Petroleum Development Oman L.L.C.

Restricted Document ID: CP-139

February 2009

Corporate Data Management

Code of Practice

Keywords: Data Management, Information Asset, Meta Data, Data Quality.

This document is the property of Petroleum Development Oman, LLC. Neither the whole
nor any part of this document may be disclosed to others or reproduced, stored in a retrieval
system, or transmitted in any form by any means (electronic, mechanical, reprographic
recording or otherwise) without prior written consent of the owner.
Corporate Data Management Code of Practice Version 3.00

Authorised For Issue

Revision History
The following is a brief summary of the most recent revisions to this document. Details of all
revisions prior to these are held on file by the issuing department.
Version No. Date Author Scope / Remarks

Version 3.0 14/02/2009 Alessandro Allodi UIIM Reviewed, minor modifcations

Version 3.0 11/02/2009 Fernandez, Ramon Jose Reviewed.
UIIM2
Version 3.0 18/10/2008 Farfan, Martin UIIM/22 Major changes to address security issues and
external sharing. Aligment with Shell Data
Management Principles (2008). Add links to
reference documents where feasible.
Version 2.1 29/03/2006 Alessandro Allodi UIIM/1 Minor updates to align to IM&T reorganisation
Version 2.0 15/03/2003 Alessandro Allodi, TCP/4 Second version
Version 1.0 23/05/2000 Hans van Bruggen, CDM Initial version

16 February 2009 i Restricted

Corporate Data Management Code of Practice Version 3.00

Contents

Authorised For Issue................................................................................................................... i

Contents ...................................................................................................................................... ii

1. Introduction .......................................................................................................................... 1
1.1. Background ................................................................................................................. 1
1.2. Purpose ........................................................................................................................ 1
1.3. Target Audience .......................................................................................................... 1

2. Scope and Objectives ............................................................................................................ 2

2.1. Scope ........................................................................................................................... 2
2.2. Aims & Objectives ...................................................................................................... 4
2.3. Fundamentals for this Code of Practice ...................................................................... 4
2.4 Related Standards ............................................................................................................. 6
2.4. Review and Improvement ........................................................................................... 7

3. Roles and Responsibilities .................................................................................................... 8

3.1. Data Ownership .......................................................................................................... 8
3.2. Data Custodianship ..................................................................................................... 8
3.3. Data Definition Owner ................................................................................................ 8
3.4. Data Value Owner....................................................................................................... 9
3.5. Technical Data Custodian ........................................................................................... 9
3.6. Corporate Data Manager ........................................................................................... 10
3.7. Audit & Review ........................................................................................................ 10

4. Practices to be followed ...................................................................................................... 11

4.1. Manage Data Models ................................................................................................ 11
4.2. Data Sharing.............................................................................................................. 12
4.3. Manage Data Quality ................................................................................................ 13
4.4. Maintaining a Register of Data Assets / Meta data .................................................. 13
4.5. Confidentiality Maintenance ..................................................................................... 14
4.6. Vital/Essential Data Protection ................................................................................. 14
4.7. Manage Data Capture ............................................................................................... 15
4.8. Application ................................................................................................................ 15
4.9. Step-Out .................................................................................................................... 15

Appendix A. Data Sharing Agreement .............................................................................. 1716

Appendix B. Data Sharing Agreement form – Internal PDO ......................................... 2019

16 February 2009 ii Restricted

Corporate Data Management Code of Practice (CP-139) Version 3.00

. Introduction

.. Background

PDO data and documentation are important

business assets, which form the company's
information asset. Managing this asset
Information
throughout its life cycle, as required under Management
PDO's policy for Information Management, is Policy (PL-39)

an important business process. This Code of

Practice (CP-139) covers Data Management Data Document
Management Management
whilst another Code of Practice (CP-102) CoP (CP-139) CoP (CP-102)
covers Document Management. Both are
derived from the Information Management Data Management Doc. Management
Policy (PL-39). Specifications Specifications
Procedures Procedures
Guidelines Guidelines
The key activities in this process, applicable
to data, are described in detail in this Data
Management Code of Practice. These activities are based on PDO experience and
expertise, legislative requirements, Shell Group guidelines and recognised industry
best practice. PDO's Data Management specifications, procedures and guidelines
are based on this Code of Practice.

.. Purpose

The main purpose of a Code of Practice is to support/enable managing business

risks and maximising opportunities. This document describes the landscape of data
management and provides the practices that shall be applied to manage data
throughout their life cycle.

.. Target Audience

This Code of Practice is mandatory for use by all staff in PDO (including
contractors) responsible for managing data at any point in the life cycle process.
Auditors to inspect the effectiveness of data management processes may also use
it.

16 February 2009 1 Restricted

Corporate Data Management Code of Practice (CP-139) Version 3.00

. Scope and Objectives

This section provides a description of the fundamentals upon which the
recommended practices are based and broadly outlines the boundaries within
which these are set.

.. Scope

The scope of corporate data management it is independent from the specific

discipline that creates and consumes data. It focuses on general and generically
practices applicable to all disciplines. The scope of corporate data management
includes communicating such practices and supporting the disciplines on
implementing and customizing data management within their own business scope.

... Data Management Process & Data Lifecycle

The activity of data management is the planning, implementation, administration,

and control of data for the benefit of the business. This should be done within the
business (not just the data management department) and is achieved through
developing and maintaining:
 business models that are owned by the business and used so that new and
existing systems (including s/w applications) support the business better,
 databases and the data model that defines them, to facilitate the
compatibility of data,
 agreed definitions, requirements, and responsibilities for data so that data
is created and used properly.
Business Model: A business model is a structured description of the business. It
includes descriptions of activities and the information created or used by them. It
can be used to analyse and design business processes and to assess how well
existing and planned computer systems support them.

Data Model: A data model holds the definition, structure and format of data. A data
model provides the basis for ensuring the compatibility and consistent use of data.

Quality Data: Quality data is data that conforms to agreed quality requirements,
e.g. for appropriate accuracy and timeliness. It has an agreed definition and
responsibilities to ensure its quality are assigned and acted on.

16 February 2009 2 Restricted

Corporate Data Management Code of Practice (CP-139) Version 3.00

... Data Architecture

Any Data Architecture distinguishes two important categories of data:

 Reference Data i.e. data describing assets, their characteristics and the
business relations amongst them. Within reference data we can further
identify:
o Master Reference Data: data which is shared amongst more
discipline and / or business processes. E.g. well name, Person –
Reference indicator.
o Discipline Reference Data: data which is used within one discipline,
without sharing needs among business processes and other
disciplines. E.g. Porosity Log, Person - Bank Account
o Application Data: Data whose scope does not go beyond the
application boundary. This data is often abandoned when the
owning application is phased out.
 Transactions: data that describes the modification of one or more
characteristic of a piece of reference data. Transactions are generated
during the executions of business processes (activities) and are captured
via applications. Their scope can affect any of the reference data
mentioned above.

Master
Transactions
Transactions
Reference
Data

Discipline
Reference
Data

Application
Data

16 February 2009 3 Restricted

Corporate Data Management Code of Practice (CP-139) Version 3.00

.. Aims & Objectives

The aims and objectives for documenting this Code of Practice are:
 To describe the activities needed to implement PDO's information
management policy in the area of data management;
 To capture and record accepted best practices in data management;
 To convey common, consistent advice on data management practices to all
practitioners;
 To establish the basis for effective knowledge and information management.

.. Fundamentals for this Code of Practice

Data drives all business decisions regarding PDO’s Assets, directly or indirectly.
The management of this data is an activity that takes place in all lines of business
and touches the day-to-day activities of most staff in PDO. Increased focus upon
Data Management is required supporting the further integration of business
processes, to help the business deal with growing volumes of data and to protect
PDO’s business interests.
The Data Management Principles are generic for all data and should be applied not
only by staff working explicitly on Data Management, but also by all others in the IT
function and the business with a responsibility for applications and data.
There are ten principles on which the management of data is based on and
graphically summarized in the graph below.

Data Accessibility

Meta Data Data Architecture

Compliance
Data Rules
Ownership

Standards

Integrity
Lifecycle

Security
Quality

Data
Data

Data
Data

Data is an Asset

These principles deals with the data life cycle management, the data quality,
security and access and sharing and they are:
Life cycle management
1) Data is managed as a Business Asset
Data is a business asset and should be managed proportionately to its
business value by everyone who deals with it. Both current and future
uses must be considered. Competitive advantage is achieved through
handling Data as an Asset

2) Data Ownership & accountabilities are clear and acted upon

Data must have an identified owner (Line) and a custodian
(Computing)1.
3) Metadata is collected, managed and used
4) Data Architecture is in place and adhered to
The design and implementation of information systems must conform
to data management standards.

1
Roles and responsibilities are described in Chapter 3.

16 February 2009 4 Restricted

Corporate Data Management Code of Practice (CP-139) Version 3.00

The definition of data and the business rules, which govern its use,
should be independent of the systems in which they are applied.
5) Data adheres to Industry Standards

Quality
6) Data Quality is defined and monitored
Data should be associated to measurable quality criteria, so that the
level of reliability can be easily assessed.
7) Data Integrity is assured across the Life Cycle
Data integrity must be maintained across business processes /
disciplines.

Security
8) Data is kept Secure

Compliance
9) Data handling and usage must comply with restrictions due to
contractual or legal reasons.

Access & Sharing

10) Data is made Accessible
All PDO data is classified as “Restricted”, e.g. available to all PDO
staff, unless the data owner demonstrates that the data has a different
classification level

16 February 2009 5 Restricted

Corporate Data Management Code of Practice (CP-139) Version 3.00

This Code of Practice is based on the following documents:

 Shell Data Management Principles Formatted: Indent: Before: 0.59", Hanging: 0.3", Bulleted
 EP 94-1680 Guidelines for Improving Management of Data (IM&T Data + Level: 1 + Aligned at: 0" + Tab after: 0.25" + Indent at:
0.2"
Management Roles & Responsibilities)
 EP 94-0950 Guidelines for Improving Management of Data (EP Data
Management Maturity Model)
 EP 94-1675 Guidelines for Improving Management of Data (Data Sharing
Agreement Guideline)
 IC 91-078 Managing Shared Data
 IC 92-124 Managing Data Quality
 Business Communications Guidelines (GU-5438)
 PL-06 Information Management Policy
 CP-102 Document Management Code of Practice
 GU-289 PDO Security Guide

2.4 Related Standards

The following documents specifically relate to this Code of Practice in the

standards hierarchy:
Business Control Description Document ID
Policy Information Management Policy PL-06
Code of Practice Document Management CP-102
IM&T Security CP-127
Delivery of Applications & Databases CP-128
Information Planning and Appraisal CP-116
Specification
Procedure Manage Data Model To be wiritten
Manage Data Quality
Manage Data Sharing
Manage Data Asset - Meta Data

Guideline

16 February 2009 6 Restricted

Corporate Data Management Code of Practice (CP-139) Version 3.00

.. Review and Improvement

This document will be reviewed every three (3) years by the Corporate Disicpline
Head for Information Management. Constructive comments and feedback from
all practitioners are welcome at any time. Such feedback will be reviewed upon
receipt and a decision will be communicated back to the provider as to whether
the feedback will result in a review and update of the existing standard and when
this will occur.

16 February 2009 7 Restricted

Corporate Data Management Code of Practice (CP-139) Version 3.00

. Roles and Responsibilities

.. Data Ownership

All data generated/obtained in the course of transacting PDO business belong to

PDO, not to the individuals or groups that are involved in their creation. This
principle determines the starting point for defining roles and responsibilities in
respect to data management.
However, Process Owners and/or Asset Manager, nominated by PDO, are
assigned the management responsibility for data belonging to those processes
and/or assets as described in this Code of Practice.
 The Process Owner (CFDH) inherits the role of Data Definition Owner
(DDO). The CFDH role of Data Definition Owner is often delegated to the
functional discipline engineer or dedicated data manager but the CFDH
remains accountable.
 The Asset Manager inherits the role of Data Value Owner (DVO). The
Asset Manager role of Data Value Owner is often delegated to the various
discipline engineers or a dedicated data managers in the Asset Team. In
either case the Asset Manager remains accountable.

Data ownership details are to be register in the PDO Data Register. This register
captures DVO’s and DDO’s role to persons and the relations with data groups /
entities

.. Data Custodianship

To support tasks and responsibilities assigned to DVO and DDO from a computing
perspective, a third data management role is necessary: the technical data
custodian:
 The IM&T Manager (UII) inherits the role of technical data custodian (TDC).
Like the previous role, technical task are often delegated to computing
departments heads or dedicated data managers, but the Information
Manager remains accountable.

.. Data Definition Owner

The Corporate Functional Discipline Head (CFDH) is the Data Definition Owner for
the data entities in his/her discipline. The person is responsible for ensuring the
provision of clear definitions, security, accessibility, integrity and quality criteria for
the data entities in his/her discipline. The Data Definition Owner may delegate all
the tasks associated with the above data standards, but remains accountable for
ensuring the tasks are performed.
As a Data Definition Owner, your data management responsibilities are to:
 Collate user requirements for data from all parts of the business and in some Formatted: Indent: Before: 0.59", Hanging: 0.3", Bulleted
cases from outside the business, and to provide those data standards + Level: 1 + Aligned at: 0" + Tab after: 0.25" + Indent at:
necessary for management of the data item throughout its life. 0.2", Tab stops: Not at 0.25"

 Provide the technical custodian with the following meta data: Formatted: Indent: Before: 0.59", Hanging: 0.3", Bulleted
o Indicate if data entities are Corporate or Discipline related; + Level: 1 + Aligned at: 0" + Tab after: 0.25" + Indent at:
o Define, where necessary, the conditions to be satisfied for sharing the data, 0.2", Tab stops: Not at 0.25"
i.e. associate the data entities with the standard classification (Most
Confidential, Confidential, Restricted and Unrestricted). Provide a clear
business case for any classification that differs form Unrestricted.

16 February 2009 8 Restricted

Corporate Data Management Code of Practice (CP-139) Version 3.00

o Define quality criteria to allow Data Value Owners to assess the quality of
their data values;

 Appraise the ability of current systems to ensure that the data entity can be
managed effectively;
 Approve the sharing of data entities (if not Unrestricted and there are no other
issues, e.g.public sources that may be copyrighted).
Formatted: Indent: Before: 0.59", Hanging: 0.3", Bulleted
+ Level: 1 + Aligned at: 0" + Tab after: 0.25" + Indent at:
0.2", Tab stops: Not at 0.25"
Formatted: Indent: Before: 0.59", Hanging: 0.3", Bulleted
+ Level: 1 + Aligned at: 0" + Tab after: 0.25" + Indent at:
0.2", Tab stops: Not at 0.25"

 Approve the transfer, archiving and disposal of your data entities; Formatted: Indent: Before: 0.59", Hanging: 0.3", Bulleted
+ Level: 1 + Aligned at: 0" + Tab after: 0.25" + Indent at:
0.2", Tab stops: Not at 0.25"
 Approve, with the Data Value Owner, the deletion of data values that have no
further use for PDO. Formatted: Indent: Before: 0.59", Hanging: 0.3", Bulleted
+ Level: 1 + Aligned at: 0" + Tab after: 0.25" + Indent at:
0.2", Tab stops: Not at 0.25"
.. Data Value Owner

The Asset Manager is the Owner of data pertaining to his/her asset. In case there is
no asset manager (e.g. North and South Directorate), the director will appoint one
or more DVO within his/her directorate. The Data Value Owner owns the data
values and is responsible for ensuring that the data meets the agreed requirements
for accuracy, timeliness, availability, etc. The Data Value Owner may delegate all
the tasks associated with the above data roles, but retains responsible for ensuring
that the roles are fulfilled.
As a Data Value Owner, your data management responsibilities are to:
 Ensure that your data users specify their requirements for data standards and Formatted: Indent: Before: 0.59", Hanging: 0.3", Bulleted
benefits of these standards to the Data Definition Owner; + Level: 1 + Aligned at: 0" + Tab after: 0.25" + Indent at:
0.2", Tab stops: Not at 0.25"
 Plan and allocate data management tasks (creation, use, validation,
administration, etc.) for the data values for which you are responsible, and
ensure these tasks are carried out;
 Ensure that data validation is performed as required, and that changes are
incorporated into the corporate data stores, and that users have been provided
with access to the validated data;
 Ensure that nonconformity’s in data quality are rectified and that staff are
allocated to perform this task;
 Assist in assessing the impact of the newly implemented database or interface
on managing data values under your control;
 Approve the transfer and archiving of your data values;
 Approve, with the Data Definition Owner, the deletion of data values that have
no further use for PDO.

.. Technical Data Custodian

The TDC, embodied by the Information Manager, is responsible for providing

DDO’s and DVO’s with the necessary tools to support data management. Whilst
retaining the ultimate responsibility, he/she will delegate the tasks, through IT
departmental heads, to a Corporate Data Manager and to Database Administrators.
It’s important to note that, beyond being TDC, the Information Manager is also DDO
for those data entities generated in the EP.16 process2.
Tasks and responsibilities of a TDC are:

2
EP-16 Manage Information Asset. See Exploration and Production Business
Model -EPBM- version 4)

16 February 2009 9 Restricted

Corporate Data Management Code of Practice (CP-139) Version 3.00

 Provide DDO with a system to record and manage meta data; Formatted: Indent: Before: 0.59", Hanging: 0.3", Bulleted
+ Level: 1 + Aligned at: 0" + Tab after: 0.25" + Indent at:
 Provide DVO’s with a system to monitor data quality trends; 0.2", Tab stops: Not at 0.25"
 Sponsor data management awareness initiatives targeting assets and
discipline representatives;
 Endorse data quality improvement exercises
 Appoint a Corporate Data Management function.
.

.. IM Corporate Functional Discipline Head (IM CFDH)

The IM CFDH is responsible for establishing the generic framework for the
management of data in PDO.
As discipline head, data management responsibilities are to:
 Ensure that PDO relevant corporate data management Code of Practice, Formatted: Indent: Before: 0.59", Hanging: 0.3", Bulleted
standards, guidelines and tools are established and kept up-to-date; + Level: 1 + Aligned at: 0" + Tab after: 0.25" + Indent at:
0.2", Tab stops: Not at 0.25"
 Promote the usage of the current data management Code of Practice,
standards and guidelines;
 Identify appropriate general data management training courses;
 Together with the portfolio consultants, ensure adherence to data
management Code of Practice, standards and guidelines;
 Benchmark Data Management Performance across company;
 Promote Best Practices in Data Management.
 Facilitate, where appropriate, data sharing agreements.

.. Audit & Review

A yearly health-check will be executed as part of the sustainability of this Code of

Practice. Non-compliance findings must be recorded and a remediation plan stated
(including action party and completion date). This plan of action must be
documented and submitted for approval to the appropriate Data Definition Owner
and Corporate Data Manager.
In addition, independent, systematic audits and/or reviews of the data management
processes and tools are recommended.

16 February 2009 10 Restricted

Corporate Data Management Code of Practice (CP-139) Version 3.00

. Practices to be followed
This section covers the main data management activities at a corporate level.
These activities are:
 Manage Data Models;
 Manage Data Sharing;
 Manage Data Quality;
 Manage Meta Data;
 Manage Confidentiality;
 Vital / Essential data protection;
 Manage data capture.

.. Manage Data Models

Managing a data model is a key activity in data management. Although PDO

primarily purchases off-the-shelf business application software and minimizes new
software development, getting to know how a certain application represents the
data helps to better serve the underlying business processes.
For self-developed applications it’s mandatory to produce:
1. The Logical Data Model, encompassing entities and relationship.
2. The Physical Data Model, describing in a formal DDL3, the implementation of
the Logical Model on a (relational) database
For an off-the shelf application, the logical data model is sufficient.
It’s important to communicate the data model to the Corporate Data Manager, so
that a shared repository of data models can be managed. Please refer to the Data
Modelling Procedure for more details.
During the data modelling process, the following standards / practices should be
followed:
IC91-077s2a Local Attribute Naming Standard; Volume 1
IC91-077s2b Local Attribute Naming Standard; Volume 2
IC94-033 Developing High Quality Data Models; Volume 1 - Principles and
Techniques
IC94-034 Developing High Quality Data Models; Volume 2 - The Generic
Entity Framework; Version 1.0
IC94-035 Developing High Quality Data Models; Volume 3 - Data Model
Templates
IC94-036 Entity Type and Relationship Naming Standards

The following roles are involved:

Application Owner: Owns the data model and is responsible for maintaining its
alignment with application changes and with new business requirements.

3
DDL: Data Definition Language. It’s a formal and computable language to create a data
base from a data model. SQL is an example of a DDL.

16 February 2009 11 Restricted

Corporate Data Management Code of Practice (CP-139) Version 3.00

Data Definition Owner: Validates the data model against the data definition.
Associates data quality standards and defines confidentiality and sharing criteria.
Technical Data Custodian: Makes sure that the model is properly implemented
and that common reference data is shared from the master source.
IM CFDH: Validates the data model against the data modelling standards and
publishes it in the Meta data repository.

.. Data Sharing

Most of the data is used by more than one business process; e.g. data is shared
between processes. Sharing data is essential to our business as it flows from one
discipline to another adding value on the way.
Where data management roles are spread over multiple processes these should be
agreed and recorded in a Data Sharing Agreement4. This is the formalisation of the
use of data outside the environment where it is generated. It ensures that the
requirements are understood, and that quality of delivery can be measured (through
performance indicators). It also allows for the benefits to be included in the overall
business case for gathering that data. Any cost recovery agreement for gathering
and sharing data should be included in the data sharing agreement.
Data sharing agreements should be established for all corporate data, which is to
be used by distinct business parties. Where different business parties represent the
different business processes in place in PDO.
Data sharing may be the result of:
 New system developments
 System enhancements
 Data harmonization studies
Data sharing should be indicated at either the selection process of a packaged
application or in the functional specification report of in-house developed systems.
A data sharing agreement should be established at this phase of the system
development / package selection cycle and should be included in the report.
All data must be shared from the master source. Duplication of data needs to be
avoided, unless:
 Data needs to be restructured for performance reasons. In this case the
restructured data may not be shared with other applications.
 Data needs to be restructured to fit third party packages. This is only
allowed if it is not possible via views / database links.
 Data needs to be combined with other data into a new structure or physical
view as a part of a PDO corporate or discipline data warehouse.
It is not allowed to transfer data you do not own to other applications. All sharing is
done from the master source by default, unless data is combined and restructured
and made available in a PDO wide or portfolio data warehouse.
The data sharing process is based on the following standards / practices
IC91-078 Managing Shared Data

This activity involves the following roles:

4
See Appendix A for a Data Sharing Agreement Example.

16 February 2009 12 Restricted

Corporate Data Management Code of Practice (CP-139) Version 3.00

 Data Definition Owner: to specify the data definitions and performance Formatted: Indent: Before: 0.59", Hanging: 0.2", Bulleted
indicators to the DVO; + Level: 1 + Aligned at: 0" + Tab after: 0.25" + Indent at:
0.25", Tab stops: 0.79", List tab + Not at 0.25"
 Data Value Owner: to deliver the actual data to the user community;
 IM CFDH: to ensure consistency across data sharing agreements and resolve
cross-discipline conflicts of interest; to assist the DVO to meet the data
requirements through the provision of procedures and guidelines;
 Technical Data Custodian: to identify and facilitate data sharing opportunities;
to provide any required physically movement of data and/or user access
authorisation

.. Manage Data Quality

By improving data quality, it is possible to make optimal use of data to achieve

business objectives and mitigate risks associated with poor data quality. Since the
use of data is pervasive throughout PDO, everyone that creates or uses data will
benefit from improved data quality, by saving time and minimizing data issues. After
having identified data groups, data items and after having assigned responsibilities,
the quality of data can be managed.

Define
Measure Improve
Quality

Responsibilities for Data Quality definitions:

 The Data Definition Owner sets the quality requirements for his/her data
groups
 Based on the requirements, the Data Value Owner sets the quality norms
and targets for his/her asset

Responsibilities for Data Quality Measure

 The Technical Data Custodian provides process & tools for measuring and
publishing the data quality scores.

Responsibilities for Data Quality Improvement:

 The Data Value Owner regularly checks the status of his/her data, and
eventually starts data cleansing exercises.
 The IM CFDH assists the DVO and coordinates improvements across
assets / disciplines.

The data quality process is based on the following standard / practices

IC92-124 Managing Data Quality

.. Maintaining a Register of Data Assets / Meta data

This activity ensures the creation and maintenance of a register of all data items
requiring preservation.
All data requiring preservation and management, (because of their value to the
business, or because they are required for legal or other statutory reasons) shall be
specified in an authorised register, and managed accordingly.

16 February 2009 13 Restricted

Corporate Data Management Code of Practice (CP-139) Version 3.00

This register shall (at least) contain the following Meta data for the registered data
items:
 Data Definition Formatted: Indent: Before: 0.87", Hanging: 0.25", Bulleted
+ Level: 1 + Aligned at: 0.88" + Tab after: 1.13" + Indent
 Data security classification at: 1.13"
 Data quality definition and quality norms
 Data Ownership (DVO and DDO)
 Data Usage description (in which application? In which process?)
 Sharing agreements
Maintaining this register and Meta data per data definition owner ensures all-
important (data) assets related to a process can be adequately identified.
This activity involves the following roles:
 Data Definition Owner: responsible for including his/her data assets in the Formatted: Indent: Before: 0.59", Hanging: 0.2", Bulleted
register; + Level: 1 + Aligned at: 0" + Tab after: 0.25" + Indent at:
0.25", Tab stops: 0.79", List tab + Not at 0.25"
 IM CFDH: mange the Register of Data Asset as application owner.

.. Confidentiality Maintenance

Objective of this practice is to maintain appropriate confidentiality for all data

classes throughout their life cycle.
All data belonging to PDO must be classified using the PDO Security Classification
scheme5 and managed in accordance with this scheme throughout their life cycle
(creation, use, maintenance through to final disposition) to provide protection from
loss, distortion, misuse or unauthorised disclosure.
Where non-confidential data should be shared freely through unrestricted access in
the company, confidential data shall only be available on a ‘need to know’ basis.
This activity involves the following roles:
 Data Definition Owner – to specify the security classification in the Register of Formatted: Indent: Before: 0.59", Hanging: 0.2", Bulleted
Data Asset. + Level: 1 + Aligned at: 0" + Tab after: 0.25" + Indent at:
0.25", Tab stops: 0.79", List tab + Not at 0.25"

.. Vital/Essential Data Protection

Identify Vital/Essential data and ensure they are adequately protected and
safeguarded throughout their life cycle.
Vital data are deemed to be those data items without which PDO could not:
 Meet its commitments to its stakeholders. Formatted: Indent: Before: 0.59", Bulleted + Level: 1 +
Aligned at: 0" + Tab after: 0.25" + Indent at: 0.2", Tab
 Meet its obligations and commitments to its employees. stops: 0.79", List tab + Not at 0.25"
 Meet its legal and contractual obligations.
 Re-construct its operations within a reasonable period of time after a disaster.
 Replace without incurring exceptionally high cost.
Essential data are deemed to be those data items without which a PDO department
could not:
 Meet its commitments to the business, senior management and other Formatted: Indent: Before: 0.59", Bulleted + Level: 1 +
departments. Aligned at: 0" + Tab after: 0.25" + Indent at: 0.2", Tab
stops: 0.79", List tab + Not at 0.25"
 continue to operate or function effectively and efficiently

5
PDO Business Communication Guidelines. (GU-438)

16 February 2009 14 Restricted

Corporate Data Management Code of Practice (CP-139) Version 3.00

Data that would be necessary to support the reconstruction of PDO's business

operations in the event of a disaster must be identified and where necessary
appropriate steps taken to ensure that a backup or copy of these are held in an
accessible form at a separate, secure location remote from current operational
site(s).
This activity involves the following roles:
 Data Definition Owner: to identify data as vital/essential; Formatted: Indent: Before: 0.59", Hanging: 0.2", Bulleted
+ Level: 1 + Aligned at: 0" + Tab after: 0.25" + Indent at:
 Data Value Owner: to identify data as vital/essential; 0.25", Tab stops: 0.79", List tab + Not at 0.25"
 Technical Data Custodian: to support the DDO and DVO to manage
vital/essential data;

.. Manage Data Capture

Whilst the technical aspect about how to capture data (manually or electronically) is
not in the scope of this Code of Practice, the decision of what data has to be
captured is a typical data management task.
For Reference Data it’s recommended to:
 Capture and record only those data which is deemed to be necessary to Formatted: Indent: Before: 0.87", Hanging: 0.25", Bulleted
support a given business process. + Level: 1 + Aligned at: 0.88" + Tab after: 1.13" + Indent
at: 1.13"
For Transaction Data it’s recommended to:
 When the data entry process is done manually: capture all data but record Formatted: Indent: Before: 0.87", Hanging: 0.25", Bulleted
it in an aggregate form. + Level: 1 + Aligned at: 0.88" + Tab after: 1.13" + Indent
at: 1.13"
 When the data entry process is or can be automated: capture all data
which is available and record it at the highest granularity level. This is
particularly true in case of real time data captured by measurement
devices.
These recommendations are given as principle directives, but step-out must be
possible as a result of business analysis, nature of the process or storage capacity.

This activity involves the following roles:

 Data Definition Owner: to identify which data has to be captured and the Formatted: Indent: Before: 0.87", Hanging: 0.25", Bulleted
needed level of granularity; + Level: 1 + Aligned at: 0" + Tab after: 0.25" + Indent at:
0.25", Tab stops: 0.79", List tab + Not at 0.25"
 Data Value Owner: make sure that his/her data is captured within the scope
defined by the DDO;
 Technical Data Custodian: to support the DDO and DVO to manage data
capture by providing them with information on storage capacity, data
capture complexity and quality measurement. Last but not least, the TDC is
also assigned the task of pursuing all the automated data capture
opportunities enabled by current technologies.

.. Application

This Code of Practice is applicable to all PDO business activities, including those
activities undertaken by contractors on behalf of PDO. Therefore all PDO staff
(including contractors) must follow this Code of Practice and related relevant
procedures and guidelines, which in turn are based on this Code of Practice.

.. Step-Out

Deviations from this Code of Practice must be follow a step-out approval by DDO
an IM CFDH. This includes a full documention of the rationale for the deviation.

16 February 2009 15 Restricted

Corporate Data Management Code of Practice (CP-139) Version 3.00

Failure to do so will constitute a violation of the IM Policy and shall be subject to a

Business Control Incident (BCI) process.

16 February 2009 16 Restricted

Corporate Data Management Code of Practice (CP-139) Version 3.00

Appendix A. Data Sharing Agreement

Data Sharing Agreement contents

The following aspects are recommended to be included in a Data Sharing

Agreement

Objectives and scope

There should be a description on the background of the target use of the data (e.g. a
brief description of the process using the information), reasons for sharing the data
and a specification of the data subset to be used (e.g. offshore data only; all
contractors for Data Group x; all stored data etc.).
Parties involved (including roles and responsibilities)
All parties involved in the agreement should be listed, including their roles and
responsibilities, based on the data ownership framework. This should refer to the
registered parties in the corporate data register.

All operational aspects should be specified and where applicable a concise

description should be given on the fallback requirements/actions in case the transfer
is not working as specified. Examples are:

 Who will be responsible for the operations of the transference Formatted: Indent: Hanging: 0.11", Bulleted + Level: 1 +
 What are the fallback/recovery criteria Aligned at: 0.75" + Tab after: 1" + Indent at: 1", Tab stops:
Not at 1"
 What are the actions to be taken and by whom in case of fallback/recovery.

Data involved
Within the DSA the involved data groups and their descriptions should be included.
Additional details concerning the data should be specified in a separate appendix.
Specification should be done in terms of:

The logical entity involved

Any relations involved
All attributes involved (logical names). This must be done only if the data sharing is
not encompassing all attributes

Security
The data sharing agreement should contain the data security classification to define
the necessary baseline controls required as a result of the individual data sharing
(e.g. due to additional data communication requirements).

Compliance
Any restrictions, which may be applicable to the data should be specified,. e.g.
disclosure to other departments or third parties by the user or use for other purposes
than specified in the objectives and scope should be included.

For those cases that data need to be shared with systems outside PDO or Oman
special considerations need to be taken. The sharing of information outside PDO or
Oman is subject PSC provisions that states: “The Company shall not export any
document or data from Oman unless a duplicate or copy thereof remains in Oman.
Notwithstanding the foregoing, the company may export magnetic tapes, core
samples or other mineral samples when necessary and shall return any unused
samples or tapes to Oman after completing evaluation.”

16 February 2009 17 Restricted

Corporate Data Management Code of Practice (CP-139) Version 3.00

Projects delivering data stores should adhere to the Data Hosting guidelines

In addition there may be other restrictions in place that may be considered, e.g. U.S.
Export Controls which applies to anything generated in U.S. or by U.S. persons.

Overall data compliance details should be registered in the corporate data register.

Availability and accessibility

The availability should be specified in terms of operational requirements and update
frequency. E.g.: data should always be available on-line and should at least be
updated once a month or should continuously be updated.

Data transference
The technical transference how the data will be made available should be indicated,
including the frequency. An Oracle view, a data warehouse, a portal, APIs are all
alternatives of making data available. Details on how data will be made available
should be included in an appendix.

Data quality
Quality aspects should be defined in terms of time and contents. It should be noticed
that it will be impractical (to manage and) to specify all data quality aspects in
separate data sharing agreements. It is therefore recommended to specify data
quality aspects in an appendix.

Change management
The DSA should contain a description of the actions that parties take in case a
change occurs in any of the related applications, the data model, or in the way data
sharing is being facilitated. An indication of the service levels need to be specified as
well, e.g. all changes in the data model will be communicated one week in advance
to allow for timely modifications in the interfaces or retrieving applications.

Audit trail
At request of the DDO, an audit trail of data usage needs to be provided by the data
users. The DSA should contain a description of agreements between involved
parties regarding the request and contents of such audit trails.

Volumes
Ranges of volumes of data, which might be expected to be shared, should be
specified. Actions to be taken in case of deviations from these ranges should be
specified.

E.g. the volume of data is expected to be within the range of 10.000 - 15.000 records
monthly. Any deviation from this range will be communicated with the user.

Validity
Where applicable there should be mention of the duration of the agreement.
However, at least a starting data should be specified.

16 February 2009 18 Restricted

Corporate Data Management Code of Practice (CP-139) Version 3.00

Costs
All costs related to activities involved in the process of data sharing (including
development and operations) should be listed and clear statements of understanding
should be made on who will cover what costs.

Authorisation
The Data sharing agreement should be dated and signed by both the providing data
owner and the receiving data owner. UIIM on behalf of UII (Technical Data
Custodian) will countersign as the responsible department for PDO’s data
management process.

16 February 2009 19 Restricted

Corporate Data Management Code of Practice (CP-139) Version 3.00

Appendix B. Data Sharing Agreement form – Internal PDO

Two DSA versions: as a Word document and as an e-mail.
The below is a document template of the DSA form to signed by the involved parties which
should be kept in Data Sharing Agreements (in Livelink) for future reference.

The below e-mail is a template of the DSA form. Fill in the required data and sent it to the
Data Provider, Data Consumer, Agreement custodian (UIIM) and the Data and Application
Technical custodian for approval. Keep this e-mail with the corresponding approvals in Data
Sharing Agreements folder (in Livelink) for future reference.

16 February 2009 20 Restricted