search

bcgov / MFIN-Data-Catalogue

The Finance Data Catalogue enables users to discover data holdings at the BC Ministry of Finance and offers information and functionality that benefits consumers of data for business purposes. The product is built using Drupal and adheres to the Government of BC's Core Metadata Standard.
Other
6 stars 0 forks source link

Develop evaluation criteria for determining if data is considered Critical #196

Open NicoledeGreef opened 10 months ago

NicoledeGreef commented 10 months ago

OP timer

https://openplus.monday.com/boards/4092908516/pulses/5351533285

Develop a set of evaluation criteria to provide guidance to metadata authors/managers with respect to the Critical information flag.

This will be delivered outside the Catalogue application initially; possibly can be integrated with the app in the future.

mjmcclung commented 7 months ago

@NicoledeGreef are these scorecards still on the radar for completion in the next 3 months?

NicoledeGreef commented 5 months ago

A while back there was some activity on the Discussion I started re: https://github.com/bcgov/MFIN-Data-Catalogue/discussions/201:

Here are some questions we might be able to use for a scorecard now or later (open to suggestions):

Does the subject data have any of the following features? (source file ref)

Critical information feature Description
1. Operational importance Required for ongoing work or to document accountability for that work.
2. Vital records Vital to ongoing operations in business continuity plans and/or in the relevant information schedule.
3. Risks and Security Would result in significant public or organizational risks or security issues if lost, inappropriately accessed, or altered. This includes, but is not limited to, information designated as personal, confidential or a protected classification.
4. Financial matters Authorizations and/or allocation, spending, or collecting of substantive amounts of money.
5. Legal and Access searches Relevant to legal holds or FOI access to information requests.
6. High public interest and expectations Concerns rights, responsibilities, and other matters that stakeholders (e.g. citizens, MLAs, executive) expect to be documented.
7. Permanent value Records designated as having enduring value for the ministry and scheduled for permanent retention in the government archives.
mjmcclung commented 4 months ago

In chatting with Christa there was confusion when populating a MR about how to know whether something was considered Critical Information, and editors not understanding what it means (the typical response is to think about criticality from a business continuity perspective, but that is only one consideration). We don't want people filling this in based on their opinion. To prevent this the scorecard development needs to be made a priority, which means I need to dedicate time to looking at this. @NicoledeGreef what is the deadline for this work?

mjmcclung commented 4 months ago

A while back there was some activity on the Discussion I started re: #201:

Here are some questions we might be able to use for a scorecard now or later (open to suggestions):

Does the subject data have any of the following features? (source file ref)

Critical information feature Description

  1. Operational importance Required for ongoing work or to document accountability for that work.
  2. Vital records Vital to ongoing operations in business continuity plans and/or in the relevant information schedule.
  3. Risks and Security Would result in significant public or organizational risks or security issues if lost, inappropriately accessed, or altered. This includes, but is not limited to, information designated as personal, confidential or a protected classification.
  4. Financial matters Authorizations and/or allocation, spending, or collecting of substantive amounts of money.
  5. Legal and Access searches Relevant to legal holds or FOI access to information requests.
  6. High public interest and expectations Concerns rights, responsibilities, and other matters that stakeholders (e.g. citizens, MLAs, executive) expect to be documented.
  7. Permanent value Records designated as having enduring value for the ministry and scheduled for permanent retention in the government archives.

I asked GRS for clarity on the document that contains the above table as it seems to be implying that a good majority of information would be considered 'critical'. The response back I got was:

Yes, you are correct in stating that critical information could potentially be a significant amount of your portfolio.

We can’t be more specific in our RM Guide though because it varies by context. We are just trying to apply some examples in our RM Guide to flesh out the concept of critical information identified in MGIP and potential areas that could include critical information, and yes that could potentially be in all areas!

Best practice would be to treat all information as critical, but MGIP does explicitly spell out in policy that at bare minimum critical information needs to be protected and it is up to the clients to determine what is critical information for their individual and unique business functions.

Things to think about:

NicoledeGreef commented 4 months ago

@mjmcclung for a deadline - how is April 26th? If we do not have something we can use to guide the decision as to whether a MR represents Critical info within the Ministry by then we can suppress it until we do.

Note: Suppressing Critical has other impacts: High value is a visual badge set based on other values (at the moment just Critical = Yes). Also the Metadata metrics stats page contains a count of Critical assets based on the flag.

NicoledeGreef commented 3 months ago

As discussed in the DA Touchbase meeting of May 16:

Image

mjmcclung commented 1 month ago

Badging will need to be adjusted with the pivot to align critical information with business continuity - see #504

mjmcclung commented 1 month ago

Draft of Critical Information evaluation sent to @NicoledeGreef for discussion.