1. Purpose
The Purpose of this document is to define Information Architecture Principles ( which are subset of IT principles ) for System Planning and Implementations of any Organization.
1.1. Scope
The Scope of this document is limited to definition of Architecture Principles for Information Domain.
1.2. Definitions, Acronyms and Abbreviations
TOGAF - The Open Group Architecture Framework
COBIT – Control Objectives for Information and related Technology
SOX – Sarbanes–Oxley Act
BASEL II - Basel II is the second of the Basel Accords, which are recommendations on banking laws and regulations issued by the Basel Committee on Banking Supervision.
1.1. Overview
Principles are general rules and guidelines, intended to be enduring and seldom amended, the inform and support the way in which an organization sets about fulfilling its mission. Architecture principles define the underlying general rules and guidelines for use and deployment of all IT resources and assets across the enterprise.
1. Information Principles
For all enterprise business Information, regardless of where it is physically stored or how many different places it is stored in, the enterprise must be able to assemble whatever subsets of that information are required to answer any business question. The principles, conformance to which maximize the value of that Information, are as follows:
1.1. Information Principle – Central Information Management
Name: Central Information Management
Statement: All management information and business intelligence will be sourced from a single consolidated source of information
Rationale:
A central source of information management will provide the Org with a wide
Range of reporting and analysis with being constraint by the organization functional structuring.
Users will become used to a single interface to management information allowing managers to become familiar with the infrastructure and extracting maximum benefit from all information available in the organization. The central source of information will help Organizations to handle with banking compliance like SOX and other regulatory requirements. The central information will eliminate contradicting information sources and ensure accurate reporting of current affairs and identification of issues and opportunities. Increase the flexibility and manageability of providing information rapidly and effectively to support business decisions.
Use best of breed analytic functionality to support management decision making
. Increased security in managing access to The enterprise's management information
Implications:
v Information must be sourced to the central information infrastructure from all the various operational applications as close to real time as possible
.
v No additional analytical modules are required for transactional applications.
v The interface to management information and training should be rolled out to all decision makers to effectively access information.
Compliance Requirements: Sox 404 /409 Business Intelligence.
1.2. Information Principle – Minimize Redundancy
Name: Minimize Information Redundancy
Statement: Redundant data must be limited to maximum extent Possible.
Rationale:
Data duplication and data movement must be well managed and only undertaken when necessary . Every time data is moved and duplicated, there is a need for reconciliation. This leads to expensive and time consuming work and reduces confidence in the data quality and consistency of reporting information.
Implications:
v Data Duplication should be checked before start of new project
v Data Duplication should be only allowed when necessary.
Compliance Requirements: Sox 302/906 Duplicates. BASEL II – Taxonomies.
1.3. Information Principle – Data Quality Measurement.
Name: Data Quality Measurement
Statement: Data quality will be measured both in quantitative and qualitative terms eg. Audit procedures and Data quality questionnaires in the Organization.
Rationale:
v Improved data quality
.
v Accurate usage of data with quality measures.
v Improved management information
.
v Increased operational efficiency
Implication:
v Bi-annually measure data through with a data quality survey.
v Audit data ownership procedures annually
.
v Build in data quality measures into applications
.
v Connect data quality results with performance incentives
Compliance Requirements: Sox 302/906 Reconcilement , Completeness , B2 tracking , accuracy BASEL II – Taxonomies.
1.4. Information Principal – Formalized Data Movement/Enrichment.
Name: Formalized Data Movement /Enrichment.
Statement: All Data Transfer or movement / enrichment activities are managed and Approved by the appointed data strategist and exchange of information muse be subjected to standardization methodology for information exchange/enrichment.
Rationale :
v Control cost associated with data exchange and enrichment.
v Protect operational data.
v Improve data quality and value.
v Data sharing to allow for better detection of fraud.
Implication:
v Data Stewards must have authority and means to manage the data for which they are accountable.
v Development of a formal policy and methodology for data exchange and enrichment
.
v Data strategist must be responsible for approving data exchange/enrichment efforts and minimize cost.
v Identification and management of organizations that can enrich and/or validate the enterprise data.
Compliance Requirements: Sox 404 – Data Stewardship and security. BASEL II – Data Stewardship.
1.5. Information Principal – Data Naming Standards.
Name: Data Naming Standards.
Statement: Data Names and columns (fields) content must be standardized through a central reference repository and must be accessible to the business .
Rationale:
v Consistency of information across all business processes.
v Usability of information increases across he organization.
Implication:
v Alignment of all applications to support the standardized naming standards
v The Enterprise must establish the initial common vocabulary for business .The Definitions will be used uniformly throughout the enterprise.
Compliance Requirements: Sox 302/906 Understanding and measure of data. 404 Specs & Standards, data elements, 409 – Data relevance. BASEL II – Data Structures.
1.6. Information Principal – Information Requirement with data model
Name: Align information requirements with data model.
Statement: All information requirement must be aligned with the corporate data model before requesting changes to the information architecture.
Rationale :
v Integrity of transactional data model stays in tact.
v Prevent duplication of information.
Implication :
v The Corporate data model must be maintained to be up to date all times.
v In any application development life cycle it is a condition to align the application with the corporate data model
Compliance Requirements: Sox 404 – Process Improvement.
1.7. Information Principal – Information Security
Name: Information Security
Statement: Information should be protected from unauthorized use ad disclosure .
Rationale:
v Open sharing of information and release of information via relevant legislation must be balanced against the need to restrict the availability of the classified, Proprietary and sensitive information.
Implication
:
v Aggregation of data , both classified and not , will create a large target requiring review and de-classification procedures to maintain appropriate control .
v The Current Practice of having separate systems to contain different classifications needs to be rethought.
v In Order to adequately provide access to open information while maintain secure information, security needs must be identified ad developed at the data level , not the application level.
Compliance Requirements: Sox 404 Security requirements
1.8. Information Principal – Information Governance
Name: Information Governance.
Statement: All the information elements must be subjected to information architecture governance.
Rationale:
v Sustain data quality
v Improve operational efficiency.
Implication
:
v Design the business process application of the data element
v Assign Applications sourcing the information
v Align with corporate data model, rules, validations, naming standard
v Define data management policies e.g. security, back-up, archiving/retrieval
v Assign data ownership
Compliance Requirements: Sox 404 – Rules, KPIs. BASEL II – Corporate Governance, Data Governance .
1.9. Information Principal – Data Privacy and legality
Name: Data Privacy and Legality
Statement: Information Privacy must be respected and legal requirements must be compiled with, in any event of information exchange or commerce.
Rationale:
v Maintain good relationships with customers and clients.
v Avoid Legal costs due to mismanagement of information resulting in lawsuits.
Implication
v The enterprise must be up to date with laws relating to information
.
v Communicating The enterprise's data policy to customer and clients.
v Legal department needs to be up to date with laws governing information usage, commerce and distribution
1.10. Information Principle – Intermittent
Name: Intermittent
Statement: Information must be structured for global deployment in various cultures and support multi-currency, multi-language and multi platforms.
Rationale:
v It will provide Flexibility to enter or handle global market conditions.
v Consistency of being able to deploy a proven business model and then adapt to local conditions.
Implications:
Application should be much more flexible to accommodate differences defined by different countries, the current application should be evaluated in terms of internationalization requirements.
