UBC IT Integrated Reporting Governance Committee May 1 st, 2012 Action Items from last meeting: Update on ISI Recruitment & Admission request Clarification on Budget functionality Program Status Data Governance: Data Governance Defined IAM, IR, & Person Master Data Management Agenda Working committee recommended that option 3 to bring Admission data into Foundation R1 in FY12/13 Value seen in bringing Admission forward Estimated that additional $253K required to bring Admission scope forward Update on ISI Recruitment & Admission request: Budget data (e.g. ) from FMS will be integrated into the DW as part of Foundation R1 with the exception of Plan and Forecast data from Hyperion/Essbase is planned for Foundation R2 (FY13/14). Further analysis around the right Budget & Planning reporting solution (Hyperion vs. OBIEE, user acceptance, change management, etc) needs to be further assessed in Foundation R2. Cost/Benefit to bring in and report on planning in OBIEE, as it is usually out of date very shortly into the business cycle as the campus reflect their changes in the forecasts. Funding for Budget functionality will be covered under $5M Comptroller large project funding. Update on Budget Functionality: Action Items from last meeting: Update on ISI Recruitment & Admission request Clarification on Budget functionality Program Status Data Governance: Data Governance Defined IAM, IR, & Person Master Data Management Agenda Program Status Program Schedule Action Items from last meeting: Update on ISI Recruitment & Admission request Clarification on Budget functionality Program Status Data Governance: Data Governance Defined IAM, IR, & Person Master Data Management Agenda 9 Data Governance enables an enterprise to manage its data assets. It includes the rules, policies, procedures, roles and responsibilities that guide overall management of an enterprises data. IR Data Governance provides the guidance to ensure that data is accurate and consistent, complete, available, and secure. This enables data to be more efficiently and effectively turned into business insight. IT Governance IT is the pipes that move the information (pumps, filters, tanks, switches, etc.) IT Governance are decisions about the pipes (pumps, filters, tanks and switches). IR Data Governance Data is the liquid that is flowing through the pipes IR Governance directs decisions about the data; the liquid flowing through the IT systems (pipes) People Process Technology IT vs. Data Governance Data GovernanceData Governance is how an enterprise manages its data assets. Governance includes the rules, policies, procedures, roles and responsibilities that guide overall management of an enterprises data. Governance provides the guidance to ensure that data is accurate & consistent, complete, available, and secure. This enables data to be more efficiently and effectively turned into business insight. Data StewardshipData Stewardship is the accountability for the management of data assets. Data Stewards do not own the data; instead they are the caretakers of the enterprise data assets. The Data Stewards ensure the quality, accuracy and security of the data. Data OwnershipData Ownership is the responsibility for the creation of the data, and the enforcement of enterprise business rules. Data Owners (Business SMEs) usually refers to the business owners of Master/Business Data. Data PoliciesData Policies are the high-level and/or detailed rules and procedures that an enterprise utilizes to manage its data assets. Data Policies might include adherence of data to business rules, enforcing authentication and access rights to data, compliance with laws and regulations, and protection of data assets. Data StandardsData Standards are the precise criteria, specifications, and rules for the definition, creation, storage and usage of data within an organization. Data Standards include basic items like naming conventions, number of characters, and value ranges. Data Standards may also dictate specific quality measures, retention rules, and backup frequency. Data Governance Defined Business Units and Functional Areas operate with complete autonomy, while attempting to maintain global standards to meet specific enterprise requirements. Federated Governance provides a single point of control at the enterprise level for decision making, as well as governance structures at the business unit level for decisions. Centralized Governance provides a single point of control at the enterprise level for decision making, with business units & functional areas having little or no responsibility. A range of options exist for data governance structures. At one extreme, decentralized models place all data decisions locally or at the business unit or functional areas. At the other extreme all decisions are made centrally at the enterprise level. A hybrid, or federated model, puts some decisions at each level of the governance structure and supports broad representation. Limited Success for Enterprise Data Governance Effective for Enterprise Data Governance Decision Making DecentralizedFederatedCentralized Data Governance Organization Options Data Stewards Data Architects Data Owners (Business SMEs) Data Owners (Business SMEs) Database Administrators Database Administrators Resolve data integration issues Determine data security Document data definitions, calculations and summarizations Maintain/update business rules Analyze and improve data quality Define mandatory data elements that need to be measured Define and review metrics for measuring data quality Translate Business Rules into Data Models Maintain Conceptual, Logical and Physical Data Models Assist in Data Integration Resolution Maintain Metadata Repository Generate Physical Database Schema Performance Database Tuning Create Database Backups Plan for Database Capacity Implement Data Security Requirements Senior Executive Sponsorship Senior Executive Sponsorship Provide campus wide governance to strategic decisions impacting the IR DW such as new subject areas, new data sources, new business problems solved with the DW Business Data Owner Understand data Define rules Identify errors Set thresholds for acceptable levels of data quality Change Management Provide education on the importance of data quality to the company Communicate data quality improvements to all employees Data Management Lead Oversee the organizations data stewardship, data administration and data quality programs Proposed Model for IR Program Governance Committee Working Committee Data Governance & Person Master Data As we move in the Foundation phase of the program, we will need the IR Working and Governance committees to discuss governance of master data that are in the scope. On IR, Student Biographical data is one of the first building blocks of Student Foundation R1; in the future other aspects of person including instructors, employee, alumni, donor, researcher will need to be considered. IR and IAM Programs having been working together to determine how to leverage the Identity map created by IAM, and structure a solution to address Person MDM. IAM Program Scope Work with HR, IT, Student Information Management, Compliance, and Security to deliver Authentication, Authorization, Identity Management, Auditing, and User Lifecycle Management, and to Students, Employees, Faculty, Prospective Students, Retirees, Alumni, and Guests to provide the right access to the right information for the right people at the right time. Scope of Assessment Analyzed 8 IAM processes during 16 sessions On-boarding Termination Authentication Authorization Group Management Identity Data Management Password Self-service Access Recertification For 7 User Types Students Employees Faculty Prospective Students Retirees Alumni Guests Reviewed existing identity sources and 13 mission-critical administrative applications ACMS Ad Astra Archibus FMS HRMS Key Desk Library/EZ Proxy LMS/CT Connect SEoT SIS UBCcard UBC Directory Increased Security Increased Security Operational Efficiency Operational Efficiency Service Enablement Service Enablement Sustainably reduce university-wide costs by eliminating duplication and waste. Invest in engineering efficient processes and implementing cost-saving technologies. Optimize IAM organization and leverage strategic partners for non-core capabilities. Enhance end user (students, faculty/staff, alumni, etc.) experience in getting the appropriate access they require in a timely and seamless manner to allow fast, secure access to mission-critical administrative systems. Adopt appropriate balance of technology, processes and procedures to mitigate internal and external threats, particularly to prevent fraud and sensitive data loss. Increase visibility on users access (i.e. who has access to what and who should have access to what), in adherence with industry best practices IAM Program Drivers Identity Map Phase 1 of Identity Management: 1.List Systems that should be connected to IdM 2.Detail data flows between connected systems 3.Agreement on identity attributes and processes the Identity Management Systems will take responsibility for managing 4.Establish the gold source for each identity attribute 1.HRMS and SIS are the Systems of Record for Active Faculty, Staff and Students 2.All of the core administrative systems collect and store identity attribute data about people and create accounts 3.HRMS and SIS receive Identity attribute data from applicants via ISIS, EZRecruit and PASBC using both paper and on-line processes. 4.There are 134 identity attributes in the 13 core admin systems 5.Recommendation: IAM systems manage/deliver 7 identity attributes (gold source for CWL login, password and PUID) HR OTHER SIS Identity Map Results IAM Program Identity Attributes IAM Processes Enterprise Application Integration Data transfer Web Service or Service Bus architecture for key systems SLAs for event notification & data changes Data Management Processes & Governance Enterprise Information Repository (IR) Data Governance and Identity Data Dictionary IAM Program External Dependencies