Transcript Document

Office of the State Chief
Information Officer
Prepared for:
HB-1364 Act & Council
Overview
CHECO Conference
HB 08-1364 Overview
 HB 08-1364 – creation of an
interdepartmental data protocol to
enable data sharing across agencies
for more effective policy-making.
 Roots in Governor’s P-20 Education
Coordinating Council
Ability to analyze longitudinal data for a
variety of purposes
Mirrors the State’s needs as an enterprise
to analyze and determine effectiveness of
policies, programs, and resource allocation

 Protocols and Procedures to be used in:
Collecting data
Storing data
Manipulating data
Sharing data
Retrieving data
Releasing data

2
1364 Council
 Mission is to provide guidance,
policies, and procedures for
implementing a data sharing
architecture across the State
enterprise that will achieve the stated
goal and objectives of HB 08-1364.
 1364 Council Participants – includes
executive branch agencies that
collect unit records
And others determined necessary by
State CIO
State, Judicial, Law
Committee representation – DGWG,
STRAC

 Dedicated Program Manager and
Data Architect
3
1364 Council Scope
 August 21, 2008 – February 26, 2009

Bi-monthly meetings
 Unit Records – Records regarding Individuals
 Baseline As-Is: one major application per agency (more if possible)

System

Data

Compliance

Procedures and Governance – leverage work of DGWG
Data Sharing – leverage success and lessons learned of current & failed state data

sharing initiatives
 Benchmark similar work in up to 5 other States
 Controls to protect privacy of citizen data
 Develop To-Be recommendations
 Work with pilot application – State Traffic Records Advisory Committee
(STRAC)
4
HB 08-1364 Objectives
 Understand and document the data captured, stored and maintained by all State Executive
Branch Agencies;
 Understand and document the policies and statutes that currently govern the privacy of
information held by all State Executive Branch Agencies;
 Develop an architecture for the development of the data protocol, including data
normalization, identity resolution, and source data authority;
 Develop recommendations and identify associated costs for a full implementation of the data
protocol;
 Establish the circumstances under which a state agency may release data to a political
subdivision, a nongovernmental entity or an individual;
 Develop a governance structure, including processes and procedures, to be used by state
agencies for sharing information with another state agency, with a political subdivision, or with
a nongovernmental entity or an individual;
 Establish the format in which a state agency may release data to a political subdivision, a
nongovernmental entity or an individual; and to,
 Ensure personal privacy and the protection of personal information.
5
Project Deliverables
 Templates and procedures to capture all agency baseline data - done
 A comprehensive reporting structure to store and maintain the reported agency baseline data
– in development
 A report with the recommendations and strategy to be delivered to the State Chief Information
Officer
Suggested technical architecture and approach

Cost analysis

Timeline for implementation

Recommended governance structure

Policies and procedures to achieve data sharing

Identified statutory/regulatory changes necessary to the success of the data sharing protocol

Other recommendations as needed to facilitate objectives – e.g., data governance process, organization

structure changes, etc.
Final report to be delivered to Governor and Legislature
by State CIO
6
Communications & Subcommittee Structure
 1364 Council Communication Tools

SharePoint portal: https://securityportal.isoc.state.co.us/1364

OIT website: www.colorado.gov/oit

Key Initiatives section
 Subcommittees - To expedite and facilitate discussion of objectives and
decisioning

Technical – Mike Armbruster (CDOT), Chair

Business – Guy Mellor (CDOT), Chair

Legal – Susan Lin (AG), Chair
7
Subcommittees
8
Technical Subcommittee
 Understand and document the data captured, stored and maintained by all State Executive
Branch Agencies;
 Develop an architecture for the development of the data protocol, including data
normalization, identity resolution, and source data authority;
 Develop recommendations and identify associated costs for a full implementation of the data
protocol;
 Establish the format in which a state agency may release data to a political subdivision, a
nongovernmental entity or an individual.
 Work with Business and Legal Subcommittees on the following:
Does the recommended approach meet business-side needs?

Will in work within the existing structure that exists today? If not, what are recommended changes?

Does the recommended approach meet legal, compliance and privacy requirements?

9
Business Subcommittee
 Understand policies and statutes that currently govern the privacy of information held by all State Executive
Branch Agencies;
 Understand and document major data sharing initiatives happening today among State Executive Branch
Agencies;
 Develop a governance structure, including processes and procedures, to be used by state agencies for
sharing information with another state agency, with a political subdivision, or with a nongovernmental entity
or an individual;
 Benchmark the work of up to 5 other states in this area;
 Assist Technical and Legal Subcommittees with the following:
Develop an architecture for the development of the data protocol, including data normalization, identity resolution, and

source data authority
HELP RESOLVE BUSINESS-SIDE ISSUES

Develop recommendations and identify associated costs for a full implementation of the data protocol

ARE RECOMMENDATIONS REALISTIC?

IS THE TIME FRAME REALISTIC?

WHAT ARE THE POTENTIAL RISKS/ISSUES WITH THE RECOMMENDED APPROACH?

Are the legal, compliance and privacy needs of the agencies being met?

IF NOT, IDENTIFY GAPS

ASSIST IN IDENTIFICATION OF POTENTIAL STATUTORY/REGULATORY CHANGES THAT MAY NEED TO BE

MADE (IF POSSIBLE)
10
Legal Subcommittee
 Understand and document the policies and statutes that currently govern the privacy of
information held by all State Executive Branch Agencies;
 Establish the circumstances under which a state agency may release data to a political
subdivision, a nongovernmental entity or an individual;
 Ensure personal privacy and the protection of personal information.
 Assist the Technical and Business Subcommittees with the following:
Identify existing statutory/regulatory changes or interpretations that may need to happen (if possible) to

facilitate the implementation of HB-1364.
Does the recommended technical approach stay within Federal and State legal, compliance and privacy

requirements?
Does the recommended governance structure stay within State legal, compliance and privacy

requirements?
11
Baseline Inventory – Systems and Data
12
What are we doing?
Taking Inventory of information to formulate the basis for data sharing.
 Platform: Hardware, OS Software, Virus Software, network, etc.
 Application information
 Database: Database management system
 Data Elements: Begin the Data dictionary
 Targeting 1 primary system containing unit data from each
agency.
13
What is the approach?
What is the approach for gathering the information?
 Leverage the work already completed in the government sector
Primary reference models
The Federal Enterprise Architecture1 (FEA)
National Information Exchange Model2 (NIEM)
Adhere as close as possible to the Federal Enterprise Architecture
Focus on the Data Reference Model3 (DRM) for the unit data elements.
 Include data component information from the National Information
Exchange Model as appropriate.
1
References in this document to the FEA are to FEA Consolidated Reference Model Document Version 2.3 October of 2007.
References to NIEM include the Introduction to the National Information Exchange Model (NIEM) February 12, 2007, Requirements for a
NIEM Information Exchange Package Documentation Specification 2.1 Draft.
3 References in this document to the DRM are to the Data Reference Model Version 2.0 November 17, 2005
2
14
What is the FEA?
Federal Enterprise Architecture
A Framework for communication.
Purpose: to facilitate cross-agency analysis, duplication, gaps,
opportunities for collaboration.
Goal: Better management, communication through common
framework and vocabulary.
Method: Five FEA Reference Models
Input Tool: Excel Spreadsheet
15
Why the FEA?
Why the Federal Enterprise Model and NIEM?
Colorado is standardizing on a best-practice models
The FEA is a complete model with specific guidelines for
managing sensitive data
NIEM has completed work on Information Exchange Packages
Provides Colorado with compatibility with the Federal Government
Many states have adopted the FEA and DRM
It is a relatively mature model
Build on work done by the Data Governance Working Group
1
References in this document to the FEA are to FEA Consolidated Reference Model Document Version 2.3 October of 2007.
16
Baseline Data Collection Process
Agency Input:
1.Each agency will create a copy of the Unit Information Data Element
Definitions spreadsheet, populate it with information from their primary
application that accepts/processes unit data, and upload it to the
SharePoint site..
2.Each agency will copy the System Inventory spreadsheet and populate
the copy with information from their primary application that
accepts/processes unit data.
Upload:
We will upload this data to a DBMS for analysis by the subcommittee.
This will give us a base from which to determine how much modeling
and transformation work will be needed.
Work is already underway and due by October 30th
17
Questions
Next meeting:
Sept. 18th
Time:
11 am – 1 pm
Location:
CDE, 1560 Broadway
[email protected] or 303-866-6280
18