Step 3: Define Policies and Processes

In Step 1, you collected needs and requirements. In Step 2, you defined the data you will obtain. In Step 3, you need to define the supporting policies and processes for obtaining and managing the data. Per Step 1, you should have a good sense of the requirements for your supporting needs. The list below can serve as a checklist.

• Obtaining the data. Describe how to obtain the data.

• Training. Describe training requirements. Remember, you may need to periodically retrain your users. Monitoring your data quality will help identify training needs. Update training when business rules change.

• Quality. Describe any quality requirements and procedures. See the Appendix on Data Quality Metrics.

• Technical environment. Describe any special requirements for storing and housing this data.

• Backups. Describe how quickly the data must be restored if something happens to it. How many minutes/hours/days of data collection can be lost in the worst-case scenario? (Note that the quicker you need data to be restored, the more expensive). Who has responsibility for recovery in a disaster?

• Change management. Describe the process for how changes to the data should be managed.

• Version control. Describe requirements for versioning and how you track changes made over time.

• Access. Describe any access controls needed for this data (create, read, update, delete). These may vary not just by role, but also by table and role.

• Distribution & Publication. Describe how this data should be distributed to the rest of the organization and published on SF OpenData; see datasf.org/publishing for help.

• Feedback. Describe how you elicit and incorporate feedback on the dataset

• Retention and Disposal. Describe how long this data should be retained and methods to dispose.