Professional Documents
Culture Documents
CP-139 Rev.3.0 Corporate Data Management
CP-139 Rev.3.0 Corporate Data Management
Code of Practice
This document is the property of Petroleum Development Oman, LLC. Neither the whole
nor any part of this document may be disclosed to others or reproduced, stored in a retrieval
system, or transmitted in any form by any means (electronic, mechanical, reprographic
recording or otherwise) without prior written consent of the owner.
Corporate Data Management Code of Practice Version 3.00
Revision History
The following is a brief summary of the most recent revisions to this document. Details of all
revisions prior to these are held on file by the issuing department.
Version No. Date Author Scope / Remarks
Contents
Contents ...................................................................................................................................... ii
1. Introduction .......................................................................................................................... 1
1.1. Background ................................................................................................................. 1
1.2. Purpose ........................................................................................................................ 1
1.3. Target Audience .......................................................................................................... 1
. Introduction
.. Background
.. Purpose
.. Target Audience
This Code of Practice is mandatory for use by all staff in PDO (including
contractors) responsible for managing data at any point in the life cycle process.
Auditors to inspect the effectiveness of data management processes may also use
it.
.. Scope
Data Model: A data model holds the definition, structure and format of data. A data
model provides the basis for ensuring the compatibility and consistent use of data.
Quality Data: Quality data is data that conforms to agreed quality requirements,
e.g. for appropriate accuracy and timeliness. It has an agreed definition and
responsibilities to ensure its quality are assigned and acted on.
Master
Transactions
Transactions
Reference
Data
Discipline
Reference
Data
Application
Data
The aims and objectives for documenting this Code of Practice are:
To describe the activities needed to implement PDO's information
management policy in the area of data management;
To capture and record accepted best practices in data management;
To convey common, consistent advice on data management practices to all
practitioners;
To establish the basis for effective knowledge and information management.
Data drives all business decisions regarding PDO’s Assets, directly or indirectly.
The management of this data is an activity that takes place in all lines of business
and touches the day-to-day activities of most staff in PDO. Increased focus upon
Data Management is required supporting the further integration of business
processes, to help the business deal with growing volumes of data and to protect
PDO’s business interests.
The Data Management Principles are generic for all data and should be applied not
only by staff working explicitly on Data Management, but also by all others in the IT
function and the business with a responsibility for applications and data.
There are ten principles on which the management of data is based on and
graphically summarized in the graph below.
Data Accessibility
Standards
Integrity
Lifecycle
Security
Quality
Data
Data
Data
Data
Data is an Asset
These principles deals with the data life cycle management, the data quality,
security and access and sharing and they are:
Life cycle management
1) Data is managed as a Business Asset
Data is a business asset and should be managed proportionately to its
business value by everyone who deals with it. Both current and future
uses must be considered. Competitive advantage is achieved through
handling Data as an Asset
1
Roles and responsibilities are described in Chapter 3.
The definition of data and the business rules, which govern its use,
should be independent of the systems in which they are applied.
5) Data adheres to Industry Standards
Quality
6) Data Quality is defined and monitored
Data should be associated to measurable quality criteria, so that the
level of reliability can be easily assessed.
7) Data Integrity is assured across the Life Cycle
Data integrity must be maintained across business processes /
disciplines.
Security
8) Data is kept Secure
Compliance
9) Data handling and usage must comply with restrictions due to
contractual or legal reasons.
Guideline
This document will be reviewed every three (3) years by the Corporate Disicpline
Head for Information Management. Constructive comments and feedback from
all practitioners are welcome at any time. Such feedback will be reviewed upon
receipt and a decision will be communicated back to the provider as to whether
the feedback will result in a review and update of the existing standard and when
this will occur.
.. Data Ownership
Data ownership details are to be register in the PDO Data Register. This register
captures DVO’s and DDO’s role to persons and the relations with data groups /
entities
.. Data Custodianship
To support tasks and responsibilities assigned to DVO and DDO from a computing
perspective, a third data management role is necessary: the technical data
custodian:
The IM&T Manager (UII) inherits the role of technical data custodian (TDC).
Like the previous role, technical task are often delegated to computing
departments heads or dedicated data managers, but the Information
Manager remains accountable.
The Corporate Functional Discipline Head (CFDH) is the Data Definition Owner for
the data entities in his/her discipline. The person is responsible for ensuring the
provision of clear definitions, security, accessibility, integrity and quality criteria for
the data entities in his/her discipline. The Data Definition Owner may delegate all
the tasks associated with the above data standards, but remains accountable for
ensuring the tasks are performed.
As a Data Definition Owner, your data management responsibilities are to:
Collate user requirements for data from all parts of the business and in some Formatted: Indent: Before: 0.59", Hanging: 0.3", Bulleted
cases from outside the business, and to provide those data standards + Level: 1 + Aligned at: 0" + Tab after: 0.25" + Indent at:
necessary for management of the data item throughout its life. 0.2", Tab stops: Not at 0.25"
Provide the technical custodian with the following meta data: Formatted: Indent: Before: 0.59", Hanging: 0.3", Bulleted
o Indicate if data entities are Corporate or Discipline related; + Level: 1 + Aligned at: 0" + Tab after: 0.25" + Indent at:
o Define, where necessary, the conditions to be satisfied for sharing the data, 0.2", Tab stops: Not at 0.25"
i.e. associate the data entities with the standard classification (Most
Confidential, Confidential, Restricted and Unrestricted). Provide a clear
business case for any classification that differs form Unrestricted.
o Define quality criteria to allow Data Value Owners to assess the quality of
their data values;
Appraise the ability of current systems to ensure that the data entity can be Formatted: Indent: Before: 0.59", Hanging: 0.3", Bulleted
managed effectively; + Level: 1 + Aligned at: 0" + Tab after: 0.25" + Indent at:
0.2", Tab stops: Not at 0.25"
Approve the sharing of data entities (if not Unrestricted and there are no other Formatted: Indent: Before: 0.59", Hanging: 0.3", Bulleted
issues, e.g.public sources that may be copyrighted). + Level: 1 + Aligned at: 0" + Tab after: 0.25" + Indent at:
0.2", Tab stops: Not at 0.25"
Approve the transfer, archiving and disposal of your data entities; Formatted: Indent: Before: 0.59", Hanging: 0.3", Bulleted
+ Level: 1 + Aligned at: 0" + Tab after: 0.25" + Indent at:
0.2", Tab stops: Not at 0.25"
Approve, with the Data Value Owner, the deletion of data values that have no
further use for PDO. Formatted: Indent: Before: 0.59", Hanging: 0.3", Bulleted
+ Level: 1 + Aligned at: 0" + Tab after: 0.25" + Indent at:
0.2", Tab stops: Not at 0.25"
.. Data Value Owner
The Asset Manager is the Owner of data pertaining to his/her asset. In case there is
no asset manager (e.g. North and South Directorate), the director will appoint one
or more DVO within his/her directorate. The Data Value Owner owns the data
values and is responsible for ensuring that the data meets the agreed requirements
for accuracy, timeliness, availability, etc. The Data Value Owner may delegate all
the tasks associated with the above data roles, but retains responsible for ensuring
that the roles are fulfilled.
As a Data Value Owner, your data management responsibilities are to:
Ensure that your data users specify their requirements for data standards and Formatted: Indent: Before: 0.59", Hanging: 0.3", Bulleted
benefits of these standards to the Data Definition Owner; + Level: 1 + Aligned at: 0" + Tab after: 0.25" + Indent at:
0.2", Tab stops: Not at 0.25"
Plan and allocate data management tasks (creation, use, validation,
administration, etc.) for the data values for which you are responsible, and
ensure these tasks are carried out;
Ensure that data validation is performed as required, and that changes are
incorporated into the corporate data stores, and that users have been provided
with access to the validated data;
Ensure that nonconformity’s in data quality are rectified and that staff are
allocated to perform this task;
Assist in assessing the impact of the newly implemented database or interface
on managing data values under your control;
Approve the transfer and archiving of your data values;
Approve, with the Data Definition Owner, the deletion of data values that have
no further use for PDO.
2
EP-16 Manage Information Asset. See Exploration and Production Business
Model -EPBM- version 4)
Provide DDO with a system to record and manage meta data; Formatted: Indent: Before: 0.59", Hanging: 0.3", Bulleted
+ Level: 1 + Aligned at: 0" + Tab after: 0.25" + Indent at:
Provide DVO’s with a system to monitor data quality trends; 0.2", Tab stops: Not at 0.25"
Sponsor data management awareness initiatives targeting assets and
discipline representatives;
Endorse data quality improvement exercises
Appoint a Corporate Data Management function.
.
The IM CFDH is responsible for establishing the generic framework for the
management of data in PDO.
As discipline head, data management responsibilities are to:
Ensure that PDO relevant corporate data management Code of Practice, Formatted: Indent: Before: 0.59", Hanging: 0.3", Bulleted
standards, guidelines and tools are established and kept up-to-date; + Level: 1 + Aligned at: 0" + Tab after: 0.25" + Indent at:
0.2", Tab stops: Not at 0.25"
Promote the usage of the current data management Code of Practice,
standards and guidelines;
Identify appropriate general data management training courses;
Together with the portfolio consultants, ensure adherence to data
management Code of Practice, standards and guidelines;
Benchmark Data Management Performance across company;
Promote Best Practices in Data Management.
Facilitate, where appropriate, data sharing agreements.
. Practices to be followed
This section covers the main data management activities at a corporate level.
These activities are:
Manage Data Models;
Manage Data Sharing;
Manage Data Quality;
Manage Meta Data;
Manage Confidentiality;
Vital / Essential data protection;
Manage data capture.
3
DDL: Data Definition Language. It’s a formal and computable language to create a data
base from a data model. SQL is an example of a DDL.
Data Definition Owner: Validates the data model against the data definition.
Associates data quality standards and defines confidentiality and sharing criteria.
Technical Data Custodian: Makes sure that the model is properly implemented
and that common reference data is shared from the master source.
IM CFDH: Validates the data model against the data modelling standards and
publishes it in the Meta data repository.
.. Data Sharing
Most of the data is used by more than one business process; e.g. data is shared
between processes. Sharing data is essential to our business as it flows from one
discipline to another adding value on the way.
Where data management roles are spread over multiple processes these should be
agreed and recorded in a Data Sharing Agreement4. This is the formalisation of the
use of data outside the environment where it is generated. It ensures that the
requirements are understood, and that quality of delivery can be measured (through
performance indicators). It also allows for the benefits to be included in the overall
business case for gathering that data. Any cost recovery agreement for gathering
and sharing data should be included in the data sharing agreement.
Data sharing agreements should be established for all corporate data, which is to
be used by distinct business parties. Where different business parties represent the
different business processes in place in PDO.
Data sharing may be the result of:
New system developments
System enhancements
Data harmonization studies
Data sharing should be indicated at either the selection process of a packaged
application or in the functional specification report of in-house developed systems.
A data sharing agreement should be established at this phase of the system
development / package selection cycle and should be included in the report.
All data must be shared from the master source. Duplication of data needs to be
avoided, unless:
Data needs to be restructured for performance reasons. In this case the
restructured data may not be shared with other applications.
Data needs to be restructured to fit third party packages. This is only
allowed if it is not possible via views / database links.
Data needs to be combined with other data into a new structure or physical
view as a part of a PDO corporate or discipline data warehouse.
It is not allowed to transfer data you do not own to other applications. All sharing is
done from the master source by default, unless data is combined and restructured
and made available in a PDO wide or portfolio data warehouse.
The data sharing process is based on the following standards / practices
IC91-078 Managing Shared Data
4
See Appendix A for a Data Sharing Agreement Example.
Data Definition Owner: to specify the data definitions and performance Formatted: Indent: Before: 0.59", Hanging: 0.2", Bulleted
indicators to the DVO; + Level: 1 + Aligned at: 0" + Tab after: 0.25" + Indent at:
0.25", Tab stops: 0.79", List tab + Not at 0.25"
Data Value Owner: to deliver the actual data to the user community;
IM CFDH: to ensure consistency across data sharing agreements and resolve
cross-discipline conflicts of interest; to assist the DVO to meet the data
requirements through the provision of procedures and guidelines;
Technical Data Custodian: to identify and facilitate data sharing opportunities;
to provide any required physically movement of data and/or user access
authorisation
Define
Measure Improve
Quality
This activity ensures the creation and maintenance of a register of all data items
requiring preservation.
All data requiring preservation and management, (because of their value to the
business, or because they are required for legal or other statutory reasons) shall be
specified in an authorised register, and managed accordingly.
This register shall (at least) contain the following Meta data for the registered data
items:
Data Definition Formatted: Indent: Before: 0.87", Hanging: 0.25", Bulleted
+ Level: 1 + Aligned at: 0.88" + Tab after: 1.13" + Indent
Data security classification at: 1.13"
Data quality definition and quality norms
Data Ownership (DVO and DDO)
Data Usage description (in which application? In which process?)
Sharing agreements
Maintaining this register and Meta data per data definition owner ensures all-
important (data) assets related to a process can be adequately identified.
This activity involves the following roles:
Data Definition Owner: responsible for including his/her data assets in the Formatted: Indent: Before: 0.59", Hanging: 0.2", Bulleted
register; + Level: 1 + Aligned at: 0" + Tab after: 0.25" + Indent at:
0.25", Tab stops: 0.79", List tab + Not at 0.25"
IM CFDH: mange the Register of Data Asset as application owner.
.. Confidentiality Maintenance
Identify Vital/Essential data and ensure they are adequately protected and
safeguarded throughout their life cycle.
Vital data are deemed to be those data items without which PDO could not:
Meet its commitments to its stakeholders. Formatted: Indent: Before: 0.59", Bulleted + Level: 1 +
Aligned at: 0" + Tab after: 0.25" + Indent at: 0.2", Tab
Meet its obligations and commitments to its employees. stops: 0.79", List tab + Not at 0.25"
Meet its legal and contractual obligations.
Re-construct its operations within a reasonable period of time after a disaster.
Replace without incurring exceptionally high cost.
Essential data are deemed to be those data items without which a PDO department
could not:
Meet its commitments to the business, senior management and other Formatted: Indent: Before: 0.59", Bulleted + Level: 1 +
departments. Aligned at: 0" + Tab after: 0.25" + Indent at: 0.2", Tab
stops: 0.79", List tab + Not at 0.25"
continue to operate or function effectively and efficiently
5
PDO Business Communication Guidelines. (GU-438)
Whilst the technical aspect about how to capture data (manually or electronically) is
not in the scope of this Code of Practice, the decision of what data has to be
captured is a typical data management task.
For Reference Data it’s recommended to:
Capture and record only those data which is deemed to be necessary to Formatted: Indent: Before: 0.87", Hanging: 0.25", Bulleted
support a given business process. + Level: 1 + Aligned at: 0.88" + Tab after: 1.13" + Indent
at: 1.13"
For Transaction Data it’s recommended to:
When the data entry process is done manually: capture all data but record Formatted: Indent: Before: 0.87", Hanging: 0.25", Bulleted
it in an aggregate form. + Level: 1 + Aligned at: 0.88" + Tab after: 1.13" + Indent
at: 1.13"
When the data entry process is or can be automated: capture all data
which is available and record it at the highest granularity level. This is
particularly true in case of real time data captured by measurement
devices.
These recommendations are given as principle directives, but step-out must be
possible as a result of business analysis, nature of the process or storage capacity.
.. Application
This Code of Practice is applicable to all PDO business activities, including those
activities undertaken by contractors on behalf of PDO. Therefore all PDO staff
(including contractors) must follow this Code of Practice and related relevant
procedures and guidelines, which in turn are based on this Code of Practice.
.. Step-Out
Deviations from this Code of Practice must be follow a step-out approval by DDO
an IM CFDH. This includes a full documention of the rationale for the deviation.
Who will be responsible for the operations of the transference Formatted: Indent: Hanging: 0.11", Bulleted + Level: 1 +
What are the fallback/recovery criteria Aligned at: 0.75" + Tab after: 1" + Indent at: 1", Tab stops:
Not at 1"
What are the actions to be taken and by whom in case of fallback/recovery.
Data involved
Within the DSA the involved data groups and their descriptions should be included.
Additional details concerning the data should be specified in a separate appendix.
Specification should be done in terms of:
Security
The data sharing agreement should contain the data security classification to define
the necessary baseline controls required as a result of the individual data sharing
(e.g. due to additional data communication requirements).
Compliance
Any restrictions, which may be applicable to the data should be specified,. e.g.
disclosure to other departments or third parties by the user or use for other purposes
than specified in the objectives and scope should be included.
For those cases that data need to be shared with systems outside PDO or Oman
special considerations need to be taken. The sharing of information outside PDO or
Oman is subject PSC provisions that states: “The Company shall not export any
document or data from Oman unless a duplicate or copy thereof remains in Oman.
Notwithstanding the foregoing, the company may export magnetic tapes, core
samples or other mineral samples when necessary and shall return any unused
samples or tapes to Oman after completing evaluation.”
Projects delivering data stores should adhere to the Data Hosting guidelines
In addition there may be other restrictions in place that may be considered, e.g. U.S.
Export Controls which applies to anything generated in U.S. or by U.S. persons.
Overall data compliance details should be registered in the corporate data register.
Data transference
The technical transference how the data will be made available should be indicated,
including the frequency. An Oracle view, a data warehouse, a portal, APIs are all
alternatives of making data available. Details on how data will be made available
should be included in an appendix.
Data quality
Quality aspects should be defined in terms of time and contents. It should be noticed
that it will be impractical (to manage and) to specify all data quality aspects in
separate data sharing agreements. It is therefore recommended to specify data
quality aspects in an appendix.
Change management
The DSA should contain a description of the actions that parties take in case a
change occurs in any of the related applications, the data model, or in the way data
sharing is being facilitated. An indication of the service levels need to be specified as
well, e.g. all changes in the data model will be communicated one week in advance
to allow for timely modifications in the interfaces or retrieving applications.
Audit trail
At request of the DDO, an audit trail of data usage needs to be provided by the data
users. The DSA should contain a description of agreements between involved
parties regarding the request and contents of such audit trails.
Volumes
Ranges of volumes of data, which might be expected to be shared, should be
specified. Actions to be taken in case of deviations from these ranges should be
specified.
E.g. the volume of data is expected to be within the range of 10.000 - 15.000 records
monthly. Any deviation from this range will be communicated with the user.
Validity
Where applicable there should be mention of the duration of the agreement.
However, at least a starting data should be specified.
Costs
All costs related to activities involved in the process of data sharing (including
development and operations) should be listed and clear statements of understanding
should be made on who will cover what costs.
Authorisation
The Data sharing agreement should be dated and signed by both the providing data
owner and the receiving data owner. UIIM on behalf of UII (Technical Data
Custodian) will countersign as the responsible department for PDO’s data
management process.
The below e-mail is a template of the DSA form. Fill in the required data and sent it to the
Data Provider, Data Consumer, Agreement custodian (UIIM) and the Data and Application
Technical custodian for approval. Keep this e-mail with the corresponding approvals in Data
Sharing Agreements folder (in Livelink) for future reference.