COMDTINST JUL 2013 COAST GUARD C4I DATA MANAGEMENT (DM) POLICY

Transcription

1 Commandant nd St SW Stop 7101 United States Coast Guard Washington, DC Staff Symbol: CG-6 Phone: (202) Fax: (202) edmp@uscg.mil COMMANDANT INSTRUCTION COMDTINST JUL 2013 Subj: COAST GUARD C4I DATA MANAGEMENT (DM) POLICY Ref: (a) Establishment of the Commandant (CG-6) Directorate and Associated Duties, COMDTINST (series) (b) Command, Control, Communications, Computers and Information Technology (C4&IT) Enterprise Architecture (EA) Policy, COMDTINST (series) (c) Department of Homeland Security Enterprise Data Management Directive (series) (d) Coast Guard Organization Manual, COMDTINST M (series) (e) Command, Control, Communications, Computers and Information Technology (C4&IT) System Development Life Cycle (SDLC) Policy, COMDTINST (series) (f) Department of Homeland Security Authoritative and Trusted Data Methodology (ATDM) (Link: _ATDM.pdf ) (g) MIL-STD-1472 Human Engineering (series) (h) NAVSEA Common Presentation Layer (CPL) Guide (series) (i) ANSI/HFES 100 Human Factors Engineering of Computer Workstations (series) (j) ANSI/HFES 200 Human Factors Engineering of Software User Interfaces (series) (k) Information and Life Cycle Management Manual, COMDTINST M (series) 1. PURPOSE. This Directive establishes the Coast Guard (CG) Enterprise Data Management (EDM) Program. It defines CG DM policy, standards, roles, responsibilities, and authority, including data modeling methodology standards, data exchange standards, and a data stewardship framework. It assigns responsibility for its governance to Commandant (CG-66) the CG Chief Enterprise Architect (CEA), on behalf of Commandant (CG-6), the CG Chief Information Officer (CIO). A B C D E F G H DISTRIBUTION SDL No. 162 a b c d e f g h i j k l m n o p q r s t u v w x y z X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X NON-STANDARD DISTRIBUTION:

2 2. ACTION. All Coast Guard unit commanders, commanding officers, officers-in-charge, deputy/assistant commandants, and chiefs of headquarters staff elements shall comply with the provisions of this Instruction. Internet release is authorized. 3. DISCLAIMER. This instruction is intended to provide operational requirements for Coast Guard personnel and is not intended to nor does it impose legally-binding requirements on any party outside the Coast Guard. 4. DIRECTIVES AFFECTED. None 5. BACKGROUND. Commandant (CG-6) provides C4&IT assets that support all of the Coast Guard's diverse missions by providing the right information to the right people at the right time to make the right decisions. Commandant (CG-6) responsibilities include management and oversight of all Coast Guard C4&IT operational, business, and infrastructure assets. Enterprise data is a valued asset that comprises the information that can improve mission performance and support decision making. Information must not only support the CG mission but must be shared and reused throughout the DHS and the federal government as an integrated entity. In order to accomplish this, consistent data models must be developed and utilized to facilitate the easy retrieval and sharing of information to meet information exchange requirements. 6. References (a) thru (k) provide the basis for establishing and defining the authority of the CG DM Program and justify/ rationalize the objectives and policy requirements of this Directive. a. Reference (a) establishes and defines the authority, roles, and responsibilities of the Assistant Commandant for Command, Control, Communications, Computers and Information Technology (CG-6), designates this officer as the Chief Information Officer (CIO), and establishes the Commandant (CG-6) directorate. b. Reference (b) establishes and defines the authority of the Coast Guard Enterprise Architecture and assigns responsibility for its governance to the Coast Guard s Chief Enterprise Architect on behalf of Assistant Commandant (CG-6), the U.S. Coast Guard Chief Information Officer (CIO). c. Reference (c) establishes and defines the authority of the Department of Homeland Security (DHS) Data Management Policy by the Office of the Chief Information Officer (OCIO). Reference (c) further states that DHS Data Management Policy shall be administered by the DHS Enterprise Data Management Officer (EDMO) under the direction of the DHS OCIO. Reference (c) requires that Component Chief Information Officers ensure Component compliance with Homeland Security Enterprise Architecture and data management policies and data standards. d. Reference (d) prescribes the pattern of organization for the Coast Guard and assigns to various components of the organization those functions which must be performed in order to attain the overall objectives of the Coast Guard. Reference (d) further states that Commandant (CG-66) under the general direction and supervision of the Chief Information Officer, Assistant Commandant for Command, Control, Communications, Computer and Information Technology (C4&IT), the Chief, Office of Enterprise Architecture (EA) and Governance shall administer the CG Enterprise Data Management Office (EDMO) to guide data quality, sharing, efficiency, security, and compliance. 2

3 e. Reference (e) defines the authority, roles, and responsibilities governing the Coast Guard s System Development Life Cycle (SDLC) for Command, Control, Communications, Computers and Information Technology (C4&IT) systems. f. Reference (f) defines Authoritative and Trusted Data and component governance process guidelines related to it. g. References (g) thru (j) define Human Factor Engineering standards. h. Reference (k) provides guidance for Records Management and Disposition. 7. OUTCOMES. The implementation and compliance with this Directive is expected to result in the following outcomes: a. CG enterprise data is accurate, visible, accessible, secure, non-redundant, interoperable, and understandable to all authorized users. b. The timely sharing of valid information within the CG, the DHS, and the extended enterprise results in mission success. c. Access to valid, consistent, and comprehensive information results in improved mission efficiency. 8. POLICY. This Directive establishes CG Enterprise Data Management policy, implementation and compliance guidance for References (a) through (f). All Coast Guard organizations involved in the planning, acquisition, production, deployment, support, operation, and disposition of Coast Guard Doctrine, Organization, Training, Materiel, Leadership, Personnel, and Facilities plus Regulations/Grants/Standards (DOTMLPF+R/G/S) associated with C4&IT, that support the Coast Guard s missions and/or business operations shall follow this DM Policy and ensure compliance with the following requirements: a. Compliance with all legal requirements including, but not limited to, Freedom of Information Act (FOIA), Privacy Act, Records Management, Applicable legal requirements related to the preservation of information relevant to litigation, Security, and Reference (f). b. The creation, quality assurance, change control, use, sharing, efficiency, management, and security of CG enterprise data and metadata, whether it is shared or unshared with external entities, shall be conducted in accordance with this DM Policy. c. Commandant (CG-66), the CG CEA, is designated by Commandant (CG-6), the CG CIO, as the Program Manager for the CG Enterprise Data Management (EDM) Program. d. Enterprise data shall be produced and managed in a manner that is capable of being shared and reused by authorized users with valid mission and business requirements following applicable sharing standards. Where data exchange standards exist for a data exchange, and those standards comply with DM Policy requirements, then those standards shall be used; else, data exchange standards defined through this policy shall be used. e. In order to reduce data-entry errors, and reduce time recording data in the field by information system users, information system functional requirements shall include a 3

4 requirement to leverage technology to automatically insert data from available sources wherever possible, in the creation, or revision of Authoritative and Trusted Data Sources (ATDS) records. f. Validated information sharing requirements shall be documented in an DM Plan to ensure data is shared with authorized users except where limited by law, policy, or classification. g. Enterprise data shall be protected from deliberate, unintentional, inappropriate, or unauthorized alteration, destruction, access, or disclosure in accordance with established CG and DHS security policies and practices. h. DM policy, practices, processes, and standards, as defined in this Directive shall be applied to manage data quality and eliminate redundant data. i. CG Enterprise Data shall be governed by a data governance process that is implemented within a data governance forum in alignment with DHS policy, standards, and processes. j. Enterprise data shall be modeled, named and defined consistently across and within the CG in compliance with the DHS Lexicon. k. Synonym names and definitions shall be used as appropriate for end user relevance and understanding. l. CG enterprise data shall be documented by a standard set of metadata aligned with DHS metadata standards. m. Metadata standards shall include information assurance, quality, privacy sensitivity, an authoritative source, and business rules for acceptable use for the data. n. Sources of data that are to be designated as Authoritative Data Sources shall be identified, verified and registered in the Enterprise System Inventory (ESI). o. Sources of data that are to be designated as Trusted Data Sources shall be identified, certified, and registered in the Enterprise System Inventory (ESI). p. Designated ATDS shall be documented in an approved Authoritative and Trusted Data Source Questionnaire (ATDSQ). q. ATDS identification, verification, and certification roles, responsibilities, authorities, and processes shall be governed using the mandatory and optional criteria and concepts defined in Sections 3 and 4 of Reference (f). r. All CG Enterprise data and metadata (including ATDS designation) along with data Models, Entity Relationship Diagrams (ERDs), tables, fields shall be identified and stored in the CG Enterprise Data Catalog (EDC). s. C4IT system project teams shall consult Reference (f) to ensure ATDS requirements are addressed in the functional requirements document mandated by Reference (e). 4

5 t. When contracting for system development or system support services, all C4&IT Project Teams shall consider the Human Factor Engineering (HFE) standards defined in References (g) thru (j) in support of Authoritative and Trusted Data Source functional requirements when complying with the requirements of Reference (f). These standards should be tailored by the Government as part of the contract. If they are not tailored by the Government, the contractor should determine any appropriate tailoring for the applicability to the system and recommend tailoring to the Government for approval. While these standards provide design criteria with respect to human capabilities and limitations, they are not intended to limit innovation in the design or selection of specific hardware, software, materials, and processes. u. The CG DM Program shall be measured for performance to provide the basis for improving the DM program. 9. IMPLEMENTATION. This Directive defines what the CG DM Policy is. Failure to comply with the requirements of this Directive may result in unfavorable consideration for decisions including, but not limited to Acquisition Decision Events (ADEs), procurements, resources, and SDLC Phase Exit Reviews. This section describes the strategy for DM Program implementation: a. DM Practice. This Directive establishes the authority and responsibility for Commandant (CG-6) to publish the DM Practice. The DM Practice provides implementation guidance to this policy by describing how to execute the governance, forums, roles, responsibilities, and procedures necessary to ensure compliance with DM policy requirements described in Reference (a) through (f). b. Change Management. In support of the concept of Continuous Improvement a change management forum, consisting of cross-organizational representation, shall be chartered for the DM Policy and Practice change management process. The Enterprise Data Management Work Group (EDMWG) shall function as a subordinate forum to the Enterprise Architecture Board (EAB). Further details may be found in the Roles and Responsibilities section of this Directive. 10. ROLES AND RESPONSIBILITIES. The development and governance of an Enterprise Data Management Program is an integral part of the Coast Guard Enterprise Architecture. The following roles and responsibilities are established for the EDM Program. a. Chief Information Officer (CIO). Responsible for the execution of this policy. b. Chief Enterprise Architect (CEA). Responsible for the governance of this policy. c. Enterprise Data Management Program (EDMP). Responsible for developing, communicating, and maintaining the Enterprise Data Management Procedures to include data architecture, metadata management, data standardization, semantic technologies, data sharing and access, data governance, performance measurement and improvement, tools, security, and privacy. d. Enterprise Data Architect. Responsible for oversight and guidance for the enterprise data architecture including data models and standards, metadata management, data sharing architecture (Data Reference Model (DRM), National Information Exchange Model (NIEM)) and data governance. 5

6 e. Data Steward. Responsible for ensuring compliance with the DM Policy for one or more assigned initiatives. Works with developers to prepare data artifacts needed for governance and decision-making. Prepares data for updating the relevant data catalogs and repositories. Data stewards shall be assigned and shall interface with the roles of associated processes such as the SDLC, and EAB, to ensure compliance with data management policy and standards. f. Data Sponsor. Responsible for defining the data requirements, including content, quality and currency, for use in mission support activities. Data sponsors are also responsible for forming and facilitating Communities of Interest (COI) around specific data categories to address differences and issues. g. Enterprise Data Management Working Group (EDMWG). The Enterprise Data Management Work Group (EDMWG) shall be chartered under the Enterprise Architecture Board (EAB) by the EAB Chair. The EDMWG shall serve as the CG s Enterprise Data Management Governance Forum, under which the CG s Enterprise Data Management Governance Process shall be conducted. The EDM Governance Process shall serve as the mechanism for addressing EDM issues including changes to the DM Policy and Practice, and to adjudicate cross-programmatic, and cross-system ATDS functional requirements to ensure they are uniformly applied across systems. 11. DEFINITIONS. The following term definitions are adapted from Reference (c) and (f): a. Data Management. Data Management is the practice of putting into place policies, procedures and best practices that ensure that data is understandable, trusted, visible, accessible and interoperable. Data Management functions include processes and procedures that cover planning, modeling, security, information assurance, access control, and quality. Outcomes of Data Management include the improvement of data quality and assurance, enablement of information sharing, and the fostering of data reuse by minimizing data redundancy. b. Data Model. Data models support the development of information systems by providing the definition and format of data. The model consists of entity types, attributes, relationships, integrity rules, and the definitions of those objects. c. Data Stewards. Data Stewards provide service and leadership with respect to data management, making decisions based on the enterprise perspective. Data Stewards perform their stewardship responsibilities as an integral part of the duties they are assigned, and as such, their job descriptions shall reflect specific enterprise data responsibilities such as data definition, data quality, data production and/or data usage. There are different types of Data Stewards within DHS which can be categorized by the data management responsibilities such as defining, managing, governing and sharing. Each type of Data Steward accommodates the various perspectives of data management required to make informed data governance decisions. d. Enterprise Data. Is the sum of all data collected, created, used, managed, maintained, shared and stored by DHS Components, organizations and programs and warrants stewardship by the appropriate data stewards from the enterprise perspective. 6

7 e. Information Sharing Environment (ISE). As defined in the Program Manager for the Information Sharing Environment s Enterprise Architecture Framework description, is a common framework for the sharing of information between and among Federal departments and agencies, State, local, and tribal (SLT) governments, law enforcement agencies, international entities, and the private sector, as well as common standards for how information is acquired, accessed, shared and used within the framework. f. Authoritative Data. Authoritative data is a specific set of data used to satisfy a business need that has been officially cited or recognized for that need. Section 3.1 of Reference (f) provides the detailed official definition for Authoritative data. g. Trusted Data. Trusted data refers to a particular set of data and its source data asset that are certified as meeting high standards of criteria, including integrity, security, quality, and reliability. Section 4.0 of Reference (f) provides the detailed official definition for Trusted data. Re-stated, Trusted designations are applied to both a set of data and the data asset containing it or, its source.. h. Authoritative and Trusted Data Source (ATDS). A data source containing a specific set of data that meets the criteria for being designated authoritative and trusted data. The authoritative and trusted data contained in an authoritative and trusted source may originate within that source or from one or more other sources, internally or externally. 12. RECORDS MANAGEMENT CONSIDERATIONS. This Instruction has been thoroughly reviewed during the directives clearance process, and it has been determined there are no further records scheduling requirements, in accordance with Federal Records Act, 44 U.S.C et seq., NARA requirements, and Reference (k). This policy does not have any significant or substantial change to existing records management requirements. Disposition of records created under this policy should be in compliance with Reference (k). 13. ENVIRONMENTAL ASPECT AND IMPACT CONSIDERATIONS. a. The development of this Instruction and the general policies contained within it have been thoroughly reviewed by the originating office in conjuction with the Office of Environmental Management, and are categorically excluded (CE) under current USCG CE #33 from further environmental analysis, in accordance with Section 2.B.2. and Figure 2-1 of the National Environmental Policy Act Implementing Procedures and Policy for Considering the National Environmental Policy Act Implementing Procedures and Policy for Considering Environmental Impacts, COMDTINST M (series). Because this Instruction implements, without substantive change, the applicable Commandant Instruction or other federal agency regulations, procedures, manuals, and other guidance documents, Coast Guard categorical exclusion #33 is appropriate. b. This directive will not have any of the following: significant cumulative impacts on the human environment; substantial controversy or substantial change to existing environmental conditions; or inconsistencies with any federal, state, or local laws or administrative determinations relating to the environment. All future specific actions resulting from the general policies in this Instruction must be individually evaluated for compliance with the National Environmental Policy Act (NEPA), Council on Environmental Policy NEPA 7

8 regulations at 40 CFR Parts , DHS and Coast Guard NEPA policy, and compliance with all other environmental mandates. 14. FORMS/REPORTS. None. R.E. Day /s/ Assistant Commandant for Command, Control, Communications, Computers and Information Technology 8