This week we are going to be exploring the business case for Data Integrity in IT Process.. Data Integrity Controls, what are the challenges, whats important, and why does it matter? Other Governance (Sarbanes Oxley for example) and ITIL disciplines (Service Management, Disaster Recovery, etc, ) depend upon quality Configuration Items of what is running where and who owns it.
Less mature organizations view it as a "set the control at implementation", on the logic if we log it in a system as we implement it, we are good, but when people, processes and systems are changing, controls and checks are necessary to keep data in sync.
More mature organizations realize a need for systems to mirror the production environment, with clear and responsible owners, and this important because experience has taught that People data is changing from the moment data is entered into the system, that projects and people are changing, the Systems data of whats running where, on what systems are upgrading, downgrading, adding functionality, and the rate of change needs to be checked.
What is the rate of change for configuration items or key data elements? For example, if an application is established at one period of time, over time and a standard life cycle, the data, unchecked, gets out of synchronization with reality. Any systemic, people, or process changes could affect data quality, IT Controls Ownership, and ITIL Processes with Financial, Business Continuity, or Disaster Recovery affects (changes in People data is affected by organizational changes, HR Changes, like someone leaving or joining the group, or being out of the office for approvals. Systems data is affected from initial entry with changes in Network, Hardware, Systems, upstream dependenty asychronous data all stemming from controlled or uncontrolled changes from Release, Change, and even some problem and Incident Management) could affect the accuracy and reliability of information.
So to control or manage this data, organizations will provide solid "systems of record" for configuration data to make sure that it is the most accurate and checked systemically and procedurally where the rate of change is occurring.
KEY QUESTIONS AND ANSWERS OF DATA INTEGRITY:
- What percentage of people are joining or leaving the company, this group, in a year at this company? What do you do to make sure that all your services (applications, hardware, network, Data Queues, etc have current, available and accurate owners?
- What systems of record do you use to track CMDB types of data like application, hardware, service, network, and MQueue ownership and configuration details through the lifecycle of a given product? What do you do to make sure that the key systems of record for what is running where, and who owns it is kept in sync and referenceable after an initial implementation when systems and features are being added, decommissioned, expanded, or changed through planned release and change management in response to requests for enhancements, fixes to unplanned problems or incidents, etc?
- What governance control processes and systems at this company depend upon this process being integrated such that the references match the actual build, implementation, and deployment at all times, throughout the life of the application or service? What do you do to make sure that the key governance processes are working and improving over time?
EXPERIENCE SHARING: WHAT ARE THE BEST PRACTICES YOU HAVE ENCOUNTERED FOR DATA INTEGRITY, SARBANES OXLEY, INDUSTRY CONTROLS, COBIT, or ITIL BEST PRACTICES? How do you insure a highly available, robust data integrity system, that changes at the speed of change, whether that change is People, Process or Technology Configuration?
0 Comments