Open NicoledeGreef opened 10 months ago
@NicoledeGreef are these scorecards still on the radar for completion in the next 3 months?
A while back there was some activity on the Discussion I started re: https://github.com/bcgov/MFIN-Data-Catalogue/discussions/201:
Here are some questions we might be able to use for a scorecard now or later (open to suggestions):
Does the subject data have any of the following features? (source file ref)
Critical information feature | Description |
---|---|
1. Operational importance | Required for ongoing work or to document accountability for that work. |
2. Vital records | Vital to ongoing operations in business continuity plans and/or in the relevant information schedule. |
3. Risks and Security | Would result in significant public or organizational risks or security issues if lost, inappropriately accessed, or altered. This includes, but is not limited to, information designated as personal, confidential or a protected classification. |
4. Financial matters | Authorizations and/or allocation, spending, or collecting of substantive amounts of money. |
5. Legal and Access searches | Relevant to legal holds or FOI access to information requests. |
6. High public interest and expectations | Concerns rights, responsibilities, and other matters that stakeholders (e.g. citizens, MLAs, executive) expect to be documented. |
7. Permanent value | Records designated as having enduring value for the ministry and scheduled for permanent retention in the government archives. |
In chatting with Christa there was confusion when populating a MR about how to know whether something was considered Critical Information, and editors not understanding what it means (the typical response is to think about criticality from a business continuity perspective, but that is only one consideration). We don't want people filling this in based on their opinion. To prevent this the scorecard development needs to be made a priority, which means I need to dedicate time to looking at this. @NicoledeGreef what is the deadline for this work?
A while back there was some activity on the Discussion I started re: #201:
Here are some questions we might be able to use for a scorecard now or later (open to suggestions):
Does the subject data have any of the following features? (source file ref)
Critical information feature Description
- Operational importance Required for ongoing work or to document accountability for that work.
- Vital records Vital to ongoing operations in business continuity plans and/or in the relevant information schedule.
- Risks and Security Would result in significant public or organizational risks or security issues if lost, inappropriately accessed, or altered. This includes, but is not limited to, information designated as personal, confidential or a protected classification.
- Financial matters Authorizations and/or allocation, spending, or collecting of substantive amounts of money.
- Legal and Access searches Relevant to legal holds or FOI access to information requests.
- High public interest and expectations Concerns rights, responsibilities, and other matters that stakeholders (e.g. citizens, MLAs, executive) expect to be documented.
- Permanent value Records designated as having enduring value for the ministry and scheduled for permanent retention in the government archives.
I asked GRS for clarity on the document that contains the above table as it seems to be implying that a good majority of information would be considered 'critical'. The response back I got was:
Yes, you are correct in stating that critical information could potentially be a significant amount of your portfolio.
We can’t be more specific in our RM Guide though because it varies by context. We are just trying to apply some examples in our RM Guide to flesh out the concept of critical information identified in MGIP and potential areas that could include critical information, and yes that could potentially be in all areas!
Best practice would be to treat all information as critical, but MGIP does explicitly spell out in policy that at bare minimum critical information needs to be protected and it is up to the clients to determine what is critical information for their individual and unique business functions.
Things to think about:
@mjmcclung for a deadline - how is April 26th? If we do not have something we can use to guide the decision as to whether a MR represents Critical info within the Ministry by then we can suppress it until we do.
Note: Suppressing Critical has other impacts: High value is a visual badge set based on other values (at the moment just Critical = Yes). Also the Metadata metrics stats page contains a count of Critical assets based on the flag.
As discussed in the DA Touchbase meeting of May 16:
Badging will need to be adjusted with the pivot to align critical information with business continuity - see #504
Draft of Critical Information evaluation sent to @NicoledeGreef for discussion.
OP timer
https://openplus.monday.com/boards/4092908516/pulses/5351533285
Develop a set of evaluation criteria to provide guidance to metadata authors/managers with respect to the
Critical information
flag.This will be delivered outside the Catalogue application initially; possibly can be integrated with the app in the future.