A Privacy Officer s Guide to Providing Enterprise De-Identification Services. Phase I

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "A Privacy Officer s Guide to Providing Enterprise De-Identification Services. Phase I"

Transcription

1 IT Management Advisory A Privacy Officer s Guide to Providing Enterprise De-Identification Services Ki Consulting has helped several large healthcare organizations to establish de-identification services aligned with privacy regulations and industry best practices. A mature de-identification service, as defined by our De-identification Maturity Model 1, will ensure compliance with privacy legislation, lower privacy risk, and enable organizations efficiently to share high-quality data for secondary purposes. It will also include performance measurement, which allows organizations to evaluate the success of the service in terms of increased efficiency, variety, and volume of data sharing, as well as the research and clinical utility of de-identified data. Based on our experience, we have developed an effective approach to building a mature healthcare deidentification service in three distinct phases: De-Identification Business Architecture Design, Software Tool Selection and Service Rollout. The methodology for each phase embodies a tried and tested approach and aligns with industry best practices. Our strategy ensures that clients reap the benefits of more efficient de-identification processes and software systems, and that these will outweigh the initial investment costs. Phase I: De-Identification Business Architecture Design Business architecture defines the goals, scope, roles, and process for de-identification and lays the groundwork for an efficient, economical, and transparent service. Designing or redesigning business architecture involves locating the de-identification service and its purpose within the organization and defining the basic structures of the service, such as business processes, staffing, reporting, and performance measurement. We have devised a streamlined 4-step approach to designing the business architecture for an effective de-identification service suited to an organization s needs, goals and structure: Phase I 1 Determine Organizational Resources and Needs 2 Determine Organizational Maturity Level 3 Redesign Business Processes & Establish a Measurement Plan 4 Determine De- ID Staffing & Set Reporting Structure Step 1: Determine Organizational Resources and Needs 1 Khaled El Emam and Waël Hassan, The De-identification Maturity Model, Privacy Analytics (2013). Available at under The Ki Approach: De-identification Maturity Model.

2 The first step is to determine how a de-identification service can fulfill organizational needs. In order to do this, we recommend carrying out a needs analysis, which must include clinical and research perspectives. It is also important to understand the existing contracts that the organization has with its data sources and what organizational needs they reflect. By analyzing the defined needs and juxtaposing them across metrics related to the management of scope, cost, time and resources, we can confidently move forward with a plan for a de-identification service that makes sense in the organization s particular context. We recommend that the following parameters be determined during this step: How will the service be funded? Is there sufficient stakeholder interest for it to be viable? How will a vendor or vendors be engaged? Where will the service be physically located? Who will have authority and accountability for it? Who will be responsible for carrying out the work? How does the service align with other projects? How does it integrate with other IT projects? Which standards will the service follow? Are there plans for privacy and security oversight? What will the service s developmental lifecycle be? How will the service contribute to the organization's main services? How will it work within other services? How will it fit into the overall business process? Who needs de-identification? What are the needs of each group of users? What is the business context of de-identification? Who will supply de-identification services? Which vendor(s) will be involved? Who will govern the program? What services will be provided? How will these match the needs of specific client groups? How will the data model be structured? How will data relationships be integrated? What are the existing contracts and how do they affect the requirements for a de-identification service? Step 2: Determine Organizational Maturity Level When working with clients to establish a de-identification service, we consider it important to conduct a maturity assessment of the current state of de-identification practices within the organization. This serves several purposes: it provides an objective evaluation of de-identification practices; it establishes a baseline against which to measure future progress; it provides a means of comparing the practices of different units or departments; and it offers guidance for future development. Our assessment involves conducting interviews, analyzing use patterns, dissecting processes, and looking at current practices for managing privacy-related services, etc. The tool which we use for these assessments is the De-identification Maturity Model, which evaluates an organization s key de-identification practices, their implementation, and the technologies used in the de-identification process. The different levels of each of these three dimensions are described below.

3 Key De-identification Practice Dimension P1 Ad-hoc At this level, an organization does not have any defined practices for de-identification. The methods used, if there are any, are not proven to be rigorous or defensible. Within the organization there tends to be a lot of variability in how data is de-identified, as the type and amount of de-identification applied will depend on the analyst who is performing it, and that analyst s experience and skill. P2 Masking Organizations at this level only implement masking techniques. Masking techniques focus exclusively on direct identifiers such as name, phone number, health plan number, and so on. P3 Heuristics At this level organizations have masking techniques in place, and have started to implement heuristic methods (rules-of-thumb) for protecting indirect identifiers. P4 Risk-based Risk-based de-identification involves the use of empirically validated and peer-reviewed measures to determine acceptable re-identification risk and to demonstrate that the actual risk in the data sets is at or below this acceptable risk level. In addition to measurement, there are specific techniques that take into account the context of the de-identification when deciding on an acceptable risk level. P5 Governance At the highest level of maturity, masking and risk-based de-identification are applied as described in Practice Level 4. However, now there is a governance framework in place, as well as practices to implement it. Governance practices include performing audits of data recipients, monitoring changes in regulations, and having a re-identification response process. The Implementation Dimension I1 - The Initial Level

4 At the Initial level the de-identification practices are performed by an analyst with no documented process, no specific training, and no performance measurements in place. I2 The Repeatable Level At the Repeatable level the organization has basic project management practices and structure in place to manage the de-identification service. Also critical at this level is the involvement of the privacy or compliance office in helping to shape de-identification practices. I3 The Defined Level The Defined level of implementation means that the de-identification process is documented and there is training in it in place. I4 The Measured Level The Measured level of implementation pertains to performance measures of the de-identification process being made and used. Measures can be based on tracking of the data sets that are released and of any data sharing agreements. Note: The levels in the Implementation dimension are cumulative in that it is difficult to implement a higher level without having first implemented a lower level. For example, meaningful performance measures will be difficult to collect without having a defined process. The Automation Dimension A1 Home-grown Automation An organization attempts to develop its own scripts and tools to de-identify data sets. A2 Standard Automation An organization adopts tools that have been used more broadly by multiple organizations and have received scrutiny. These may be publicly available (open source) or commercial tools. Based on the results of the assessment we can establish an organization s de-identification maturity level. For example, an organization that has purchased a data masking tool and implemented it, and has documented the data masking process and its justifications thoroughly, would be scored at P2-I3-A2. We then work with clients to develop an attainable target maturity level for each dimension. Step 3: Redesign Business Processes and Establish a Measurement Plan Once the basic structure of the service is established, the next step is to design its function. In this step, we shift our focus from structure to process. The answers to the following questions can be used first to assess current business processes, and then to envision the business processes of the new service: What is the service delivery model who handles client interactions? What are the business process model and business function model? How are services structured? What is the service process? What roles are involved?

5 How is the performance of the service measured and improved? What are the business rules that is, how much access to data do various clients and administrators have? Ki Consulting Once these questions have been used to assess the current state and to envision the future state of deidentification processes, the gaps between the two states provide the basis for a roadmap for development. The second part of this step, in line with the principles of performance management, is to establish a measurement plan in order to measure the value and maturity of the de-identification service. A measurement plan will usually be based on the three dimensions of the De-Identification Maturity Model. Development along each of the dimensions may be conducted simultaneously or staggered, depending on resources. A key aspect of an effective measurement plan is establishing realistic maturity level targets. We must be careful to establish a target level that is attainable within the chosen timeframe. Going directly from a Level P1 to a Level P4 is not a feasible target; however, aiming to upgrade to a Level 2-3 is. After securing Level 3 maturity, the system can be effectively upgraded to Level 4 and onwards. We help our clients to develop an ambitious, yet realistic plan to ensure that target maturity levels are attained. While organizational maturity levels provide a very useful framework for evaluating the development of the service, we recognize the importance of measuring progress against tangible outcomes. The Implementation dimension of the De-identification Maturity Model includes performance measurement: this will include measures of the volume and efficiency of data sharing, and of the utility of de-identified data from research and clinical perspectives. These measures can provide rapid and concrete feedback as to the value of improved de-identification practices and processes. Step 4: Determine De-identification Service Staffing & Set Reporting Structure In order for a de-identification service to have the authority to enforce best practices and engage staff in implementing changes, the service must be positioned at a senior level within the management hierarchy. Successful de-identification management depends on the authority and effectiveness of two key resources: 1. De-identification Practice Specialist: Provides expertise on tools, techniques, and methodology. The De-identification Practice Specialist is responsible for training staff in new practices by developing FAQs, providing a library of de-identification resources, and offering workshops. He or she also oversees risk management practices, develops de-identification templates for different data sharing scenarios, and creates and interprets risk reports for data releases. 2. De-identification Service Manager: The Service Manager is responsible for understanding the dependencies and relationships between different data recipients, data suppliers, and the service. He or she must have a high level understanding of all current projects and their timelines, milestones and targets in order to realize the collective benefit of the service. He or

6 she will also report on the maturity of de-identification methodology as it is implemented throughout the service. A frequent risk to the overall implementation of a de-identification service and the specific staffing component is staff aversion to culture change. The unfaltering support of upper management is critical to the success of the service. It is the role of the De-identification Practice Specialist and Service Manager to facilitate proper training and maintain employee confidence in the service in order to ensure full acceptance and lasting integration into the organization s practices. Phase II: Software Tool Selection Once the business architecture for an effective de-identification service has been designed, deidentification software can be procured that will meet the service s needs and goals. To choose deidentification software and prepare to implement it, we guide our clients through three overlapping steps: 1. Drafting RFP 2. Assembling a Library of De- Identification Materials 3. Selecting De- Identification Software Step 1: Drafting RFP Ki Consulting assists clients in drafting a request for proposals (RFP) in order to secure a vendor for suitable de-identification software. Drawing on the needs analysis conducted during the first phase, we define what software capabilities are crucial for the success of the service. Based on these needs we draft the requirements of the RFP. Step 2: Assembling a Library of De-Identification Materials Concurrent with Step 1, we will develop a repository of de-identification materials such as data mapping templates, workflow diagrams, toolkits, etc. These documents and templates will form a library of reference that will aid in the adoption and effective use of de-identification software. From prior engagements, we have collected a wealth of documents and templates that can be included in a library of de-identification materials.

7 Step 3: Selecting De-identification Software Following the issuance of the RFP, we work with our clients to evaluate the received proposals and select a preferred vendor. The choice of de-identification software should be governed by its capacity to implement mature de-identification practices: not only masking direct identifiers, but also providing risk metrics to guide the effective de-identification of indirect identifiers. Also key is that the software be easy to use and be perceived as useful by staff. We aim to select a tool that will effectively maximize the value of its implementation and provide the best ROI in terms of cost efficiency by increasing the volume and quality of de-identified data available to clients. Phase III: Service Rollout In order to achieve a successful launch of the de-identification service and to develop effective risk management practices, we recommend implementing new de-identification practices first in a relatively simple data provision context before moving on to more complex environments. A recommended phased service rollout would unfold as follows: Wave 1 Wave 2 Wave 3 Wave 4 One database for one client (e.g., one hospital) Multiple databases for the same client Multiple databases for several clients or for a complex client (e.g., an integrated health network) Online implementation Wave 1: One Database for One Client Beginning by implementing new de-identification processes within a single database for a single client allows staff to become familiar with new processes without the added complexity of interdependencies between databases. Until risk measurement is in place, it is difficult to manage the privacy risks created by clients potentially linking data from different databases, and providing a client with access to multiple databases is not recommended. Wave 2: Multiple Databases for Same Client Once an organization has developed the capability to measure data risk, providing multiple databases to a single client offers an opportunity to learn how to manage data interdependencies within the context of an established contract or agreement. Wave 3: Multiple Databases for Several Clients or for a Complex Client Once the organization is proficient in evaluating data risk and handling interdependencies, the next step is to develop the capacity to measure client risk. This involves creating versatile de-identification templates to be applied to data: that is, the data risk levels of different databases are mapped to a risk

8 classification of client types (e.g., hospitals, researchers, health networks) to determine the specific deidentification techniques that will be applied to data prior to release. At this level, clients patterns of data requests are monitored for performance measurement and risk management purposes. Wave 4: Online Implementation This final wave moves beyond applying templates to calculating risk automatically, allowing for data to be released instantaneously. Clients are granted different levels of data access based on a priori assessments of client risk. When a client requests a dataset, data risk is calculated automatically and mapped to the client access level to determine which de-identification techniques will be applied. Deidentification techniques are then automatically applied and the data is released instantaneously. At this stage, strong risk management, performance management and governance practices are required to ensure compliance with privacy laws and regulations. Summary Our de-identification service development methodology follows a tried and tested approach that we have successfully applied to numerous past clients. Based on our experience in the healthcare sector, we have refined an approach to developing a de-identification service in three clearly structured phases: De-identification Business Architecture Design, Software Tool Selection, and Service Rollout. Each of these phases integrates industry best practices with organizational structures and processes, with a specific aim of designing a service best suited to each organization s context, goals, and culture. This contextualized approach, guided by the concept of de-identification maturity, enables organizations to develop a de-identification service that will ensure compliance with privacy legislation and regulations, lower privacy risk, and increase the volume, efficiency, and utility of data sharing.

The De-identification Maturity Model Authors: Khaled El Emam, PhD Waël Hassan, PhD

The De-identification Maturity Model Authors: Khaled El Emam, PhD Waël Hassan, PhD A PRIVACY ANALYTICS WHITEPAPER The De-identification Maturity Model Authors: Khaled El Emam, PhD Waël Hassan, PhD De-identification Maturity Assessment Privacy Analytics has developed the De-identification

More information

HIPAA Life Cycle and Project Plan A roadmap to becoming Compliant with HIPAA Transactions and Code Sets

HIPAA Life Cycle and Project Plan A roadmap to becoming Compliant with HIPAA Transactions and Code Sets HIPAA Life Cycle and Project Plan A roadmap to becoming Compliant with HIPAA Transactions and Code Sets Model Compliance Plan for Extension and Project Plan The Centers for Medicare & Medicaid Services

More information

BERSIN & ASSOCIATES STRATEGIC SERVICES. WhatWorks in Enterprise Learning and Talent Management

BERSIN & ASSOCIATES STRATEGIC SERVICES. WhatWorks in Enterprise Learning and Talent Management BERSIN & ASSOCIATES STRATEGIC SERVICES WhatWorks in Enterprise Learning and Talent Management Decisions related to corporate learning and talent management have far-reaching impact. They can influence

More information

Table of contents. Best practices in open source governance. Managing the selection and proliferation of open source software across your enterprise

Table of contents. Best practices in open source governance. Managing the selection and proliferation of open source software across your enterprise Best practices in open source governance Managing the selection and proliferation of open source software across your enterprise Table of contents The importance of open source governance... 2 Executive

More information

U.S. Department of the Treasury. Treasury IT Performance Measures Guide

U.S. Department of the Treasury. Treasury IT Performance Measures Guide U.S. Department of the Treasury Treasury IT Performance Measures Guide Office of the Chief Information Officer (OCIO) Enterprise Architecture Program June 2007 Revision History June 13, 2007 (Version 1.1)

More information

WHY DO I NEED A PROGRAM MANAGEMENT OFFICE (AND HOW DO I GET ONE)?

WHY DO I NEED A PROGRAM MANAGEMENT OFFICE (AND HOW DO I GET ONE)? WHY DO I NEED A PROGRAM MANAGEMENT OFFICE (AND HOW DO I GET ONE)? Due to the often complex and risky nature of projects, many organizations experience pressure for consistency in strategy, communication,

More information

DITA Adoption Process: Roles, Responsibilities, and Skills

DITA Adoption Process: Roles, Responsibilities, and Skills DITA Adoption Process: Roles, Responsibilities, and Skills Contents 2 Contents DITA Adoption Process: Roles, Responsibilities, and Skills... 3 Investigation Phase... 3 Selling Phase...4 Pilot Phase...5

More information

Visual Enterprise Architecture

Visual Enterprise Architecture Business Process Management & Enterprise Architecture Services and Solutions October 2012 VEA: Click About to edit Us Master title style Global Presence Service and Solution Delivery in 22 Countries and

More information

ORACLE S PRIMAVERA FEATURES PORTFOLIO MANAGEMENT. Delivers value through a strategy-first approach to selecting the optimum set of investments

ORACLE S PRIMAVERA FEATURES PORTFOLIO MANAGEMENT. Delivers value through a strategy-first approach to selecting the optimum set of investments ORACLE S PRIMAVERA FEATURES Delivers value through a strategy-first approach to selecting the optimum set of investments Leverages consistent evaluation metrics, user-friendly forms, one click access to

More information

Achieving Business Analysis Excellence

Achieving Business Analysis Excellence RG Perspective Achieving Business Analysis Excellence Turning Business Analysts into Key Contributors by Building a Center of Excellence Susan Martin March 5, 2013 11 Canal Center Plaza Alexandria, VA

More information

Marketing Strategy, Operations & Measurement Business Strategy, General Management & Leadership Project, Risk & Change Management

Marketing Strategy, Operations & Measurement Business Strategy, General Management & Leadership Project, Risk & Change Management Marketing Strategy, Operations & Measurement Business Strategy, General Management & Leadership Project, Risk & Change Management 2014 Marketing Outlook Study: Highlights & Horizons Balance Sheet Template

More information

Final. North Carolina Procurement Transformation. Governance Model March 11, 2011

Final. North Carolina Procurement Transformation. Governance Model March 11, 2011 North Carolina Procurement Transformation Governance Model March 11, 2011 Executive Summary Design Approach Process Governance Model Overview Recommended Governance Structure Recommended Governance Processes

More information

Exhibit F. VA-130620-CAI - Staff Aug Job Titles and Descriptions Effective 2015

Exhibit F. VA-130620-CAI - Staff Aug Job Titles and Descriptions Effective 2015 Applications... 3 1. Programmer Analyst... 3 2. Programmer... 5 3. Software Test Analyst... 6 4. Technical Writer... 9 5. Business Analyst... 10 6. System Analyst... 12 7. Software Solutions Architect...

More information

CAPABILITY MATURITY MODEL & ASSESSMENT

CAPABILITY MATURITY MODEL & ASSESSMENT ENTERPRISE DATA GOVERNANCE CAPABILITY MATURITY MODEL & ASSESSMENT www.datalynx.com.au Data Governance Data governance is a key mechanism for establishing control of corporate data assets and enhancing

More information

The Fast Track Project Glossary is organized into four sections for ease of use:

The Fast Track Project Glossary is organized into four sections for ease of use: The Fast Track Management Glossary provides a handy reference guide to the fast track management model, encompassing the concepts, steps and strategies used to manage successful projects even in the face

More information

A Final Report for City of Chandler Strategic IT Plan Executive Summary

A Final Report for City of Chandler Strategic IT Plan Executive Summary A Final Report for City of Chandler 6 January 2004 Table of Contents 1. Executive Summary... 1 1.1 Background... 2 1.2 Chandler Business and IT Context... 3 1.3 Chandler s IT Strategic Direction... 5 1.4

More information

University of Wisconsin Platteville IT Governance Model Final Report Executive Summary

University of Wisconsin Platteville IT Governance Model Final Report Executive Summary University of Wisconsin Platteville IT Governance Model Final Report Executive Summary February 2013 Project Objectives & Approach Objectives: Build on the efforts of the Technology Oversight Planning

More information

THE ANALYTICS HUB LEVERAGING A SHARED SERVICES MODEL TO UNLOCK BIG DATA. Thomas Roland Managing Director. David Roggen Director CONTENTS

THE ANALYTICS HUB LEVERAGING A SHARED SERVICES MODEL TO UNLOCK BIG DATA. Thomas Roland Managing Director. David Roggen Director CONTENTS THE ANALYTICS HUB LEVERAGING A SHARED SERVICES MODEL TO UNLOCK BIG DATA David Roggen Director Thomas Roland Managing Director CONTENTS Shared Services Today 2 What Is an Analytics Hub? 3 Analytics Hub

More information

How Can I Better Manage My Software Assets And Mitigate The Risk Of Compliance Audits?

How Can I Better Manage My Software Assets And Mitigate The Risk Of Compliance Audits? SOLUTION BRIEF CA SERVICE MANAGEMENT - SOFTWARE ASSET MANAGEMENT How Can I Better Manage My Software Assets And Mitigate The Risk Of Compliance Audits? SOLUTION BRIEF CA DATABASE MANAGEMENT FOR DB2 FOR

More information

RSA ARCHER OPERATIONAL RISK MANAGEMENT

RSA ARCHER OPERATIONAL RISK MANAGEMENT RSA ARCHER OPERATIONAL RISK MANAGEMENT 87% of organizations surveyed have seen the volume and complexity of risks increase over the past five years. Another 20% of these organizations have seen the volume

More information

Technical Management Strategic Capabilities Statement. Business Solutions for the Future

Technical Management Strategic Capabilities Statement. Business Solutions for the Future Technical Management Strategic Capabilities Statement Business Solutions for the Future When your business survival is at stake, you can t afford chances. So Don t. Think partnership think MTT Associates.

More information

SEVEN WAYS TO AVOID ERP IMPLEMENTATION FAILURE SPECIAL REPORT SERIES ERP IN 2014 AND BEYOND

SEVEN WAYS TO AVOID ERP IMPLEMENTATION FAILURE SPECIAL REPORT SERIES ERP IN 2014 AND BEYOND SEVEN WAYS TO AVOID ERP IMPLEMENTATION FAILURE SPECIAL REPORT SERIES ERP IN 2014 AND BEYOND CONTENTS INTRODUCTION................................ 3 UNDERSTAND YOUR CURRENT SITUATION............ 4 DRAW

More information

Program Lifecycle Methodology Version 1.7

Program Lifecycle Methodology Version 1.7 Version 1.7 March 30, 2011 REVISION HISTORY VERSION NO. DATE DESCRIPTION AUTHOR 1.0 Initial Draft Hkelley 1.2 10/22/08 Updated with feedback Hkelley 1.3 1/7/2009 Copy edited Kevans 1.4 4/22/2010 Updated

More information

Cisco Unified Communications and Collaboration technology is changing the way we go about the business of the University.

Cisco Unified Communications and Collaboration technology is changing the way we go about the business of the University. Data Sheet Cisco Optimization s Optimize Your Solution using Cisco Expertise and Leading Practices Optimizing Your Business Architecture Today, enabling business innovation and agility is about being able

More information

Performance Audit Concurrent Review: ERP Pre-Solicitation

Performance Audit Concurrent Review: ERP Pre-Solicitation Performance Audit Concurrent Review: ERP Pre-Solicitation April 2002 City Auditor s Office City of Kansas City, Missouri 24-2001 April 10, 2002 Honorable Mayor and Members of the City Council: We conducted

More information

KPMG s Financial Management Practice. kpmg.com

KPMG s Financial Management Practice. kpmg.com KPMG s Financial Management Practice kpmg.com 1 KPMG s Financial Management Practice KPMG s Financial Management (FM) practice, within Advisory Management Consulting, supports the growing agenda and increased

More information

Enhance State IT Contract Expertise

Enhance State IT Contract Expertise Enhance State IT Contract Expertise Chris Estes State Chief Information Officer Office of Information Technology Services March 2015 1 P a g e Table of Contents 1. Legislative Request... 3 2. Introduction...

More information

Project Management Office Best Practices

Project Management Office Best Practices Project Management Office Best Practices Agenda Maturity Models (Industry & PMO) PMO Areas of Expertise (Scale & Scope) Project Management Office Process Model Project Management Framework PMO Implementation

More information

Fortune 500 Medical Devices Company Addresses Unique Device Identification

Fortune 500 Medical Devices Company Addresses Unique Device Identification Fortune 500 Medical Devices Company Addresses Unique Device Identification New FDA regulation was driver for new data governance and technology strategies that could be leveraged for enterprise-wide benefit

More information

Qlik UKI Consulting Services Catalogue

Qlik UKI Consulting Services Catalogue Qlik UKI Consulting Services Catalogue The key to a successful Qlik project lies in the right people, the right skills, and the right activities in the right order www.qlik.co.uk Table of Contents Introduction

More information

A Practical Guide for Creating an Information Management Strategy and Strategic Information Management Roadmap

A Practical Guide for Creating an Information Management Strategy and Strategic Information Management Roadmap A Practical Guide for Creating an Information Management Strategy and Strategic Information Management Roadmap Principal Author Sam McCollum, CRM, MBA Director of End User Consulting Parity Research LLC

More information

Data Management Maturity Model. Overview

Data Management Maturity Model. Overview Data Management Maturity Model Overview UPMC Center of Excellence Pittsburgh Jul 29, 2013 Data Management Maturity Model - Background A broad framework encompassing foundational data management capabilities,

More information

PERFORMANCE TEST SCENARIOS GUIDE

PERFORMANCE TEST SCENARIOS GUIDE Test scenarios are used to translate a strategic capability (e.g., optimize mission effectiveness) into a realistic situation that illustrates the capabilities needed to achieve those objectives. Grounding

More information

Whitepaper Data Governance Roadmap for IT Executives Valeh Nazemoff

Whitepaper Data Governance Roadmap for IT Executives Valeh Nazemoff Whitepaper Data Governance Roadmap for IT Executives Valeh Nazemoff The Challenge IT Executives are challenged with issues around data, compliancy, regulation and making confident decisions on their business

More information

Approaches to Successfully Implementing Statewide ERP

Approaches to Successfully Implementing Statewide ERP Approaches to Successfully Implementing Statewide ERP August 24, 2015 NASACT Clark Partridge, State of Arizona Michael J. Smarik, State of Arizona Daniel Keene, CGI James Colbert, CGI Agenda Statewide

More information

IT Vendor Due Diligence. Jennifer McGill CIA, CISA, CGEIT IT Audit Director Carolinas HealthCare System December 9, 2014

IT Vendor Due Diligence. Jennifer McGill CIA, CISA, CGEIT IT Audit Director Carolinas HealthCare System December 9, 2014 IT Vendor Due Diligence Jennifer McGill CIA, CISA, CGEIT IT Audit Director Carolinas HealthCare System December 9, 2014 Carolinas HealthCare System (CHS) Second largest not-for-profit healthcare system

More information

Turning Strategic Insight Into Business Impact

Turning Strategic Insight Into Business Impact Turning Strategic Insight Into Business Impact VMware Accelerate Advisory Services Identify Opportunities and Create Strategies for the Journey to IT as a Service No longer relegated to simply keeping

More information

Central Project Office: Charter

Central Project Office: Charter Central Project Office: Charter ITCS: Central Project Office EAST CAROLINA UNIVERSITY 209 COTANCHE STREET, GREENVILLE, NC 27858 1 Table of Contents INTRODUCTION... 3 PURPOSE... 3 EXPECTED BENEFITS... 3

More information

Stepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM

Stepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM Stepping Through the Info Security Program Jennifer Bayuk, CISA, CISM Infosec Program How to: compose an InfoSec Program cement a relationship between InfoSec program and IT Governance design roles and

More information

IT Risk Management Life Cycle and enabling it with GRC Technology. 21 March 2013

IT Risk Management Life Cycle and enabling it with GRC Technology. 21 March 2013 IT Risk Management Life Cycle and enabling it with GRC Technology 21 March 2013 Overview IT Risk management lifecycle What does technology enablement mean? Industry perspective Business drivers Trends

More information

Template K Implementation Requirements Instructions for RFP Response RFP #

Template K Implementation Requirements Instructions for RFP Response RFP # Template K Implementation Requirements Instructions for RFP Response Table of Contents 1.0 Project Management Approach... 3 1.1 Program and Project Management... 3 1.2 Change Management Plan... 3 1.3 Relationship

More information

WHITE PAPER. Leveraging a LEAN model of catalogbased performance testing for quality, efficiency and cost effectiveness

WHITE PAPER. Leveraging a LEAN model of catalogbased performance testing for quality, efficiency and cost effectiveness WHITE PAPER Leveraging a LEAN model of catalogbased performance testing for quality, efficiency and cost effectiveness Traditionally, organizations have leveraged project-based models for performance testing.

More information

Achieving Business Analysis Excellence

Achieving Business Analysis Excellence RG Perspective Achieving Business Analysis Excellence Turning Business Analysts into Key Contributors by Building a Center of Excellence 11 Canal Center Plaza Alexandria, VA 22314 HQ 703-548-7006 Fax 703-684-5189

More information

Transform HR into a Best-Run Business Best People and Talent: Gain a Trusted Partner in the Business Transformation Services Group

Transform HR into a Best-Run Business Best People and Talent: Gain a Trusted Partner in the Business Transformation Services Group SAP Services Transform HR into a Best-Run Business Best People and Talent: Gain a Trusted Partner in the Business Transformation Services Group A Journey Toward Optimum Results The Three Layers of HR Transformation

More information

Analytics Strategy Information Architecture Data Management Analytics Value and Governance Realization

Analytics Strategy Information Architecture Data Management Analytics Value and Governance Realization 1/22 As a part of Qlik Consulting, works with Customers to assist in shaping strategic elements related to analytics to ensure adoption and success throughout their analytics journey. Qlik Advisory 2/22

More information

THE STATE OF DATA SHARING FOR HEALTHCARE ANALYTICS 2015-2016: CHANGE, CHALLENGES AND CHOICE

THE STATE OF DATA SHARING FOR HEALTHCARE ANALYTICS 2015-2016: CHANGE, CHALLENGES AND CHOICE THE STATE OF DATA SHARING FOR HEALTHCARE ANALYTICS 2015-2016: CHANGE, CHALLENGES AND CHOICE As demand for data sharing grows, healthcare organizations must move beyond data agreements and masking to achieve

More information

Decreasing Complexity and Cost of EHR Adoption John Weir President CAPG Policy Committee Meeting February 23, 2010

Decreasing Complexity and Cost of EHR Adoption John Weir President CAPG Policy Committee Meeting February 23, 2010 Decreasing Complexity and Cost of EHR Adoption John Weir President CAPG Policy Committee Meeting February 23, 2010 Presentation Outline About Lumetra Healthcare Solutions (LHS) Current opportunity with

More information

Role and Skill Descriptions. For An ITIL Implementation Project

Role and Skill Descriptions. For An ITIL Implementation Project Role and Skill Descriptions For An ITIL Implementation Project The following skill traits were identified as fairly typical of those needed to execute many of the key activities identified: Customer Relationship

More information

Gartner, Inc. DIR-SDD-2042

Gartner, Inc. DIR-SDD-2042 Texas Department of Information Resources STATEMENT OF WORK (SOW) FOR DELIVERABLES-BASED INFORMATION TECHNOLOGY SERVICES Identity & Access Management Analysis IT Assessment & Planning Gartner, Inc. DIR-SDD-2042

More information

Development, Acquisition, Implementation, and Maintenance of Application Systems

Development, Acquisition, Implementation, and Maintenance of Application Systems Development, Acquisition, Implementation, and Maintenance of Application Systems Part of a series of notes to help Centers review their own Center internal management processes from the point of view of

More information

BIG DATA KICK START. Troy Christensen December 2013

BIG DATA KICK START. Troy Christensen December 2013 BIG DATA KICK START Troy Christensen December 2013 Big Data Roadmap 1 Define the Target Operating Model 2 Develop Implementation Scope and Approach 3 Progress Key Data Management Capabilities 4 Transition

More information

Vendor Risk Management Financial Organizations

Vendor Risk Management Financial Organizations Webinar Series Vendor Risk Management Financial Organizations Bob Justus Chief Security Officer Allgress Randy Potts Managing Consultant FishNet Security Bob Justus Chief Security Officer, Allgress Current

More information

Wilhelmenia Ravenell IT Manager Eli Lilly and Company

Wilhelmenia Ravenell IT Manager Eli Lilly and Company Wilhelmenia Ravenell IT Manager Eli Lilly and Company Agenda Introductions The Service Management Framework Keys of a successful Service management transformation Why transform? ROI and the customer experience

More information

Sourcing best practices. 2011 SAP AG. All rights reserved. Internal

Sourcing best practices. 2011 SAP AG. All rights reserved. Internal Best Practices in Spend Analytics, Sourcing, and Contract Management Emily Rakowski, SAP SAP Procurement Summit: Newtown Square July 31-August 1, 2012 Sourcing best practices 2011 SAP AG. All rights reserved.

More information

Successful Enterprise Architecture. Aligning Business and IT

Successful Enterprise Architecture. Aligning Business and IT Successful Enterprise Architecture Aligning Business and IT 1 Business process SOLUTIONS WHITE PAPER Executive Summary...3 An Integrated Business & IT Infrastructure...3 Benefits to Business and IT Go

More information

The Road to Enterprise Data Governance: Applying the Data Management Maturity Model in a Financial Services Firm

The Road to Enterprise Data Governance: Applying the Data Management Maturity Model in a Financial Services Firm The Road to Enterprise Data Governance: Applying the Data Management Maturity Model in a Financial Services Firm Patrick DeKenipp, SVP of Business Intelligence, Sterling National Bank events.techtarget.com

More information

Building a Data Quality Scorecard for Operational Data Governance

Building a Data Quality Scorecard for Operational Data Governance Building a Data Quality Scorecard for Operational Data Governance A White Paper by David Loshin WHITE PAPER Table of Contents Introduction.... 1 Establishing Business Objectives.... 1 Business Drivers...

More information

IT Transformation for Health Care

IT Transformation for Health Care Health Care strategy consulting to the country s leading hospitals and health systems. OVERVIEW IT Transformation for Health Care Transform IT develops a new target model to promote operational efficiency,

More information

Change Management in an IT Methodology Context

Change Management in an IT Methodology Context Change Management in an IT Methodology Context The Experience of TEDO (Technology Enterprise Delivery Office) December 2012 Speakers: Lydia Galanti (lydia.galanti@tdassurance.com) Iphigénie Ndiaye (iphigenie.ndiaye@tdassurance.com)

More information

ERP Implementation Planning

ERP Implementation Planning ERP Implementation Program Key phases of ERP implementation: Analysis of the company existing or designing new business process descriptions Inventory of the company s existing formal workflows or designing

More information

Regulatory Compliance Management for Energy and Utilities

Regulatory Compliance Management for Energy and Utilities Regulatory Compliance Management for Energy and Utilities The Energy and Utility (E&U) sector is transforming as enterprises are looking for ways to replace aging infrastructure and create clean, sustainable

More information

The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only January 2012

The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only January 2012 The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only Agenda Introduction Basic program components Recent trends in higher education risk management Why

More information

agility made possible

agility made possible SOLUTION BRIEF CA IT Asset Manager how can I manage my asset lifecycle, maximize the value of my IT investments, and get a portfolio view of all my assets? agility made possible helps reduce costs, automate

More information

Master Data Management Architecture

Master Data Management Architecture Master Data Management Architecture Version Draft 1.0 TRIM file number - Short description Relevant to Authority Responsible officer Responsible office Date introduced April 2012 Date(s) modified Describes

More information

Oregon Department of Human Services Central and Shared Service Programs

Oregon Department of Human Services Central and Shared Service Programs Overview DHS Central and Shared Services provide critical leadership and business supports necessary to achieve the mission of the agency: helping Oregonians achieve well-being and independence through

More information

Business Process Reengineering

Business Process Reengineering Process Reengineering UNeGov.net - School - Organization - 59 Outline 1 Introduction government transformation 2 Change Management steps in government transformation 3 Strategic Management Balanced Scorecard

More information

Process Assessment and Improvement Approach

Process Assessment and Improvement Approach Process Assessment and Improvement Approach June 2008 The information contained in this document represents the current view of Virtify on the issues discussed as of the date of publication. Virtify cannot

More information

Big Data Services From Hitachi Data Systems

Big Data Services From Hitachi Data Systems SOLUTION PROFILE Big Data Services From Hitachi Data Systems Create Strategy, Implement and Manage a Solution for Big Data for Your Organization Big Data Consulting Services and Big Data Transition Services

More information

Conducting A Preparedness Assessment

Conducting A Preparedness Assessment Conducting A Preparedness Assessment The Next Step In Considering A Big Data Initiative Company Logo Here Prepared For Names of Key Recipients June 1, 2014 2013 Lodestar Advisory Partners All rights reserved.

More information

ITGovA: Proposition of an IT governance Approach

ITGovA: Proposition of an IT governance Approach Position Papers of the Federated Conference on Computer Science and Information Systems pp. 211 216 DOI: 10.15439/2015F21 ACSIS, Vol. 6 ITGovA: Proposition of an IT governance Approach Adam CHEKLI Hassan

More information

QA Engagement Models. Managed / Integrated Test Center A Case Study

QA Engagement Models. Managed / Integrated Test Center A Case Study 1 QA Engagement Models Managed / Integrated Test Center A Case Study 2 Today s Agenda» Background» Overview of QA Engagement Models MTC & ITC» The Journey to Steady State» Transition Approach» Challenges

More information

Implementing an Information Governance Program CIGP Installment 2: Building Your IG Roadmap by Rick Wilson, Sherpa Software

Implementing an Information Governance Program CIGP Installment 2: Building Your IG Roadmap by Rick Wilson, Sherpa Software Implementing an Information Governance Program CIGP Installment 2: Building Your IG Roadmap by Rick Wilson, Sherpa Software www.sherpasoftware.com 1.800.255.5155 @sherpasoftware information@sherpasoftware.com

More information

MNLARS Project Audit Checklist

MNLARS Project Audit Checklist Audit Checklist The following provides a detailed checklist to assist the audit team in reviewing the health of a project. Relevance (at this time) How relevant is this attribute to this project or audit?

More information

TDWI strives to provide course books that are content-rich and that serve as useful reference documents after a class has ended.

TDWI strives to provide course books that are content-rich and that serve as useful reference documents after a class has ended. Previews of TDWI course books offer an opportunity to see the quality of our material and help you to select the courses that best fit your needs. The previews cannot be printed. TDWI strives to provide

More information

Center for Healthcare Transparency

Center for Healthcare Transparency RFP Contents I. Project Description and Background II. Funding Available III. Proposal Requirements IV. Proposal Scoring V. Proposal Submission Process VI. Proposal Documents I. Project Description and

More information

Enterprise Content Management (ECM)

Enterprise Content Management (ECM) Business Assessment: A Quick-Reference Summary Intro to MIKE2 methodology and phase 1 The methodology that will be used throughout the specialist track is based on the MIKE2 methodology. MIKE stands for

More information

How the Information Governance Reference Model (IGRM) Complements ARMA International s Generally Accepted Recordkeeping Principles (GARP )

How the Information Governance Reference Model (IGRM) Complements ARMA International s Generally Accepted Recordkeeping Principles (GARP ) The Electronic Discovery Reference Model (EDRM) How the Information Governance Reference Model (IGRM) Complements ARMA International s Generally Accepted Recordkeeping Principles (GARP ) December 2011

More information

DATA QUALITY MATURITY

DATA QUALITY MATURITY 3 DATA QUALITY MATURITY CHAPTER OUTLINE 3.1 The Data Quality Strategy 35 3.2 A Data Quality Framework 38 3.3 A Data Quality Capability/Maturity Model 42 3.4 Mapping Framework Components to the Maturity

More information

Michigan Staff Augmentation Management Program Contract Job Titles and Descriptions

Michigan Staff Augmentation Management Program Contract Job Titles and Descriptions Applications... 3 1. Programmer Analyst... 3 2. Programmer... 5 3. Software Test Analyst... 6 4. Technical Writer... 9 5. Business Analyst... 10 6. System Analyst... 12 7. Software Solutions Architect...

More information

Agile Master Data Management TM : Data Governance in Action. A whitepaper by First San Francisco Partners

Agile Master Data Management TM : Data Governance in Action. A whitepaper by First San Francisco Partners Agile Master Data Management TM : Data Governance in Action A whitepaper by First San Francisco Partners First San Francisco Partners Whitepaper Executive Summary What do data management, master data management,

More information

PRIMAVERA PORTFOLIO MANAGEMENT

PRIMAVERA PORTFOLIO MANAGEMENT PRIMAVERA PORTFOLIO MANAGEMENT Every business faces critical enterprise investment decisions. Making these decisions is among your most pressing challenges. Your PORTFOLIO MANAGEMENT FEATURES Delivers

More information

Data Management Maturity Model. Overview

Data Management Maturity Model. Overview Data Management Maturity Model Overview SEPG Tysons Corner May 6, 2014 Who Needs Better Data Management? Every organization in business. Why? Collection of data assets developed over time legacy application

More information

S-5100 PDM How to Evaluate, Select and Implement a PLM/PDM-Solution

S-5100 PDM How to Evaluate, Select and Implement a PLM/PDM-Solution Finding and selecting the product lifecycle management (PLM) and product data management (PDM) solution that can best meet your organization s immediate and long-term needs is a complex task. Making a

More information

WHITE PAPER December, 2008

WHITE PAPER December, 2008 INTRODUCTION Key to most IT organization s ongoing success is the leadership team s ability to anticipate, plan for, and adapt to change. With ever changing business/mission requirements, customer/user

More information

Protecting Business Information With A SharePoint Data Governance Model. TITUS White Paper

Protecting Business Information With A SharePoint Data Governance Model. TITUS White Paper Protecting Business Information With A SharePoint Data Governance Model TITUS White Paper Information in this document is subject to change without notice. Complying with all applicable copyright laws

More information

Professional Level Public Health Informatician

Professional Level Public Health Informatician Professional Level Public Health Informatician Sample Position Description and Sample Career Ladder April 2014 Acknowledgements Public Health Informatics Institute (PHII) wishes to thank the Association

More information

2. Encourage the private sector to develop ITIL-related services and products (training, consultancy and tools).

2. Encourage the private sector to develop ITIL-related services and products (training, consultancy and tools). ITIL Primer [ITIL understanding and implementing - A guide] ITIL - The Framework ITIL is the IT Infrastructure Library, a set of publications providing descriptive (i.e., what to do, for what purpose and

More information

Bringing Control to Global Supply Management Business Process Management (BPM) and Advanced Project Management Practices

Bringing Control to Global Supply Management Business Process Management (BPM) and Advanced Project Management Practices Bringing Control to Global Supply Management Business Process Management (BPM) and Advanced Project Management Practices Jason Klemow, CTP, Partner The JK Group 301/948-2134; Jason@TheJKGroup.com Francine

More information

Your Software Quality is Our Business. INDEPENDENT VERIFICATION AND VALIDATION (IV&V) WHITE PAPER Prepared by Adnet, Inc.

Your Software Quality is Our Business. INDEPENDENT VERIFICATION AND VALIDATION (IV&V) WHITE PAPER Prepared by Adnet, Inc. INDEPENDENT VERIFICATION AND VALIDATION (IV&V) WHITE PAPER Prepared by Adnet, Inc. February 2013 1 Executive Summary Adnet is pleased to provide this white paper, describing our approach to performing

More information

PHASE 1: INITIATION PHASE

PHASE 1: INITIATION PHASE PHASE 1: INITIATION PHASE The Initiation Phase begins when agency management determines that a business function requires enhancement through an agency information technology (IT) project and investment

More information

Information Management & Data Governance

Information Management & Data Governance Data governance is a means to define the policies, standards, and data management services to be employed by the organization. Information Management & Data Governance OVERVIEW A thorough Data Governance

More information

IDC MaturityScape Benchmark: Big Data and Analytics in Government. Adelaide O Brien Research Director IDC Government Insights June 20, 2014

IDC MaturityScape Benchmark: Big Data and Analytics in Government. Adelaide O Brien Research Director IDC Government Insights June 20, 2014 IDC MaturityScape Benchmark: Big Data and Analytics in Government Adelaide O Brien Research Director IDC Government Insights June 20, 2014 IDC MaturityScape Benchmark: Big Data and Analytics in Government

More information

CENTRAL ONTARIO HEALTHCARE PROCUREMENT ALLIANCE QUESTIONS AND ANSWERS

CENTRAL ONTARIO HEALTHCARE PROCUREMENT ALLIANCE QUESTIONS AND ANSWERS CENTRAL ONTARIO HEALTHCARE PROCUREMENT ALLIANCE QUESTIONS AND ANSWERS 1. How will compliance with the new purchasing programs be managed? What programs will be instituted to gain compliance from clinical

More information

"Data Manufacturing: A Test Data Management Solution"

Data Manufacturing: A Test Data Management Solution W14 Concurrent Session 5/4/2011 3:00 PM "Data Manufacturing: A Test Data Management Solution" Presented by: Fariba Alim-Marvasti Aetna Healthcare Brought to you by: 340 Corporate Way, Suite 300, Orange

More information

Overview of SIM Funded State Positions

Overview of SIM Funded State Positions Overview of SIM Funded State Positions CY2015 CY2016 CY2017 CY2018 TOTAL STAFFING DESCRIPTION 287,150 574,297 574,297 526,297 1,962,041 Project Manager (OHIC) Approved by SIM Steering Committee April 9

More information

SUMMARY PROFESSIONAL EXPERIENCE. IBM Canada, Senior Business Transformation Consultant

SUMMARY PROFESSIONAL EXPERIENCE. IBM Canada, Senior Business Transformation Consultant Doreen Funk, MA 191 Discovery Ridge Blvd SW, Calgary Cell: 587-434- 0811 E- mail: dorfunk@hotmail.com SUMMARY Senior management consultant with 20 years of experience in applying strategies and implementing

More information

Unlocking value from your ERP service organization*

Unlocking value from your ERP service organization* Consulting Application Managed Services Technology Unlocking value from your ERP service organization* Application Support Effectiveness Assessment can help you identify and dismantle the roadblocks that

More information

Deloitte and SuccessFactors Workforce Analytics & Planning for Federal Government

Deloitte and SuccessFactors Workforce Analytics & Planning for Federal Government Deloitte and SuccessFactors Workforce Analytics & Planning for Federal Government Introduction Introduction In today s Federal market, the effectiveness of human capital management directly impacts agencies

More information

Business Plan 2014-2015

Business Plan 2014-2015 Business Plan 2014-2015 Table of Contents RHRA Corporate Overview Profile 1 Vision, Mission, Mandate and Values 1 Strategic Priorities and Business Planning Overview 2 Fiscal Year 2014-15 Activities and

More information