7DIG: Time needs more than philosophy

Filed under: Assets,Governance,Objectives,Outcomes,People,Process,Risk,Time — lenand @ 10:08 am
Tags: , ,

The Time component of the seven dimensional information governance (7DIG) framework was of little practical interest.  The spatio-temporal paradigm may hold the philosophical high ground, but a treatise on Gantt charts would have been out of place.  Serendipity has revealed a practical product, which is free, and is based on a philosophy of teams doing the right thing at the right time.  It brings together the People who have to do the information governance with the Process that sets Objectives and uses Assets to achieve the desired Outcomes.  And it has a Risk register.

It is project based – ideal for setting up an Information Governance process and should be adaptable for continuous monitoring. Look at some of the features:

  1. People from any department or supplier
  2. Assets, such as an information asset register and documentation, as a sharable resources
  3. Objectives, as part of the textual description including a breakdown into areas of interest or phases of work
  4. Process description in the form of tasks, which can be repeatable, taking us through the identification to deletion cycle
  5. Outcomes by the way of documented completion of tasks and compliance with targets
  6. Time charts, calendars, milestones and the possibility to export to your favourite Gantt chart tools
  7. Risk register, very simple to input and understand but good enough in most Information Governance régimes

The openness is especially encouraging.  It is completely Web-based and viewable from your iPod, iPhone or iPad.  Even the name is encouraging – Teamwork.

Quarkside wondered why such a simple product has not popped up in the radar previously.  Maybe it has only been promoted within the systems development community – and not yet reached public sector ICT managers.  Another job for Socitm?



Liam Maxwell: One year later

It is more than a year since Liam Maxwell’s  “Better for Less” was published.  What has been achieved from the 69 pages of ideas? It obviously made the right impression because he is now working in the Cabinet Office in a one year appointment from September 2011


Our goal should be to deliver to the online population frontline public services with minimal, possibly zero, administrative cost, freeing up cash for more effective, intermediary-based, service delivery for those not online, and also as savings. This is already happening in some areas of local government and driving taxes down. It is happening in other countries, making service delivery better. It is time the biggest component of the British economy, its bloated state, started to learn these lessons.

How does it work? 5 principles underlining all IT in government We base our approach on a small number of core principles

1) Openness

a. Open Data – government data must be transparent
b. Open Source works – its concepts should be applied to processes as much as to IT
c. Open Standards will drive interoperability, save money and prevent vendor lock-in
d. Open Markets – competition creates efficient market-based solutions.

2) Localism – the centre may set the standards, but local deployment is best.

3) Ownership and Privacy

a. It’s our data, government can have access but not control over personal data.
b. Government should be accountable for data protection and proper use.

4) Outcomes matter more than targets.

5) Government must be in control of its programmes, not led by them.”

Let’s look to see how successfully the principles have been incorporated into the Government ICT Strategy.

1. Open data, open standards and open source are clearly stated objectives. And open markets are part of the procurement objective.

2. Localism does not get a mention, according to word search. This is a gaping hole, but perhaps Liam will explain this when he speaks at the SOCITM conference in November.

3. Alarmingly, neither privacy nor data protection are words within the strategy.  The objective for “Risk Management Regime” has implied elements for both, but the metrics concentrate system security – not anything based on citizen data protection.

4. Outcomes are potentially the most important gap in the strategy. There’s too much concentration on internal, central government processes. The four objectives for using ICT to enable and deliver changeare not really focussed on citizen outcomes.

5. Governance of programmes is an implicit role for the “Public Expenditure (Efficiency and Reform) Cabinet sub-committee (PEX(ER))“. There are twelve senior people named, with representatives from MOD, MOJ, HMRC, HO, DoH, DWP and Cabinet Office.   That  should be enough people. However, Quarkside thinks that UK plc should also have representation from departments with responsibility for improving the ICT skill base of the country. Shouldn’t DfE and BIS have something useful to contribute? And if localism is really important, why doesn’t DCLG have a place on the high table?

Quarkside gives “Better for Less” 40 marks out of a possible 100 for influencing the agenda. In the old days, this was a ‘Pass’ at A level. So not too bad. However, it would not have secured you a place in one of the top universities.


IG Process: Due Diligence

Filed under: Assets,Objectives,Outcomes,People,Process — lenand @ 9:50 am
Tags: , ,

“Information Governance is the setting of objectives to achieve valuable outcomes by people using information assets in a process that considers both risk and time constraints.”

Information Governance (IG) must have Process. The Process must consider IG Objectives, Outcomes, People and Assets.  Theses are the critical first five dimensions of the Seven Dimensional IG ramework (7DIG).

Again, we can use the magic number seven to subdivide the Process dimension. Seven transitive verbs, Acquire, Validate, Store, Protect, Update, Publish and Dispose cover most governance operations. It is a continuous life cycle, capable of being monitored and controlled at every stage:

  • Acquire: Data acquisition, in the 7DIG Framework, includes action around analysis of the information assets and data modelling. The context of data collection is vital to onward processing and re-use in further processes. Quarkside subscribes to the concept of Master Data, Operational Data and Derived data. Master data is relatively static reference data. All data has to be acquired and subjected to further governance processes.
  • Validate: Incorrect data causes inefficiency, often accounting for 80% of administrative effort on systems; but far worse is the impact of poor information on decision making and information sharing. Good governance requires metadata and the use of standards to be embedded in the culture. Validation implies comparison of input data with a standard that is enshrined in metadata. Even paper-based publications are subject to validation against standards of grammar and probity before they are published.
  • Store: Imagine data stores as silos. Individual grains of data are added until required for further processing. Vast volumes of operational data are stored for subsequent processing. Documents are added to filing cabinets or archive shelves. In the best regulated environments there are custodians who know where the data is and how to retrieve it.
  • Protect: Data protection and security of access is an industry in itself. It makes sense to protect any valuable asset and information is no exception. Identity management, likewise, is an all pervading topic. It has to cover the identity of the data subject and the identity of the data investigator. For information sharing between agencies, accurate data matching depends on the quality of subject identities.
  • Update: Over the course of time, there are changes to facts and figures. Records need to be retrieved and modified. There are elements of feedback to make corrections as a result of performance monitoring and analytical processing. Derived data can be added to the data stores.
  • Publish: Data should be published only to those who are entitled to use it or see it. This could even be open data provided to the general public, such as the £500 contracts with local government.
  • Dispose: Oft forgot is the need to delete data. The DPA requires that data should be held only as long as necessary. Whereas this is probably true of major corporate systems, this governance step may not always extend to private document files, emails and spreadsheets. Many operational documents can be safely shredded in less than ten years; others, such as children in care records, have a statutory limit of 125 years. The key to a good disposal policy is the Information Asset Register, wherein the metadata should include the disposal policy. Transfer to the National Archive should also feature as a category when documents may have historical importance when not required by a local authority or other public body.

Governance matters, but it cannot be a universal set of rules. Neither do frameworks guarantee good governance. Frameworks can only provide simple diagrams and checklists, they cannot provide the thinking or knowledge needed in any specific context.

So why bother promoting a framework? The justification is that that requirements are so diverse that a team is needed to cover all aspects at sufficient depth. People need at least an overview of some specialist issue. Hence the importance of a MECE approach that does not drill into the detail, but tries to cover all important topics (aka dimensions).



IG Assets: Value and protect

Filed under: Assets,Governance,Objectives,Outcomes,People,Process,Risk — lenand @ 8:25 am

Information Governance is the setting of Objectives to achieve measurable Outcomes by People using information Assets in a life cycle Process that considers the impact of both Risk and Time.

Information Assets are the end-products of much of Society’s activity.  Like any valuable assets, they should be valued, protected and probably insured.  Even if not insured, money should be spent on reducing the risk of loss. Some might say it is the primary purpose of Information Governance.  One may then ask, ‘Why do so few organisations have an information asset register?’.  Quarkside attempts to explain.

The seven dimensions of Information Governance (7DIG) have secondary dimensions.  But the boundaries between them are nebulous. A common failing is restricting consideration to assets that are exclusively electronic. Huge repositories exist in paper files, archives, libraries and maps. Even though some may be digitised, many are not and most will not have indexes that will allow efficient identification of useful resources. The Data Protection Act does not apply to paper based archives. The candidate secondary dimensions are:

  • Documents: Paper based records may be well protected physically, but least accessible. They do not possess password once they have been retrieved. Military establishments have strict protocols for access. Public libraries do not need high quality identity management. Unless they have been scanned with optical character recognition software, then it is impossible to automatically share the content with electronic systems.
  • Hardware: Computer processors and microfilm readers can both be classified as hardware. Only computers are subject to misuse and cyber attacks and need special protection measures.
  • Software: Computer programs that manage the processing and flow if information
  • Infrastructure: Networks and other facilities that surround information stores.
  • IPR: Rights attached to data, images and documents
  • Data: Raw data, which usually undergoes some form of processing before it is considered useful. It can be held on digital or any other media.
  • Information: It is debatable whether information is fundamentally different from data. Quarkside finds it helpful to define information as sets of data that have been subject to some value added process, such as indexing, mathematical transformation, selection or analysis. Information has been described as useful data.

All assets have a value; therefore they need governance. Only some assets have a tangible value that appears on a company balance sheet; typically books, hardware, some software and infrastructure. Data and information are intangible assets, and even though they may have greater value, they do not have a place on the balance sheet.  However, they should be given equal levels of stewardship.

As Wikileaks has demonstrated, leakage or theft of information can cause huge reputational damage and seriously threaten the viability of an organisation. Most public sector agencies do not have a register of information assets. How can they be controlled with knowledge of what they are or their potential value?  Some standards would be welcome.

Critical data may be held on spreadsheets, or in filing cabinets, that can only be operated by one person. Quarkside says that such behaviour must be identified and governance improved to more professional levels.

Finally, a linguistic point.  The four dimensions already considered, Objectives, Outcomes, People and Assets, are the subjects and objects of Information Governance. Grammatically, they are nouns and they need to be linked by verbs, (dare I say transitive verbs?) to make sentences. Such verbs describe the Process of Information Governance in the next blog in the 7DIG series.



IG Outcomes: Focus on Benefits

Filed under: Objectives,Outcomes,People,Policy,Process,Strategy,Time — lenand @ 9:42 am
Tags: , , , ,

Quarkside’s reason for promoting Information Governance (IG) processes is a belief that better public services are possible. Better Outcomes. Benefits.

Information Governance is the setting of Objectives to achieve measurable Outcomes by People using information Assets in a life cycle Process that considers the impact of both Risk and Time.

Improved service levels and efficiency can result if more effective use is made of documents and data that is amassed in archives, filing cabinets and computer data stores. The current budget reductions need innovative thinking to abstract more from historical data, sharing data and sharing data centres.

The portents are good. It is now possible to share data between local authorities and the NHS by linking the N3 and GCSX networks. The Information Governance requirements have been met. This removes a major constraint to implementing the recommendations of Lord Laming’s Enquiry into the death of Victoria Climbié.

Examples of outcomes can be found in the Scottish Government web site.  They are easy to understand and credibly linked to one another.  Information sharing partnerships could benefit from reviewing these and basing their own desired Outcomes upon them; children, crime, employment, health and enviroment all feature in the list of fifteen.

Outcomes, with good governance, should be comparable to the Objectives. The previous IG blog listed seven candidate secondary dimensions for Objectives. Let’s take them forward as an example of using the Framework; as questions that could appear in quality assurance of the results:

  • Policy: How far have we progressed towards the political vision and maximising value from the information assets? Are transformation targets being achieved?
  • Strategy: How many programmes have benefited from information sharing and improved knowledge management? Are the benefits being realised?
  • Law: Can we be assured that all laws, regulations and statutes have been followed?
  • Constraints: Have local conditions, culture and practice been factored into the Information Governance regime?
  • Scope: Have all target business area and organisational functions been included in the Information Governance processes?
  • Context: Has the impact on external and internal organisations met expectations?
  • Specifications: Has performance met the requirements and are control mechanisms in place? What is the evidence that information sharing has obeyed Information Assurance standards?

Secondary dimensions should be tailored to the organisation and its aspirations.  They need not be all embracing, but focussed on current and future priorities.

The political pressure for more shared services, in both central and local government, amplifies the requirement for shared Objectives and Outcomes.  Good Information Governance is necessary to build trust between partners.  Each partner has to be assured that other partners treat information with equal or greater respect, and this starts by aligning Objectives and desired Outcomes.  It should finish with an information assurance process that confirm that trust is deserved.

Identifying Outcomes and using them as a primary driver is not easy. The Local Government Improvement and Development agency (formerly IDeA) studied “Implementing outcomes based accountability in children’s services“.  Whereas People can easily accept the concepts, formal methods require a high level of training and adoption of common language.  This takes more time than People are prepared to invest.  Quarkside believes that Outcomes should be governed qualitatively, not quantitatively with manufactured measures that just feed bureaucrats.  Superficially at least, Scotland seems to have a more pragmatic approach.

Cultural considerations are so important for introducing change in Process, particularly in new information sharing partnerships. Culture is included in the People dimension of the 7DIG framework, to follow.



Objectives of IG

Filed under: Assets,Objectives,Outcomes,People,Process,Risk,Strategy,Time — lenand @ 11:41 am
Tags: , , ,

Information Governance is the setting of Objectives to achieve measurable Outcomes by People using information Assets in a life cycle Process that considers the impact of both Risk and Time.

That’s the one line definition that needs some expansion.  We have to start at at the beginning and decide why we need Information Governance (IG) in the first place.  That is the Objectives of IG.

Quarkside says that the primary objective of Information Governance is to use information, not to prevent its proper use.   Information, from any data source, represents the added value of some data processing activity.  Locking data away, without the ability to use it, only costs money; and may lose the opportunity for delivering additional benefits.

Having said that, information assets need to be held securely and lawfully with access provided to authorised people. In a public library, librarians acquire books, catalogue them and provide access as custodians of the collection.  The librarians have added value when citizens search the catalogue and make use of the service.  Citizens have their own Objectives about why they need to select a book. They obtain access to information Assets within the library governance structure.

Objectives are one of the primary dimensions of the 7 Dimensional Information Governance Framework (7DIG).  The seven primary dimensions (Objectives, Outcomes, People, Assets, Process, Risk and Time) are intended to be MECE (Mutually Exclusive and Collectively Exhaustive).  A typical list of secondary dimensions may not be MECE, being dependent on the context and priorities of any specific IG framework.  For example, seven candidate secondary dimensions of Objectives could be:

  • Policy: direction from political leaders in a business area, providing the vision for maximising the value of information held;
  • Strategy: medium term initiatives and programmes leading to information sharing;
  • Law: over-riding principles, regulations and statutes that must be obeyed; the Data Protection Act, the Freedom of Information Act and lots more;
  • Constraints: local conditions, culture and practice that control Information Assurance (IA) and information sharing protocols;
  • Scope: range of business area and organisational functions impacted by the IG Process;
  • Context: external organisations and conditions interacting with the local IG regime;
  • Specifications: definition of things that need to be done, capable of measurement and quality assurance.

Secondary dimensions are just things to think about when establishing an IG Policy, Strategy and Framework. They should not become part of a tick box culture.   Corporate management needs to buy into them at the highest level.

The 7DIG Framework should focus on Outcomes and the value of using information, not purely the protection of information by an IA process. The next blog in the series will illustrate the importance of early consideration of the Outcomes desired by an organisation or partnership.



PASC 7: Procurement = Parson’s Egg

The seventh of the Public Administration Select Committee (PASC) 12 questions, asks:

7. How well do current procurement policies and practices work?

The evidence is mixed. Sometimes they do. Sometimes they don’t. Most local authority projects work to budget and many are delivered on time. The headline problem is the failure of big projects. There’s an adequate OGC Gateway process. It just isn’t followed, or improperly understood. If private sector projects are aware of a great risk of failure, they will often cancel projects on behalf of the shareholders.

Good programme management, and all that it entails, is the missing ingredient. The best programmes integrate the work of clients and suppliers in a working partnership. They have common goals and clear leadership. There is clarity of governance and accountability.

Complete outsourcing is a recipe for rip-offs. The client must have matching skills or employ an independent programme management consultant.



PASC 4: Deceptive Benchmarks

Filed under: Assets,Governance,Objectives — lenand @ 8:57 am
Tags: , , , , ,

The fourth of the Public Administration Select Committee (PASC) 12 questions, asks:

4. How well is IT used in the design, delivery and improvement of public services?

IT has added value in many public services. “How well?” implies some form of performance measurement from a baseline. Most KPIs are just benchmarks against similar types of local government organisation eg those produced annually by SOCITM . These are useful figures for IT departments, but do not show a comparison with other parts of the public sector or the private sector.  Nor do they factor in any component relating to the perceived value of a service.

The ability to compare with universal best practice depends on a level of maturity that is not generally present in the public sector. See “Valuing Information as an Asset”  as an introduction to what can be achieved. There are some good public sector examples – but adoption of the techniques is not widespread. As the authors, Chris Higson and Dave Waltho, point out, it is a matter of leadership:

“As the business lead for value identification and maximisation, CFOs should take the lead role in promoting, managing and accounting for information assets. CIOs should encourage this process, because it will forge closer links with the wider business and change the perception of IT from that of a cost centre or utility to a strategic enabler.”

Evidence of quality across the UK public sector is bound to be mixed. There will be good and bad examples in every organisation. Post implementation reviews, one year after implementation, would be the best source of evidence – but almost as rare as hen’s teeth.



PASC 3: Learn from success, not just failure

The third of the Public Administration Select Committee (PASC) 12 questions, asks:

3. Have past lessons from NAO and OGC reviews about unsuccessful IT programmes been learnt and applied?

Too many past and present failures demonstrate that People have not learnt how to manage complex programmes consistently. Internal programme management skills have not been developed sufficiently. Contracting out so much of the work is evidence of a lack of internal skills and abrogating much of the responsibility the big suppliers, who are not averse to earning extra income.

Prince2 was developed by OGC with public sector programmes and projects in mind. Prince2 clarifies the desired Outcomes and People responsible for controlling the Assets and Processes to reach measurable Outcomes on Time, with regard to Risk throughout. It is no accident that the Eurim information governance basic principles of information governance  have been adopted by Quarkside as a mantra. The use of Prince2 entirely supports the seven dimensions of information governance.   Another disappointing example is the amateurism of the Prime Minister’s Structural Reform Plans (SRPs). There’s no apparent Prince2 programme management regime. It looks like an unco-ordinated set of To Do lists and no evidence of a transparent risk register. The avoidance of standards is endemic. In the private sector it could be a career limiting offence.

Quality assurance and risk assessment must be performed by independent bodies, not the prime contractor. Even internal staff cannot be relied upon to expose failures of people who may be planning their career path – but collecting evidence will be hard.

Finally, the question is too narrow in the sense that it is possible to learn from success, not just failure.  I remember a quotation from a project management guru.  “A good project manager resolves problems, a better project manager avoids problems before they happen.” Paradoxically,  the career of the better, risk aware, project manager is worse – because the success is below the management radar.



7DIG: Information Governance defined

The good news is that it is easy to come up with definitions and frameworks for Information Governance. The bad news is that more definitions mystify than clarify. Let’s demonstrate with a couple, starting with Gartner:

“Information governance is the specification of decision rights and an accountability framework to encourage desirable behaviour in the valuation, creation, storage, use, archival and deletion of information. It includes the processes, roles, standards and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals.

That’s quite a mouthful for two sentences. Is it different from the Care Quality Commission (CQC) draft?

“Information governance is an umbrella term for a collection of distinct but overlapping disciplines. Reference to “information governance” in this policy shall mean reference to the following areas as well:

  • Access to information (Freedom of Information Act 2000 etc)
  • Confidentiality and data protection
  • Information security assurance
  • Information quality assurance
  • Records and document management”

‘I don’t know’ is my only honest answer. But does it matter? Putting Gartner and CQC words together is going to be unintelligible. They cover similar concepts in different ways, hoaned towards their normal client base. They are both correct in concept – but not interchangeable. A solution, worked out in Eurim, is a much simpler definition:

“Information Governance is the setting of Objectives to achieve valuable Outcomes by People using information Assets in a life cycle Process that considers the impact of both Risk and Time.”

Put into a list, just seven words can cover the whole domain:

  1. Objectives
  2. Outcomes
  3. People
  4. Assets
  5. Process
  6. Risk
  7. Time

This list is intended to be ‘Mutually Exclusive and Collectively Exhaustive’, or MECE. Organisations can write their own guidelines to suit local conditions in a top-down hierarchy. It should not be set in stone; any new requirement, change of law, personnel or technology can be incorporated into a local framework. The easy definition is done; does such a simple set of words help people to adopt an effective, standard, way of working? Quarkside says ‘yes’, reasoning that people can test any issue with seven sets of simple questions:

  1. Why are we doing it and what are the constraints?
  2. What do we expect the benefits to be and how do we measure them?
  3. Who has to do what and who are the beneficiaries?
  4. What are the information assets we have, and are we controlling them?
  5. What is the entire process from inception, validation, storage and deletion?
  6. What are the main risks and what are the plans for reducing them?
  7. When should things happen, and is our level of maturity sufficient?

The questions themselves are not as important as structuring an approach that clarifies, rather than complicates, the issues. It is quality assurance of Information Governance that matters, not the precision of the definitions. Expect more quarks about each of the Seven Dimensions of Information Governance (7DIG). PS:  The choice of seven dimensions was not an accident, see “The Magical Number Seven, Plus or Minus Two” propounded by Miller.

PPS:  For those who prefer diagrams, here is the 7DIG Framework, including some of the expanded levels.

Next Page »

Blog at WordPress.com.