databases 8 enterprise applications standardizing millions of addresses worldwide 6 enterprise applications doing continuous data quality interventions IRI 20136
Problems / Solutions / Impact / Benefits IRI 20137
1) In the beginning . . . no Governance Early 2006, the Church Education System (CES)requested the Data Warehouse (DW) team to createreport showing financial information for Seminariesand Institutes worldwide.Finance & Records Department (FRD) asserted thatthe financial data was theirs and ordered the DWteam to shut the CES reports down.The DW team removed the reports.CES complained and asserted that financial dataabout CES was rightfully theirs. They ordered the DWteam to open the reports again.CES and FRD were log‐jammed for months. DW teamwas in the middle. Who owns the data? Who decides? IRI 20138One of CES Institute buildings at a university campus.This was one of many intractableproblems related to lack of governance.People and departments worked andsuffered in isolation using the “law ofgravity” and “data myning” as a way toendure through these problems.
1) In the beginning . . . no GovernanceApproved Data Stewardship Policy (Dec 2006) MICC owns all data stewardship decision. Stewards are accountable to the MICC for theirdata stewardship responsibilities. CIO represents the MICC and is authorized to make routine decisions on their behalf. As Data Domains are assigned to departments, Managing Directors will make specificstewardship assignments which will be documented and distributed among key stakeholders. For particular issues, as needed, key data stewards are organized in working groups led bythe CIO who submits proposals to the MICC. Through the years this policy has beeninvaluable to IGQS, giving us theauthority to affect the whole enterprise.Started Information Governance at the Church.Creation of the Information Governance Management team to support implementation ofthe policy.Even though the title designation “DataClear “ownership” of data assets, and delegation of “stewardship”.Clear line of authority to resolve information governance issues.Clear responsibilities to data stewards. IRI 20139Steward” is an industry standard, it hasdistinct,important,clear implicationsData SChurchThe1) Obtain adequate notice andculture.appropriateconceptsforof personal“steward”information.and riptures2) Ensure proper access andof data.and Churchemployeesreadilyaccuracy.3) Ensurequality,completeness,understandfull meaningof these4) Ensuredata theis properlyclassifiedfor use,concepts.processing and storage.5) Ensure handling requirements andrecords retention plan exists.
2) DG Vision, Strategy, Direction After the Data Stewardship Policy was approved and IGM wasestablished, we still needed to decide . . . What do we do now? IGQS General Principles Long‐term Directives Avoid data duplication that causes datareconciliation and differences inmanagement reportingAvoid development of duplicatefunctionality in information systemsEnd‐user experience should not becompromised by systems’ efficiencySpecific enterprise information is clearlyowned and resides in one system ofrecordSystems of record provide visibility of theirdata to other systems as needed andauthorized Data Stewards for all enterprise information are clearly designatedand publishedData Stewards clearly understand and are held accountable forthe discharge of their responsibilitiesData Stewards can easily understand and monitor the security,quality, usage, and definitions for the data under theirstewardshipEnterprise data is shared among authorized systems usingappropriate methods that eliminate data duplication and avoidreconciliationsCustomers and team members understand the data governanceprocess and use it appropriatelyThe data governance process is effective and efficientData Governance assures compliance with Church IT policies andinitiates policies where necessary IRI 2013 10Bring Forth the Records Gary Kapp
2) DG Vision, Strategy, Direction After the Data Stewardship Policy was approved and IGM wasestablished, we still needed to decide . . . What do we do now? Long‐term Directives IGQS General Principles Mostly local to the IGQS Team, helping us guide our plans and strategies.We validate Data Stewards’ ideas, plans, strategies against these principles and directives. Clear vision to check operational and tactical decisions against the long‐term vision.Bring Forth the Records Gary KappWhere there is no vision, the people perish.(Prov 29:18) IRI 201311
3) Data here, data there, data everywhere Applications needed data from other systems.Data was informally shared among systems using whatevermethods were available: from database links to spreadsheets.7,800 database links among 400 databases.––––– Who was responsible for these links?What were these links used for?Were they granted too many privileges?Are they still being used?Can we get rid of them?With no one responsible to ask and noone accountable to answer these andmany other questions, we were frozeninto inactivity.There were outdated copies of data sets everywhere.Business units were spending lots of time manuallyreconciling reports and data sets however they could.Trust and confidence in data, reports, metrics was low.Even though data was going everywhere, the wholeorganization was suffering fromsevere information drought. IRI 2013“You need that data.”“Yeah, but I don’t know how to get it.”“Hey, I used to work for this otherprojectthatthathaddata.”access to that, here’s“You needtheaccountand passwordtotoconnect.”“Yeah,but I don’tknow howget it.”“OK,thanks!”“I have it, I’ll send you a copy on aspreadsheet.”“OK, thanks!”12#2 Understatement of the century.#1 Understatement of the century.
3.a) Designate Data Stewards to Domains We began assigning data stewards to systems.– But, most systems had data from multiple sources, stewardship was not clear.So we changed by identifying data domains and assigning stewards to those domains.–––We started documenting these domains and stewardships in a spreadsheet: the Common Data MatrixPublished the Data Steward Designation ProcessLaunched the Data Sharing Portal (DSP)Thanks Bob Seiner! IRI 201313
3.a) Designate Data Stewards to Domains 22 Managing Directors haveApproved 60 Data StewardsOver 214 data domains, toClassify and define 2,744 elementsAnd growing! IRI 2013The DSP allows us to –––––14Identify and manage data domainsClearly assign stewardship to dataDescribe and classify domains and data elementsDefine data elements in business termsSearch for terms across all domains
3.b) Data Sharing Agreements One group, Membership & Statistical Records (MSR), was documentingAgreements since 1998 trying to control the flow of their information.We adopted their model and worked together to create common–Data Sharing Agreement (DSA) templates IRI 201315
3.b) Data Sharing Agreements––Data Sharing Agreement (DSA) templates,DSA ProcessThis is the DSA processflowchart from the document.This is the same DSA process asviewed in the Service Catalog. IRI 201316
3.b) Data Sharing Agreements–––Data Sharing Agreement (DSA) templates,DSA Process,DSA Library IRI 2013There are 591 Approved DSA inthe DSA Library.17
3.b) Data Sharing Agreements––––Data Sharing Agreement (DSA) templates,DSA Process,DSA Library, andOnline DSAs in the DSPData Stewards and IGQS organize dataelements that are commonly sharedtogether in Packages.There are 21 Available Packages in the DSP.Online DSAs are whenrequesting organizations aregranted access to a package.There are 175 ApprovedAgreements in the DSP.Online DSAs are higher qualitybecause requestors can’t askfor attributes that are notavailable.They are also faster and easierto approve! IRI 201318
3.b) Data Sharing Agreements 766 approved DSAs250 amendments to DSAs (last year)65 internal requesting organizations37 external requesting organizationsAudit Department started requiring DSAs Data Stewards know who is authorized to usedwhat data and why.Requestors know how to ask and receive the datain a timely manner (no more skunk works).DSA process sets clear escalation path to solvegovernance issues.Denied DSAs set precedent on proper sharing.New DSA's Approved2001801601401201008060402001998 IRI 201020112012
3.c) Selected Data Sharing Strategies Data was being shared by whatever method was available to developers.With the DSA Process we document appropriate/ approved data sharing strategies.IGQS supports four Data Sharing Strategies:1) DB Links2) MDM Replication 3) Web Services(most common)(very common)(up and coming)MDMMDM replicates onlyDSA authorized datainto a read‐onlyschema in the target.(10 Enterprisedata sets)Enterprise data is ETLto the MDM nightly.WebServicesWeb Services read data from systems ofrecord or from the MDM and deliver itdirectly to applications. IRI 2013(for logged in user)MDM delivers datatoRequesting97 applicationsApplications and DBsenterprise data through DSAs)and(400 427 receiveendpoints.DB Links are common, easy, but pose security risks.DBEs now only do new links with approved DSAs.The number of DB Links is now 2,000.SystemsofRecord4) Directory ServicesID Vault(LDAPDirectories)20Access to the web serviceis also authorized by DSAs.Almost all applicationsauthenticate usingDirectory Services.If authorization, personaldata for the logged inuser is needed, the appneeds a DSA.
3) Data here, data there, data everywhereThe problem of data sprawled is address by several Governance Solutions: Clear designation of Data Stewards to Data Domains, Definition and classification of business data elements, Data Sharing Agreements, Processes and tools to support information governance, and Selected data sharing strategies Data Stewards are respected for their responsibilities.Governance issues are being addressed, documented, and solved.Information Governance is a recognized discipline at the Church. Requestors now know what information is available, how to get it,and where to go.Data Stewards know where there information is, how it is being used. Data still is everywhere, butnow information is flowing! IRI 201321
4) Information Quality Interventions Every business unit was suffering from low information quality intheir own ways.––– Could not get much traction because the business had low confidence in IT:“Don’t touch my data.”Example 1: Migrating people data among systems––– Manual reconciliations: checkers checking checkersMultiple reports with low trust, low valueUsers had to update their data in multiple systems, however the bad, old dataseemed to persist and come back.The Information Quality team was part of QA in IT– I know I changedthat last week!Temple Department was switching from distributed MS Access systems to acentralized Temple Entry System.Each database had information about hundreds of Temple patrons andworkers that needed to be migrated to the new system.They were planning to do manual matching with spreadsheets.TempleDBBob Jonhson254North 200 WestProvo, Utah 84604Example 2: Synchronizing Directories with source systems–––ID Vault Directory had to receive near‐real‐time updates from changes in thesource systems.Records would often get out of synch creating risks, confusion, and thousandsof calls to the Help Desk.They were fixing one problem at a time and catching systemic problems oncein a while. They didn’t have any visibility to where the problems where. IRI 201322MembershipDBRobert A. Johnson254N Freedom BlvdProvo, UT. 84603Are these thesame person?Hum! I can stilllogin to this app.
4) Information Quality Interventions Got a good data quality toolsetAdopted and adapted “The Ten Step Process” Danette McGilvray (Thanks Danette!)Changed the IQ Team to be with Information Governance–– Example 1: Match‐merge person data–– Marketed the IQ services to the Data Stewards and Product ManagersPicked high value IQ interventions and delivered resultsSet up a batch process to do probabilistic matching and scoringUser could decide to merge records easily.Example 2: ID Vault Synchronization Dashboard––Build a dashboard to check the quality of each attribute among Source Systems and DirectoriesEngineers can see which attributes are getting out of synch and find root causes. Speed up migration process significantly.Reduced risk of unauthorized intrusion.Gained more customers for IQ interventions. Saved hundreds of thousands of dollars.Improved quality of information among key systems.Increased confidence and trust on information.Data Stewards gained more recognition for improving data quality and reducing risk. IRI 201323
5) Address Standardization Service As a Church, addresses are very important to us:–––– Addresses are deceptively difficult to capture, store, use.––––– Users entering address information are prone to enter errors.Each country has different address standards and requirements.Do you store addresses in Romanized characters or local writing systems?When do you use each? Is the local user entering the address always right?Who decides?Example 1: Assessing Household address quality––– We want people to be able to find where our churches are.Before we can rescue “the lost sheep,” we need to know where they live.The Church is one of the first responders for humanitarian efforts worldwide.Local leaders rely on correct address information to locate missionaries, members, and touse the meetinghouses for relief centers.Voluntary, temporary, local clerks enter the members’ household address into theMembership system. User errors are common.These addresses are used by many other systems.How good are they? Could they be improved?Example 2: Mailing financial statements and online orders worldwide––Finance mails quarterly statements to donors. Wrong addresses have a high cost and risk.Supply Chain mails magazines and online orders worldwide. Shipping and reshipping costsdue to bad addresses can be very costly. IRI 201324
5) Address Standardization ServiceExample 1: Assessing Household address quality ––Run 4 million addresses through the Address Standardization service.Reported results to MSR. Data Steward decides what improvements to make.Example 2: Mailing financial statements and online orders worldwide –––Build batch and real‐time web service. Standardized 19 million addresses.Quality scores help the systems decide which address to use.User is presented with “Did you mean” options.3%9%Address Quality Top 10 Countries tates IRI 201325QC CODEQ1Q2Q3Q4Q5Q6QC DESCRIPTIONPerfect address on input.Perfected address.There is a "High" likelihood that this address is deliverable.There is a "fair likelihood that this address is deliverable.There is a "small" likelihood that this address is deliverable.It is "highly unlikely" that this address is deliverable.
5) Address Standardization ServiceTop 10 Changes Made to MSR DataUNIT CHANGE1,827COUNTRY CHANGE25,468DIRECTIONAL CHANGE177,138LOCALITY CHANGE604,861REGION CHANGE733,525THOROUGHFARE CHANGE878,634POSTCODE CHANGE3,112,7970500000 1000000 1500000 2000000 2500000 3000000 3500000 Improved millions of addresses in key systems.Databases are storing addresses following a common model. Saved hundreds of thousands of dollars in reduced mailing fees and re‐mailing.Online Store system using this service will save millions of dollars.Improved addresses for thousands of meetinghouses, helping people find the Church.We can account for missionaries and member faster in case of a natural disasters. IRI 201326
6) Keep it secret, keep it safe We had traditional focus on Physical Security and NetworkSecurity.The CISO’s teams were less focused on database security.They asked for help to Enterprise Information Management(EIM).EIM tried several times to write security standards andremediate vulnerabilities centrally.–––– The DBEs assigned to different IT Portfolios did not care to participateNo time now!Too expensive.Not much remediation happened. We missed the mark.The threats continued to increased as the spotlight wasmore often on the Church:––––Proposition 8 in CaliforniaA Mormon GOP US Presidential candidate“The Book of Mormon” musicalContinuous growth of the Church, etc. IRI 201327
6) Keep it secret, keep it safe EIM assigned resources and responsibility for Database Security to IGQ (we gained the “S”)Proposed a DB Security Policy with specific security controls.––– IT Policy Committee approved the policy.Engineered audit mechanisms to check each database for non‐compliance.Created a dashboard to show DB Security audit results.Provided Wiki articles and remediation scripts for the DBEs to fix the securityvulnerabilities for their databases.Tested the remediation scripts with 5 DBEs.Launched the DB Security Dashboard to Production on May 2011––– Required standardsRecommended guidelinesEach control had a cost estimate for remediationWe held a DBE Conference, showing the new dashboard,We trained them on the controls and remediation tools,The CISO addressed the DBEs placing accountability for security on them.Now we were right on target! IRI 201328
6) Keep it secret, keep it safe Sent monthly newsletters to DBEs encouraging them to focus on specific standards.Hosted Reward Luncheons for DBEs who improved security.Slowly but surely we started to see security trends improving. CIO, CISO, Division Directors, Portfolio Directors, andSolution Managers see the dashboard.DBEs are setting security goals as part of theirperformance evaluations.ICS culture is more security conscious than ever. So far, so good. We keep praying.The battle rages. IRI 201329
QUESTIONS?Pablo Riboldi riboldipj@ldschurch.orgTHANK YOU! IRI 201330
Jesus Christ of Latter‐day Saints: Governance, Quality, and Security . Finance & Records Department (FRD) asserted that . consent for personal information. 2) Ensure proper access an
