Transcript Document
Office of the State Chief
Information Officer
Prepared for:
HB-1364 Act & Council
Overview
CHECO Conference
HB 08-1364 Overview
HB 08-1364 – creation of an
interdepartmental data protocol to
enable data sharing across agencies
for more effective policy-making.
Roots in Governor’s P-20 Education
Coordinating Council
Ability to analyze longitudinal data for a
variety of purposes
Mirrors the State’s needs as an enterprise
to analyze and determine effectiveness of
policies, programs, and resource allocation
Protocols and Procedures to be used in:
Collecting data
Storing data
Manipulating data
Sharing data
Retrieving data
Releasing data
2
1364 Council
Mission is to provide guidance,
policies, and procedures for
implementing a data sharing
architecture across the State
enterprise that will achieve the stated
goal and objectives of HB 08-1364.
1364 Council Participants – includes
executive branch agencies that
collect unit records
And others determined necessary by
State CIO
State, Judicial, Law
Committee representation – DGWG,
STRAC
Dedicated Program Manager and
Data Architect
3
1364 Council Scope
August 21, 2008 – February 26, 2009
Bi-monthly meetings
Unit Records – Records regarding Individuals
Baseline As-Is: one major application per agency (more if possible)
System
Data
Compliance
Procedures and Governance – leverage work of DGWG
Data Sharing – leverage success and lessons learned of current & failed state data
sharing initiatives
Benchmark similar work in up to 5 other States
Controls to protect privacy of citizen data
Develop To-Be recommendations
Work with pilot application – State Traffic Records Advisory Committee
(STRAC)
4
HB 08-1364 Objectives
Understand and document the data captured, stored and maintained by all State Executive
Branch Agencies;
Understand and document the policies and statutes that currently govern the privacy of
information held by all State Executive Branch Agencies;
Develop an architecture for the development of the data protocol, including data
normalization, identity resolution, and source data authority;
Develop recommendations and identify associated costs for a full implementation of the data
protocol;
Establish the circumstances under which a state agency may release data to a political
subdivision, a nongovernmental entity or an individual;
Develop a governance structure, including processes and procedures, to be used by state
agencies for sharing information with another state agency, with a political subdivision, or with
a nongovernmental entity or an individual;
Establish the format in which a state agency may release data to a political subdivision, a
nongovernmental entity or an individual; and to,
Ensure personal privacy and the protection of personal information.
5
Project Deliverables
Templates and procedures to capture all agency baseline data - done
A comprehensive reporting structure to store and maintain the reported agency baseline data
– in development
A report with the recommendations and strategy to be delivered to the State Chief Information
Officer
Suggested technical architecture and approach
Cost analysis
Timeline for implementation
Recommended governance structure
Policies and procedures to achieve data sharing
Identified statutory/regulatory changes necessary to the success of the data sharing protocol
Other recommendations as needed to facilitate objectives – e.g., data governance process, organization
structure changes, etc.
Final report to be delivered to Governor and Legislature
by State CIO
6
Communications & Subcommittee Structure
1364 Council Communication Tools
SharePoint portal: https://securityportal.isoc.state.co.us/1364
OIT website: www.colorado.gov/oit
Key Initiatives section
Subcommittees - To expedite and facilitate discussion of objectives and
decisioning
Technical – Mike Armbruster (CDOT), Chair
Business – Guy Mellor (CDOT), Chair
Legal – Susan Lin (AG), Chair
7
Subcommittees
8
Technical Subcommittee
Understand and document the data captured, stored and maintained by all State Executive
Branch Agencies;
Develop an architecture for the development of the data protocol, including data
normalization, identity resolution, and source data authority;
Develop recommendations and identify associated costs for a full implementation of the data
protocol;
Establish the format in which a state agency may release data to a political subdivision, a
nongovernmental entity or an individual.
Work with Business and Legal Subcommittees on the following:
Does the recommended approach meet business-side needs?
Will in work within the existing structure that exists today? If not, what are recommended changes?
Does the recommended approach meet legal, compliance and privacy requirements?
9
Business Subcommittee
Understand policies and statutes that currently govern the privacy of information held by all State Executive
Branch Agencies;
Understand and document major data sharing initiatives happening today among State Executive Branch
Agencies;
Develop a governance structure, including processes and procedures, to be used by state agencies for
sharing information with another state agency, with a political subdivision, or with a nongovernmental entity
or an individual;
Benchmark the work of up to 5 other states in this area;
Assist Technical and Legal Subcommittees with the following:
Develop an architecture for the development of the data protocol, including data normalization, identity resolution, and
source data authority
HELP RESOLVE BUSINESS-SIDE ISSUES
Develop recommendations and identify associated costs for a full implementation of the data protocol
ARE RECOMMENDATIONS REALISTIC?
IS THE TIME FRAME REALISTIC?
WHAT ARE THE POTENTIAL RISKS/ISSUES WITH THE RECOMMENDED APPROACH?
Are the legal, compliance and privacy needs of the agencies being met?
IF NOT, IDENTIFY GAPS
ASSIST IN IDENTIFICATION OF POTENTIAL STATUTORY/REGULATORY CHANGES THAT MAY NEED TO BE
MADE (IF POSSIBLE)
10
Legal Subcommittee
Understand and document the policies and statutes that currently govern the privacy of
information held by all State Executive Branch Agencies;
Establish the circumstances under which a state agency may release data to a political
subdivision, a nongovernmental entity or an individual;
Ensure personal privacy and the protection of personal information.
Assist the Technical and Business Subcommittees with the following:
Identify existing statutory/regulatory changes or interpretations that may need to happen (if possible) to
facilitate the implementation of HB-1364.
Does the recommended technical approach stay within Federal and State legal, compliance and privacy
requirements?
Does the recommended governance structure stay within State legal, compliance and privacy
requirements?
11
Baseline Inventory – Systems and Data
12
What are we doing?
Taking Inventory of information to formulate the basis for data sharing.
Platform: Hardware, OS Software, Virus Software, network, etc.
Application information
Database: Database management system
Data Elements: Begin the Data dictionary
Targeting 1 primary system containing unit data from each
agency.
13
What is the approach?
What is the approach for gathering the information?
Leverage the work already completed in the government sector
Primary reference models
The Federal Enterprise Architecture1 (FEA)
National Information Exchange Model2 (NIEM)
Adhere as close as possible to the Federal Enterprise Architecture
Focus on the Data Reference Model3 (DRM) for the unit data elements.
Include data component information from the National Information
Exchange Model as appropriate.
1
References in this document to the FEA are to FEA Consolidated Reference Model Document Version 2.3 October of 2007.
References to NIEM include the Introduction to the National Information Exchange Model (NIEM) February 12, 2007, Requirements for a
NIEM Information Exchange Package Documentation Specification 2.1 Draft.
3 References in this document to the DRM are to the Data Reference Model Version 2.0 November 17, 2005
2
14
What is the FEA?
Federal Enterprise Architecture
A Framework for communication.
Purpose: to facilitate cross-agency analysis, duplication, gaps,
opportunities for collaboration.
Goal: Better management, communication through common
framework and vocabulary.
Method: Five FEA Reference Models
Input Tool: Excel Spreadsheet
15
Why the FEA?
Why the Federal Enterprise Model and NIEM?
Colorado is standardizing on a best-practice models
The FEA is a complete model with specific guidelines for
managing sensitive data
NIEM has completed work on Information Exchange Packages
Provides Colorado with compatibility with the Federal Government
Many states have adopted the FEA and DRM
It is a relatively mature model
Build on work done by the Data Governance Working Group
1
References in this document to the FEA are to FEA Consolidated Reference Model Document Version 2.3 October of 2007.
16
Baseline Data Collection Process
Agency Input:
1.Each agency will create a copy of the Unit Information Data Element
Definitions spreadsheet, populate it with information from their primary
application that accepts/processes unit data, and upload it to the
SharePoint site..
2.Each agency will copy the System Inventory spreadsheet and populate
the copy with information from their primary application that
accepts/processes unit data.
Upload:
We will upload this data to a DBMS for analysis by the subcommittee.
This will give us a base from which to determine how much modeling
and transformation work will be needed.
Work is already underway and due by October 30th
17
Questions
Next meeting:
Sept. 18th
Time:
11 am – 1 pm
Location:
CDE, 1560 Broadway
[email protected] or 303-866-6280
18