Tips, Tools and Checklists

Helpful tips to protect your privacy online.

 

Data Mapping

Tip Author: 
WIll Saunders, OPDP
Body: 

This Checklist is based on the following Washington State processes, some of which are mandatory for state agencies, and common practices in the industry.

  • Records Inventory under RCW 40.14.040, managed by Washington State Archives
  • Application inventory managed by OCIO
  • ISO 15489 – implementing Enterprise content Management

Preliminary Investigation

Based on ISO 15489 State Archives guidance step 1

  • Identify and document key contributors to the inventory, including the following roles: Project Management, Legal & Public Disclosure, Records management, Business Process analysis, Information Technology, Communications (PIO), Training
  • Optionally, identify and record the business case for the inventory – what’s the value for the major groups involved? Why are we doing this?
  • Assess your electronic records management maturity.  Are any of the leading practices are readily apparent in your organization?

 

Business Process Assessment

Do a high level assessment of the key processes of each business unit within the organization, based on Archives and ISO step 2.  This is designed to capture the tools and systems that your teams use regularly, even if they don’t seem like IT. This work is usually done by the Business Process Analysis role of the inventory team identified in the Preliminary Investigation.

For each process or activity, record the following data points:

  • The business unit that is in charge of the process
  • How many people work on the process
  • What applications (or “software”, “programs” or “systems”) they use in working the process
  • What kinds of records (such as invoices, forms, queries, warrants, contracts, notices, etc.) they see in the process

 

Commitments Catalog

Document and review the Records and Legal requirements for the agency, based on ISO and Archives step 3.  This work is usually done by the “Records” and “Legal” roles of the inventory team identified in the preliminary investigation.

  • Consult Secretary of State’s Archives division for assistance, if needed
  • Consult the Attorney General’s office for assistance with public records, if needed
  • Identify and capture any commitments in your organization’s Open Data Plan, Risk Register or Data Governance strategy, if such exist

 

Systems (Applications) Inventory

Assess your organization’s systems and applications, based on ISO/Archives step 4, state Technology policy 112 and the annual “Application Inventory” and certification.  This work is usually done by the Information Technology role of the inventory team identified in the Preliminary Investigation.

  • Consult the OCIO for help, instructions, and previous reports to start from.
  • Compare the results of the Business Process analysis with the Systems Assessment, and identify processes or records that are not captured in a known application.

 

Initial Data Map

Produce your initial data “map” – it’s really a table of who uses what and when. This work is usually done by the Information Technology role on the inventory team identified at the beginning.

The map should address the following questions for each system, based on archives and OCIO guidance:

  • What are the names of the system?
  • Are there any data sharing agreements in the agency Contracts database that pertain to the system?
  • What happens to old data in the system? How is it disposed of?
  • Is the system (not the file) protected by encryption? 
  • State Archives advises (or requires) that files not use encrypted formats; the State CIO advises (or requires) that the computer equipment that holds state data use encryption.
  • What departments/positions access it?
  • What business processes does it support?
  • How often and how broadly is it used – how many users or uses per week?
  • Is it supported, aging, or near the end of their lifespan?
  • What other software tools or file formats does it depend on?
  • Who are primary IT/RM contacts for each department/application?
  • Who is/are the primary “stewards” or “custodians” for the data produced?
  • Is the system used by members of the public?  Other agencies? Contractors?

 

Develop a Work Plan

Develop a work plan for the coming year to confirm and expand your knowledge of your data assets, and to close gaps identified, based on ISO/archives step 5.

  • Use a Gantt chart (https://en.wikipedia.org/wiki/Gantt_chart ) to plan and stage the tasks needed to document data or records not associated with any known System or Application in the organization’s Application Inventory.
  • Use one or more of the following to gather data for validation or gap analysis
    • Employee Survey
    • Document analysis
    • Stakeholder interviews
    • Process diagramming, functional analysis, or LEAN methods
  • Explore automated tools for data and records discovery, such as:

 

Check progress

Assess your electronic records management maturity. 

  • Repeat the Leading Practices checklist again -- How many of the leading practices are evident in the work explored by the inventory team?
  • Update the work plan and team membership

 

 

Tags:

Records
Mapping

Tip Theme: 
Laws, Rules, and How They're Made
Tip Confidence: 
1

© Copyright 2018 Washington State Office of Privacy & Data Protection   |   Request Records  |   Accessibility