OCIO » Data Stewardship Checklist

Data Stewardship Checklist

Last modified by Mike Phillips on 2014/07/01 10:26
  colspan="2" align="left" | For assessment of: 
  valign="middle" width="5%" nowrap="nowrap" | Agency, SR#, Project Name    
  valign="middle" nowrap="nowrap" | Project Name (Project Manager)     
  valign="middle" nowrap="nowrap" | Checklist Date     


 

Process Checklist

  colspan="2" align="left" | 1. Analysis and Requirements 
  align="left" | Criteria    width="5%" nowrap="nowrap" | Yes / No / NA 
  a. Does the project’s Communication Plan address reviews and coordination points with the Data Steward?     
  b. Is each data element that is gathered specifically required? The system should not gather any data that is not required for business purposes.     
  c. Are retention requirements in place for all data to be gathered?     
  d. Have all confidential data elements been identified?     
  e. Have all applicable data sharing policies for the customer agency (agencies) been identified?     
  colspan="2" align="left" | 2. Design 
  align="left" | Criteria    width="5%" nowrap="nowrap" | Yes / No / NA 
  a. Does the design and/or business process provide for the secure storage and transmission of confidential data?     
  b. Is there a signed data sharing agreement in place for each exchange to be performed?     
  c. Does the design meet data sharing requirements?     
  d. Does the design and/or business process provide for the proper disposal of the data to be gathered?     
  e. Is a de-personalization process in place for non-production use of any personal or confidential data?    
  colspan="2" align="left" | 3. Development and Testing 
  align="left" | Criteria    width="5%" nowrap="nowrap" | Yes / No / NA 
  a. Is all data stored with the project de-personalized before storage?     
  b. Is the process in place to have all test data de-personalized before loading into non-production environments?     
  c. Is runtime logging on non-production workstations configured to prevent recording of
ACTUAL (not de-personalized) personal or confidential data?
Note: If the source data is de-personalized, logging of the data is permissible.
 
   
  colspan="2" align="left" | 4. Deployment 
  align="left" | Criteria    width="5%" nowrap="nowrap" | Yes / No / NA 
  a. Is runtime logging on PRODUCTION systems configured to prevent recording of ACTUAL (not de-personalized) personal or confidential data?     


 

Data Element Cheat Sheet

Vital Date
Date of birth, death, marriage, etc.
 

   
  1. Add or subtract a random amount of days (1-30) 
  2. Set to random value in range (start – end)
 Taxpayer ID
Social Security #, Employer ID #
 
   
  1. Randomize to realistic value (allowable ranges for all three segments) 
  2. Randomize to random value (realistic or not) 
  3. Remove (blank field)
 Name
First, Last, Middle
 
   
  1. Switch with another record (reverse or random order) 
  2. Change to random values from a standard list
 Address
Mailing, Home, Contact Street Address, City, State, Zip
 
   
  1. Switch street address with another record (reverse or random order) 
  2. Change City and Zip to random values from a standard list (coordinated values) 
  3. Change City and Zip to random values (may not be valid together)
 Phone Numbers
Home, Cell, Work, Other
 
   
  1. Randomize to realistic value (allowable ranges for all three segments) 
  2. Randomize to random value (realistic or not) 
  3. Remove (blank field)
Tags:
Created by Mike Phillips on 2011/06/07 15:08

This wiki is licensed under a Creative Commons 2.0 license
XWiki Enterprise 3.0.36132 - Documentation