DEFENCE DATA MANAGEMENT

STRATEGY

December 2016

Owner: Head CMI

Author: Peter Nell
Version: 2.0
Document Version History

Version Date Detail By

0.1 26/01/2016 First draft. Peter Nell
0.2 16/03/2016 Incorporating comments on version 0.1. Peter Nell
0.3 01/04/16 Major re-write. Peter Nell
0.4 25/04/2016 Incorporating comments from internal Peter Nell
review of version 0.3.
0.5 25/04/2016 Minor changes. Peter Nell
0.6 10/05/2016 Incorporating comments from Steve Peter Nell
Latchem and team.
0.7 13/05/2016 Incorporating further comments. Peter Nell
0.8 20/05/2016 Minor changes. Peter Nell
0.9 24/05/2016 Minor changes. Peter Nell
0.10 13/06/2016 Minor changes. Peter Nell
0.11 13/06/2016 Incorporating comments from Adrian Peter Nell
Barker.
1.0 28/06/2016 Minor changes. Peter Nell
1.1 02/08/2016 Change format to ISS standard format. Peter Nell
Some revisions.
2.0 13/12/2016 Incorporate JIG and Army comments. Peter Nell
Final internal revision.

2
 TABLE OF CONTENTS

EXECUTIVE SUMMARY ...............................................................................................................4

PREFACE .....................................................................................................................................6
INTRODUCTION ..........................................................................................................................6
PURPOSE AND APPLICABILITY ....................................................................................................6
CONTEXT ....................................................................................................................................7
ENDS ...........................................................................................................................................9
WAYS ........................................................................................................................................12
DELIVERING THE STRATEGIC OBJECTIVES ................................................................................13
MEANS .....................................................................................................................................18
ANNEX A: ENABLING OBJECTIVES ............................................................................................ 20

3
 EXECUTIVE SUMMARY

1. Introduction. Timely, relevant, consistent and accurate data is fundamental to

delivering trustworthy information in support of both business and military decision-making
processes. Agile exploitation of information capabilities to improve effectiveness and
efficiency on operations and in support areas, therefore, relies upon the availability of
quality data that is fit for purpose.

2. Current State. Currently, historical obstacles to providing high quality data

management remain and are compounded by the increasing and evolving requirement to
exploit data. This in turn limits the ability of Defence to gain the maximum value from the
data. Defence data management is characterised by:

a. A lack of data management policy.

b. No central governance or direction for data management.

c. Incoherence of data resulting in multiple and conflicting versions of the truth.

d. Numerous (in the case of personnel, over 300) non-authoritative bulk data
stores.

e. Inaccurate data.

3. Strategic Objectives. The Defence Data Management Strategy aims to lay the
foundation for effective data management across Defence by enabling the delivery of seven
strategic objectives:

a. SO1: Ensure that Defence data is properly governed and managed

throughout its life;

b. SO2: Ensure the authority of Defence data;

c. SO3: Ensure the accuracy, timeliness and trustworthiness of Defence data;

d. SO4: Ensure the coherence and consistency of Defence data;

e. SO5: Ensure the security of Defence data;

f. SO6: Ensure that Defence data is available to all who require access to it;

and

g. SO7: Enable the exploitation of new data technologies;

in order to deliver the following outcomes:

4
4. Outcomes. The outcomes to be delivered through the Defence Data Management
Strategy are:

a. Formal data governance and management operating coherently across

Defence.

b. Authoritative data made available for exploitation to all who require it and
who are authorised to have access to it, with the appropriate security and assurance
applied.

c. Defence data that is accurate, timely, trustworthy and made available for
exploitation.

d. Defence data that is used consistently across the Department.

5. Enabling Objectives. Enabling objectives for each of the strategic objectives are at
Annex A. These enabling objectives will be formalised into an implementation plan. Work
on delivering the enabling objectives is under way.

6. Benefits. Implementation of the strategy will deliver the following benefits:

a. Accurate information. Authoritative data sources, where data is maintained,

updated regularly and made available to users in accessible formats, will enable the
delivery of accurate information and support better decision making.

b. Reduced procurement costs. With the availability of authoritative data

sources, new applications will be quicker and easier to design, build and integrate and
the quality of new applications will increase.

c. Reduced maintenance costs. Authoritative data sources will cut system

maintenance as data structures and data definitions are fully understood, reduce the
number of unnecessary interfaces and decrease the significant duplication of effort
maintaining duplicate data sets.

5
 PREFACE

7. This Defence Data Management Strategy 2017 replaces the Defence Data
Management Strategy 2010. It is intended to lay the foundation for effective data
management across Defence, such that Defence data may be shared and exploited across
Defence.

8. The Defence Data Management Strategy has been presented to the Defence
Management Information Steering Group for endorsement. Once endorsed,
implementation of the Strategy will begin early 2017.

INTRODUCTION

9. Timely, relevant, consistent and accurate data is fundamental to delivering

trustworthy information in support of both business and military decision-making processes.
Agile exploitation of information capabilities to improve effectiveness and efficiency on
operations and in support areas, therefore, relies upon the availability of quality data that is
fit for purpose.

DEFINITION

10. Data Management is the development, execution and supervision of plans, policies,
programmes and practices that control, protect, deliver and enhance the value of data and
information assets. Evidence of good data management includes trustworthy data flowing
from authoritative sources to users through communication and information systems, using
common formats and open standards.

PURPOSE AND APPLICABILITY

INTENT

11. The Chief Digital and Information Officer’s (CDIO) intent is to establish access to and
direct the use of single sources of authoritative data1 (master data) owned by organisations
capable of producing and maintaining data of sufficient quality to meet the needs of
Defence. This will facilitate data sharing, accelerate the establishment of common standards
and remove the need to hold duplicate data (unless the consumer is authorised to do so),
with its attendant costs and constraints on exploitation.

VISION

12. The Defence data management vision is of a data environment (the Defence Data
Environment) that delivers timely, accurate and trustworthy authoritative data that meets
the needs of Defence, to be in place by 2021.

SCOPE

1 The primary characteristics of authoritative data are that the data must be: fit for purpose; accurate;
complete; timely and of the required standard of quality.

6
13. This strategy shall apply to all Defence enterprise critical data; that is, the data that
supports critical Defence processes, and which is used at Defence level and/or shared
between Top Level Budgets (TLBs)/Arms Length Bodies (ALBs). Such data is referred to in
this document as “Defence data”.

14. TLBs/ALBs are responsible for the management of data within the TLB/ALB. However
in this role they act in support of the Defence Data Authorities (DDA), and it is expected that
they will conform to Defence data management policies, and collaborate with the Defence
Authority for Management Information in improving data management across Defence.

CONTEXT

15. The Defence Data Management Strategy takes its direction from both the Defence
Information Strategy and the Defence Digital Transformation Strategy, and, through its
strategic objectives, provides the data management support for the higher level strategies.

16. The Defence Data Management Strategy provides the context for, and is supported
by, the MOD Data Management Framework, which provides guidance to Defence
organisations in implementing data management functions. TLBs/ALBs will need to develop
their own data management strategies and frameworks tailored to their specific business
need, but drawing on the Defence Data Management Strategy and MOD Data Management
Framework for guidance.

17. The following figure shows the relationship of the Defence Data Management Strategy
to other MOD strategies and frameworks:

Figure 1: Defence Data Management Strategy Relationships.

7
18. The Defence Data Management Strategy and MOD Data Management Framework will
be supported by the policies and standards (currently being revised) in the following Joint
Service Publications (JSPs):

a. JSP 440: The Defence Manual of Security.

b. JSP 441: Managing Information in Defence.

c. JSP 604: The Defence Manual for ICT.

CURRENT STATUS

19. Since the release of the first MOD Data Management Strategy in 2010 the Defence
data management landscape has changed. Historical obstacles to providing high quality
data management remain and are compounded by the increasing and evolving requirement
to exploit data. Big data and data science initiatives look to extract value from the
exponential increase in the volumes of data created and stored, but these approaches only
go to reinforce the need for data to be managed effectively in order to be able to extract
value from it.

20. The awareness and application of data management across the MOD has grown
significantly over the past six years with Defence leaders realising the power and benefits of
good data management implementation. With this increased awareness the MOD is
evolving into a more data-centric organisation, and with the application of better education,
improved governance and practical implementation of data management, good practices
are having positive effects, but major challenges remain and need to be overcome if the
MOD is to release the full potential of its data and information assets.

21. Information, Communication and Technology (ICT) systems remain constrained to

deliver solutions that can meet the expectations placed upon them and the legacy
landscape remains in place, including inherited database configurations and proprietary
solutions. With limited resources available to tackle these issues there is no silver bullet that
will solve all the problems at once. While these constraints remain this strategy provides a
vision and practical improvements for how Defence data management can extract the
maximum benefit from its data now and leading up to and beyond 2020.

22. Defence continues to re-create or modify the same data many times without
considering that inaccuracies that are introduced into the data by doing so. While the need
for authoritative data sources is recognised, little effort has been applied to create and
direct the use of these authoritative sources. The drive to use outsourced solutions also
creates problems, in that outsourced systems often use their own data structures and
suppliers are reluctant or charge exorbitantly to modify these to meet with Defence
standards that enable data sharing. This leads to bespoke solutions that struggle to
interoperate with existing capabilities and require additional data maintenance and
management through life with their inherent costs.

23. Data management policies exist but they are few and compliance is inconsistent.
There are institutional and cultural obstacles to the implementation of these policies
mandated through publications such as Joint Service Publications or by personnel outside

8
the chain of command. In short, unless leaders and staff consider adherence to such policies
to be a high priority the policies are rarely applied.

24. Unstructured data is now being seen as a major source of insight, and its management
and exploitation is of equal importance to the management and exploitation of structured
data. Indeed, the boundary between the two is becoming increasingly blurred: they are
complementary parts of the data continuum. While data management practices and
standards for structured data are well defined, the same is not true for unstructured data.
Metadata standards (in particular for the creation of an attribute data model 2 for
unstructured data) must be developed. This work will be included in the Defence Data
Management Strategy implementation plan. References in this data strategy should be
taken to mean both structured and unstructured data, unless specifically stated otherwise.

Figure 2: The Data Continuum.

ENDS

NEED FOR CHANGE

25. The MOD faces many challenges to exploit data to the degree required to support the
demands placed upon it. The Defence Information Strategy 2016 recognises the need to
transform MOD’s approach to information3 and that, in turn, this requires changes in the
data environment to ensure data is recognised and fostered as a corporate asset, is
exploited rather than hoarded and is managed in such a way as to facilitate the delivery of
data that is accurate, timely, authoritative and trustworthy. Deficient information, often a
by-product of unsound data, leads to flawed decisions wasting valuable resources, effort
and sometimes lives. MOD needs to take control of data management to give users
confidence in the information it produces.

2 The Entity Data Model (EDM) is a set of concepts that describe the structure of data, regardless of its stored
form.
3 “Data holdings across the Defence enterprise continue to grow exponentially. Defence needs to exploit the

potential of this data through timely and cost effective analysis to derive maximum value to inform our
evidence based decision making. ……. We must also act to improve data quality and access, establishing and
mastering those data sets upon which the Defence enterprise most depends. As we modernise, we need to
free data from the legacy (and often proprietary) applications in which it has been locked in order to enable its
wider and more dynamic exploitation. Separation through immediate, wholesale modernisation is not
necessary to achieve this, as it is also possible to dynamically extract information that is trapped within legacy
data representations.” Defence Information Strategy 2016.

9
26. System procurement must follow MOD policy on information exchange. Proprietary
solutions, particularly those solutions that use proprietary data schemas, are a main cause
of ineffective interoperability. Therefore, Defence must develop standard data schemas that
support the sharing and interoperability of data across the department, and to provide a
level of coherence and consistency across applications. In addition, due note must be taken
of government and international military taxonomies and standards (such as the NATO C3
taxonomy) and where appropriate, these taxonomies and standards must be adopted.

27. Data management needs appropriate levels of governance, with clear accountabilities
and responsibilities. An understanding of the provenance of and authority for data aids in its
interpretation and use. Where data is used across different business domains 4, a
collaborative approach with stakeholders will be employed to agree data standards and
definitions. Accountabilities and responsibilities for the maintenance and management of
authoritative data will be clear and those who do not fulfil their obligations will be
accountable to high authority. Defence Data Authorities (DDAs), TLBs and ALBs will be
audited to monitor compliance.

28. Organisations that structure themselves to implement quality processes are most
effective at producing good quality data. In practice data quality characteristics must be
balanced with each other and with the importance and intended use of the data concerned.
In some cases, data may be considered fit for purpose in spite of some known limitations:
for example, some degree of accuracy may be sacrificed in order to produce data more
quickly when this is a priority. If data quality limitations exist, providers will make these
limitations clear to the users of the data and any trade-off made between quality
characteristics will be justified in reference to wider Defence requirements. Clear and
checkable audit trails will exist. Metadata, which describes the attributes of the data (such
as the source, status or timestamp), will help users to understand data limitations.
International standards for data quality management exist (ISO/TS 8000). These standards
should be strongly considered when entering into data quality activities.

29. Industry, under current contracting arrangements, manages large sections of

information used by MOD. Explicit recognition of this role of Industry is necessary to bring
focus on the requirement to manage that data that has been missing in the past. Data
governance must include the requirement to manage the relationship between MOD and
Industry and policy is required covering how these obligations and responsibilities regarding
data will be encapsulated in contracts.

30. Big data and data science offer considerable potential for the exploitation of large
volumes of both structured and unstructured data. Big data storage technologies 5 offer
ways of handling large amounts of data, operating in tandem with more traditional
enterprise data warehouse technologies to improve the range of data available and drive
down costs. Currently big data is exploited in the intelligence community, and DSTL is

4 The Oxford English Dictionary defines domain as “a specified sphere of activity or knowledge”. Defence
business domains include Personnel, Finance, Logistics, Commercial, Infrastructure etc.
5 Such as the open source Hadoop®. Apache™ Hadoop® is an open source software project that enables

distributed processing of large data sets across clusters of commodity servers. It is designed to scale up from a
single server to thousands of machines, with a very high degree of fault tolerance. There are several
commercial products based upon Apache™ Hadoop®.

10
developing data science techniques for use within the Defence arena. However, at time of
writing, the MOD has no clear vision of how it will exploit the potential of big data and data
science. This vision needs to be defined and used as the basis for a Defence big data
strategy.

31. The Internet of Things (IoT) is revolutionising the way in which we interact with
everyday objects such as household appliances, not only to control the objects, but also to
allow the objects to learn from our use of them. Although Defence uses sensors in similar
ways, there is potential for IoT-like technology to be used, eg for the control of
autonomous weapons systems. The IoT needs to be examined in terms of data
management requirements.

BENEFITS

32. With the implementation of this Data Management Strategy and compliance to data
management policies MOD will drive down the cost of system procurement and
maintenance and improve support for decision making. Organisations should have a clear
focus on the delivery of:

a. Accurate Information. Authoritative data sources, where data is maintained,

updated regularly and made available to users in accessible formats, will enable the
delivery of accurate information and support better decision making.

b. Reduced Procurement Costs. With the availability of authoritative data

sources, new applications will be quicker and easier to design, build and integrate and
the quality of new applications will increase.

c. Reduced Maintenance Costs. Authoritative data sources will cut system

maintenance as data structures and data definitions are fully understood, reduce the
number of necessary interfaces and decrease the significant duplication of effort
maintaining duplicate data sets.

OUTCOMES

33. The outcomes to be delivered through the Defence Data Management Strategy are:

a. Formal data governance and management operating coherently across

Defence.

b. Authoritative data made available for exploitation to all who require it and
who are authorised to have access to it, with the appropriate security and assurance
applied.

c. Defence data that is accurate, timely, trustworthy and made available for
exploitation.

d. Defence data that is used consistently across the Department.

11
STRATEGIC OBJECTIVES

34. The aim of the Defence Data Management Strategy is to enable the delivery of the
following seven strategic objectives:

a. SO1: Ensure that Defence data is properly governed and managed

throughout its life;

b. SO2: Ensure the authority of Defence data;

c. SO3: Ensure the accuracy, timeliness and trustworthiness of Defence data;

d. SO4: Ensure the coherence and consistency of Defence data;

e. SO5: Ensure the security of Defence data;

f. SO6: Ensure that Defence data is available to all who require access to it;

and

g. SO7: Enable the exploitation of new data technologies;

in order to support information exploitation and enterprise wide interoperability, and to

realise information-led operating efficiencies.

WAYS

DEFENCE DATA MANAGEMENT CORE PRINCIPLES

35. The following principles shall apply to all Defence data management:

a. All Defence data6 must be subject to formal governance processes in

accordance with Defence data governance policy7.

b. All Defence data must be secured and protected in accordance with Defence
data security and protection policies8, and relevant government security and
protection policies9 and legislation.

c. All Defence data must be formally managed from creation to disposal. This
management process is known as data through life management.

6 As defined in para 24 below.

7 See http://cui6-uk.diif.r.mil.uk/r/1198/1/1/4/20161220-MOD%20Data%20Governance%20v2_3.docx for
detailed guidance on data governance within Defence.
8 Data placement decisions within the MoD Trust Model must be made against the risk posture that

represents the data as defined by the MoD Technical Information Assurance Architecture. (JSP 604 Part 1,
Volume 3).
9 See https://www.gov.uk/data-protection/the-data-protection-act.

12
 d. Wherever possible, only data from authoritative sources shall be used for
exploitation10 purposes. Competing, unauthorised versions of authoritative data must
not be created and used unless authorised by the relevant Defence Data Authority
(DDA).

e. The data custodians of authoritative data must make that data available for
sharing (by using Defence and open standards for consumable formats11) with
authorised data consumers for exploitation purposes.

f. Authoritative data provided to data consumers shall not be modified by those

consumers unless authorised by the data steward responsible for the data concerned.
Changes required to authoritative data will be made in the source systems to promote
consistent use and preservation of the “single version of the truth”.

DELIVERING THE STRATEGIC OBJECTIVES

SO1: ENSURING THAT DEFENCE DATA IS PROPERLY GOVERNED AND MANAGED

THROUGHOUT ITS LIFE

36. Overall responsibility for ensuring that Defence data is properly governed lies with the
CDIO in his role as Chief Data Officer and the Defence Authority for Information.
Responsibility for ensuring compliance with the data management strategy, data
management policies, standards and protocols is delegated to the Defence Authority for
Information (Management Information) (DAMI).

37. All new ICT systems provided through ISS or changes to those systems must be
approved by the ISS Design Authority Board. The DAMI is represented on the Design
Authority Board, and is responsible for setting the criteria for approval in respect of data
management. ICT projects are required to complete a questionnaire which is then
submitted to the weekly Design Authority Task Meeting (DATM) and scrutinised against data
management principles and policies to ensure compliance with this strategies strategic
intent and expected outcomes. Failure to demonstrate compliance will result in project
delays or closure.

38. A Defence Data Management Balanced Scorecard will require TLBs, FLCs and ALBs to
report on progress to achieving the data management strategic objectives. Additionally,
TLBs, FLCs and ALBs will submit an annual Holding to Account report to assess their maturity
and progress towards the strategic objectives.

39. Figure 3 shows the Defence Data Management governance and assurance structures.

10 In particular, for management information and analytical purposes.

11 Such as CSV, XML and ODF.

13
 Fig 3: Defence Data Management Governance and Assurance Structures.

40. Figure 4 shows the data governance hierarchy. The different roles of Data Stewards
and Information Asset Owners (IAOs) should be noted:

a. Data Stewards are responsible for the correct management of their data, and
for ensuring that the data meets the business requirement (is fit for purpose).

b. IAOs look to understand what information is held, what is added and what is
removed, how information is moved, and who has access and why.

These roles are complementary but not overlapping.

14
 Figure 4: Data Governance Hierarchy.

41. Defence data is a Defence asset; as such, it requires through life management from
creation to disposal. The relevant Data Custodians must carry out data through life
management planning for all Defence systems using data. Figure 5 shows the data lifecycle
and how through life management plans will be assessed.

Figure 5: Data Lifecycle.

15
42. Data management relationships with Industry must always be formalised, usually as
part of a contract. In particular, the contract for any administrative function must specify
that the data held and created by that administrative function is owned by MOD, and that
free access to that data will always be provided by the contractor. For data such as
technical data relating to the development of a new piece of equipment, ownership and
access requirements must be clearly specified in any contracts.

SO2: ENSURING THE AUTHORITY OF DEFENCE DATA

43. Defence consists of a number of business domains. Each domain is the responsibility
of a Defence Authority12 13. Defence Authorities are accountable to the Permanent
Secretary for the correct management of the data domains supporting their business
domains. In this role, they are known as Defence Data Authorities (DDAs). DDAs are
responsible for ensuring that TLBs/ALBs manage the data concerned in accordance with
Defence data management policies and standards14. From a Defence data management
perspective, it is critical to Defence that data from the following domains is authoritative:
Organisation; Finance; Personnel; Logistics; Capability; Contract; Portfolio, Programme and
Project; and Location. In order for the data to be authoritative it must be stored and
managed in such a way (“mastered” so as to provide (for each data domain) a single source
of the truth) – the master record or “golden record”. It is also important to maintain
previous versions of the master records for use in historical analysis such as trend
identification.

BUSINESS DOMAINS AND ASSOCIATED DEFENCE DATA AUTHORITIES

Business Domain Defence Data Authority
Organisation Director Corporate Strategy
Finance Director General Finance
Personnel Chief of Defence People
Logistics ACDS (Log Ops)
Capability DCDS Capability
Contract Director Commercial
Portfolio, Programme and Director General Head Office & Commissioning Services
Project
Location CDO Defence Infrastructure

SO3: ENSURING THE ACCURACY, TIMELINESS AND TRUSTWORTHINESS OF DEFENCE DATA

44. If data is to be exploited, particularly to support the decision making process, it is vital
that data is an accurate reflection of reality (the truth); that it is relevant and up to date
(timely); and that its accuracy and timeliness can be trusted. Therefore, all Defence data

12 There are, at time of writing, 17 DAs: Corporate Design, Financial Management and Approvals, People,
Health, Safety and Environmental Protection, Healthcare and Medical, Logistics, Capability Coherence,
Security, Commercial, Communications, Statistics, Information, Cyber and C4ISP, Public and Parliamentary
Accountability, Technical and Quality Assurance, Acquisition Systems.
13 With the exception of Defence Infrastructure, for which domain there is no Defence Authority.
14 This responsibility is usually delegated to data stewards within the TLBs/ALBs.

16
must be subject to data quality controls beginning at creation or the point of entry for each
data item, and carrying on throughout the life of the data. These data quality assurance
controls and measures must be in accordance with Defence data quality assurance policies,
standards and protocols, and their effectiveness must be measured according to standard
criteria across Defence.

SO4: ENSURING THE COHERENCE AND CONSISTENCY OF DEFENCE DATA

45. The use of common data definitions, schema and taxonomies is fundamental to
ensuring that Defence data is coherent, both within Defence, within Government and when
on multi-national operations (such as when part of a NATO force).

46. For the content and meaning of data to be consistent wherever it is used, it is most
important that the data, once extracted from the central repository (the single source of the
truth), is not altered in any way. In particular, local versions of authoritative data should not
be created, unless there is a specific business, operational or security reason for doing so,
and the duplication of the data is authorised by the relevant DDA.

47. When new data is required to meet the needs of Defence data consumers, the data
held in the central repository must be extended to include that requirement, and the data
sourced from the relevant authoritative sources.

SO5: ENSURING THE SECURITY OF DEFENCE DATA

48. Defence data must be protected from unauthorised activities15 in accordance with
Defence threat and risk appetite models16. Full guidance in this regard is contained the
MOD Technical Information Assurance Architecture17 and JSP 440 and this guidance must be
adhered to. However, this guidance must be regularly reviewed to ensure that it provides
protection against new threats to data security as they occur. Of equal importance is
Cabinet Office and Government Digital Service data security policy: this too must be
adhered to wherever applicable.

SO6: ENSURING THAT DEFENCE DATA IS AVAILABLE TO ALL WHO REQUIRE ACCESS TO IT

49. In order to exploit Defence data, data consumers must be able to access the data they
require in a timely and efficient way. It is therefore important that data providers ensure
that they make known what data they hold (within the constraints of security classifications)
and also that their data structures and definitions wherever possible conform with the
structures and standards within the Defence Data Management Architecture. If such
structures do not comply with the Defence Data Management Architecture, it is the
responsibility of the data provider to define the transforms required to ensure compatibility.

15 As defined in JSP 604, Part 1 Vol 3, Annex G para 1.

16 Protection is relative to risk appetite. Data placement within the MoD Trust Model as defined in JSP 604
Part 1 Vol 3 must be a risk decision made by Information Risk Owners.
17 JSP 604, Part 1 Volume 3.

17
SO7: ENABLING THE EXPLOITATION OF NEW DATA TECHNOLOGIES

50. Information technology is evolving at an ever increasing rate, and data management is
no exception. New capabilities and technologies are constantly emerging and some of
these offer potential to exploit data in new ways. For example, big data18 is already showing
great promise in the intelligence arena, and the new discipline of data science 19 brings
together a variety of skills all of which are focused on greater exploitation of data. Defence
must constantly monitor these capabilities and technologies as they emerge and identify
those that have potential for use in managing and exploiting Defence data. For those that
do have such potential, such as big data and data science, Defence must develop plans so
that the capabilities and technologies are incorporated into Defence data management best
practice.

ENABLING OBJECTIVES

51. The table at Annex A shows the objectives which enable the delivery of the strategic
objectives. Some of these enabling objectives are, at time of writing, already in place;
others are in the process of being delivered. It is likely that more enabling objectives will be
required in the future.

MEANS

52. Main Effort. The main effort of the Data Management Strategy is to:

a. Enable the provision of authoritative data to support operations and the

business of Defence.

b. Mitigate the Defence and subordinate risks associated with poor data
management.

53. Strategy Governance.

a. Custodianship of the Strategy. Defence Authority for Information

(Management Information) are the custodians for the Strategy. The latest version of
the Strategy may be found in the DAMI Knowledge Base at
http://defenceintranet.diif.r.mil.uk/Organisations/Orgs/JFC/Organisations/Orgs/CIO/is
s/Pages/DefenceManagementInformationKnowledgeBase.aspx.

b. Authorship. Overall responsibility for the drafting of this Strategy lies with
the Defence Authority for Information (Management Information).

18 Big data is a broad term for data sets so large or complex that traditional data processing applications are
inadequate. Big data sets often consist of unstructured data such as images, documents, social media snippets
etc.
19 Data science is an interdisciplinary field about processes and systems used to extract knowledge or insights

from data in various forms, either structured or unstructured.

18
 c. Consultation. The final draft of the Strategy will be circulated for comment
to the stakeholders listed below, before being finalised.

d. Endorsement. The Strategy will be presented to the Defence Management

Information Steering Group for endorsement.

e. Review. The Strategy will be reviewed annually.

54. Implementation Plan. This Strategy provides seven Defence data strategic objectives,
supported by associated enabling objectives. A plan of tasks required in order to meet
these objectives will be developed by the Defence Authority for Information and
implemented over the next five years. Work is already in hand in some areas (governance,
policy, master data and general planning).

55. Roles and Responsibilities. The roles and responsibilities associated with delivering
the Data Management Strategy are at Annex B.

56. Assessing Progress. Assessment of progress will be made through key performance
indicators incorporated into the Defence Data Management Balanced Scorecard. The key
performance indicators will be developed by the Defence Authority for Information.

Annexes:

A. Enabling Objectives.

B. Roles and Responsibilities.

19
 ANNEX A TO
DEFENCE DATA MANAGEMENT STRATEGY
DATED JANUARY 2017

ENABLING OBJECTIVES

ENABLING OBJECTIVE COMMENT

SO1: Ensuring that Defence data is properly governed and managed throughout its life
EO1.1 Establishment of an effective data governance regime, spanning Defence and Effective governance is the foundation of data management. The Defence
reaching down to individual systems. Authority for Information is responsible for:

• Data governance at the Defence Level.

• Development, implementation and maintenance of a Defence Data Governance
Target Operating Model
• Auditing data governance regimes in TLBs and ALBs to ensure compliance with
Defence data management policies, standards and protocols.
• Definition of data related questions for embedding in the Defence Assurance Risk
Tool.

The Defence Assurance Risk Tool will be used to manage the risks associated with
the implementation of the Defence Data Management Strategy, Defence data risks
and to drive the coherent use of Defence data.

EO1.2 Develop and implement a plan for supporting the exploitation of Defence In order to deliver the Defence data management strategic objectives, considerable
data. work will be required across Defence. Development of a Defence data plan will
ensure that these tasks are planned coherently, in an agile manner so that delivery
of the outputs builds on previous task outputs, yet each task is self-contained and
delivers benefit in its own right.

EO1.3 Development, promulgation and maintenance of a set of data policies and Defence data governance must be supported by data management policies and
standards that supports the strategic Defence data management objectives. standards developed in collaboration with stakeholders. Areas for policies and
standards include:

20
 ENABLING OBJECTIVE
EO1.4 Development, promulgation and maintenance of guidance for Defence
Authorities in their roles as Defence Data Authorities.
EO1.5 The development and maintenance of a Defence Data Balanced Scorecard.
EO1.6 Develop and maintain a Defence Data Management Maturity Model.
EO1.7 The development of a through life data management plan20 by all Defence
data systems, describing how the quality of the data concerned will be assured
throughout its life.
20 The data life cycle is: creation/collection; processing; analysis; publishing (for use); archiving; re-use; and disposal.
21
COMMENT
• Use of authoritative data.
• Use of standard taxonomies, such as government taxonomies and NATO C3
taxonomies.
• Compliance with data legislation.
• Data quality assurance.
• Data security.
• Use of standard data definitions and other data standards.
• Sharing of data.
• Unstructured data.
• Big data.
• The management and contractual responsibilities surrounding data shared
between the MOD and Industry.
Defence Authorities (as owners of the Defence business domains) play a critical role
in the governance of Defence data. Defence Authorities are the data process
owners for the data associated with their business domain, and, as such, are
accountable to the Permanent Secretary for the proper management of that data.
However, in order to ensure that the data process owner role is carried out
coherently across Defence, it is necessary that guidance on how to execute the role
is provided to the Defence Authorities.
The Defence Data Balanced Scorecard will provide a reporting tool (for the Defence
MI Steering Group) on progress with implementation of the Defence Data Plan. The
Defence Authority for Information (through the Defence Data Management Working
Group) will develop and manage the Defence Data Balanced Scorecard.
This model will allow assessments to be made of the maturity of data management
regimes across Defence.
Through life data management plans formalize how data will be managed and
quality assured within systems, and will be audited and approved by The Defence
Authority for Information, as part of the project approvals process. Existing systems
 ENABLING OBJECTIVE COMMENT
will be required to develop through life data management plans, which will also
require approval from the Defence Authority for Information.

SO2: Ensuring the authority of Defence data

EO2.1 Development of a protocol for the identification of authoritative sources of In order for MI developers to use authoritative data, they must know what data
data. sources are authoritative, and how to gain access to those sources. A protocol is
required that defines what an authoritative data source is, lists those that are
authoritative, and gives guidance as to how to gain access to the data. The output
from this protocol will be held in the Defence Data Source Catalogue, described
below.

EO2.2 Development and implementation of a Defence Master Data21 Service Mastering data is the best way of providing data that is authoritative, accurate,
(DMDS). timely and trustworthy. The Defence Master Data Service will be developed
incrementally, over the life of this strategy, in accordance with the priorities laid
down by the Defence Data Management Working Group and endorsed by the
Defence Management Information Steering Group.

EO2.3 Develop and implement a plan to reduce bulk data holdings across Defence.
There are numerous unauthorised bulk data repositories across Defence (over 300
in the personnel domain). These bulk data repositories are inconsistent, inaccurate
and untrustworthy and must be removed. Master Data services will provide a viable
alternative to them, but their removal must be planned for and then the plan must
be implemented.

SO3: Ensuring the accuracy, timeliness and trustworthiness of Defence data

EO3.1 Provision and implementation of standard data quality 22 assurance tools and Standard data quality assurance tools and methods (such as ISO/TS 8000) will
methods. support data quality assurance policies and standards coherently. Furthermore,
using standard tools and methods will enable economies of scale, resulting in
savings.

21 Master data is the consistent and uniform set of identifiers and extended attributes that describes the core entities of the enterprise including people, organisations,
finances, locations, commercial aspects, logistics and infrastructure, among others.
22 Data quality is a perception or an assessment of data's fitness to serve its purpose in a given context. Putting information in front of decision makers is one thing, but

they need to be assured that the underlying data is of the required quality, that it is fit for purpose, as accurate as it needs to be.

22
 ENABLING OBJECTIVE COMMENT

EO3.2 Develop, implement and maintain of a set of metrics measuring key data These metrics will enable consistent measurement of data quality throughout
quality performance indicators. Defence. The metrics will be incorporated in the Defence Data Management
Balanced Scorecard.

EO3.3 Develop, implement and maintain a Defence Data Quality Maturity Model. This model will allow assessments to be made of the maturity of data quality
regimes across Defence.

SO4: Ensuring the coherence and consistency of Defence data

EO4.1 Develop and maintain standard data dictionaries, schemas and taxonomies These, once developed, will be held in the Defence Data Management Reference
for use across Defence. Architecture and mandated for use by new systems. In service systems will be
required to migrate towards use of the standards. This will greatly assist with the
sharing of data.

EO4.2 Ensure coherence with government and international data taxonomies, This will support interoperability with systems beyond UK Defence boundaries.
schemas and standards.

EO4.3 Develop, implement and maintain a Defence Data Reference Architecture23
framework and repository, based upon the Reference Data Manager.
EO4.4 Develop and maintain a Defence Enterprise Data Model.
The Defence Data Reference Architecture repository will contain all aspects of the
Defence Data Architecture, including standard data definitions, corporate data
models etc. Access to the Defence Data Architecture will be provided through the
Defence Information Reference Model (DIRM)24.
The Defence Enterprise Data Model will form part of the Defence Data Management
Architecture and will represent logical structure of the master data provided by the
Defence Master Data Service. The Defence Enterprise Data Model will be
developed incrementally, as a part of the Defence Master Data Service development
process.

23 A data architecture consists of components that provide a consistent foundation across organisational boundaries to provide easily identifiable, readily available, high-quality data
to support the current and future business information demand.
24 The Defence Information Reference Model (DIRM) is a framework portal. Currently unmaintained, it contains information and links regarding all aspects of Defence

information.

23
 ENABLING OBJECTIVE COMMENT
EO4.5 Develop and maintain a Defence Enterprise Attribute Data Model. The Defence Enterprise Attribute Data Model will form part of the Defence Data
Management Architecture and will provide attribute details for Defence
unstructured data. The Defence Enterprise Attribute Data Model will be developed
incrementally.

EO4.6 Capture Defence MI data needs profile. The Defence Authority for Information will analyse MI systems across Defence to
capture what data is required for MI needs.

EO4.7 Enable closer collaboration with industry. The Defence Authority for Information will establish a MOD/Industry data
management forum.

SO5: Ensuring the security of Defence data

EO5.1 Ensure the security of Defence data. Defence data must be protected from unauthorised access, malicious attack and
cyber warfare. Defence data security policies and standards (JSP 440 and 604) must
be reviewed regularly to ensure the policies and standards are fit for purpose. Input
to the Cabinet Office and Government Digital Service policy development and
review regimes must be provided to ensure the policies are workable for Defence.
Data security (compliance with JSPs 440 and 604) must form part of new systems’
data through life data management plans, which in turn form part of the project
approval requirements. Systems must be audited to ensure ongoing compliance
with JSPs 440 and 604.

EO5.2 Provide support for data aspects of cyber warfare planning. Both offensive and defensive, as required.

SO6: Ensuring that Defence data is available to all who require access to it
EO6.1 Develop, implement and maintain capabilities that provide data extraction The ability to efficiently transport data from authoritative data sources to data
from data source, data transport and data loading into the consumer system, as a consumers is fundamental to the effective sharing of data. Given the size and
service. geographical reach of the MOD, provision of data transport capabilities is even more
important.

EO6.2 Develop and maintain a Defence Data Source Catalogue. The DDSC will show all authoritative data sources within Defence, together with
guidance on how to access data in those sources. The Defence Data Source
Catalogue will form part of the Defence Data Reference Architecture.

24
 ENABLING OBJECTIVE COMMENT
EO6.3 Provide support for international initiatives for the sharing of operational Defence must ensure that data can be shared with our allies. This is best done by
data. participating in international information and data interoperability initiatives,
particularly within NATO and with the USA.

SO7: Enabling the exploitation of new data technologies

EO7.1 Develop a big data exploitation plan. Big data exploitation is maturing rapidly, and offers considerable potential. Defence
must take a coherent approach towards how it exploits big data, and formally plan
its approach for the life of this strategy.

EO7.2 Provide input to JFC big data initiative. JFC are planning to establish (in collaboration with DSTL) a centre of excellence for
big data exploitation. The Defence Authority for Information will provide input to
this endeavour where required.

EO7.3 Develop protocols and standards for the meta tagging of unstructured data. These protocols and standards will be developed in collaboration with JFC, DSTL and
the intelligence community.

EO7.4 Develop a career path for data scientists within MOD. The discipline of data science is becoming ever more important in the development
of high quality MI. A career path for data scientists must be developed within
Defence if Defence is not to be dependent on consultants and contractors to deliver
this capability.

EO7.5 Establish a big data partnership with university. This partnership will provide access to leading edge research into big data.

EO7.6 Maintain awareness of emerging data technologies. Data technology is evolving very rapidly and in order to ensure that Defence is in a
position to exploit these new technologies as they appear, Defence must monitor
new developments as they appear.

25
 ANNEX B TO
DEFENCE DATA MANAGEMENT STRATEGY
DATED JANUARY 2017

ROLES AND RESPONSIBILITIES

ORGANISATION ROLES AND RESPONSIBILITIES

CDIO (through DAMI) • Manage the risk associated with the implementation of the Defence Data
Management Strategy.

• Champion authoritative data sources and provide guidance and support to

DDAs and TLBs/ALBs and organisations using data in the implementation of
new systems or extension of existing systems.

• Provide strategic direction and high-level governance to ensure all

organisations carry out data management activity consistently, coherently
and efficiently.

• Formulate and publicise policies and procedures directing use of

authoritative data.

• Sponsor and deliver the Defence Data Management Reference Architecture

(DDMRA).

• Advise and scrutinise organisations and projects that are required to use
and share data throughout Defence.

• Assist DDAs, data stewards and working groups to orchestrate activities

intended to make single sources of authoritative data available.

Defence Data Authorities • Be accountable to the Permanent Secretary for ensuring that data within
their business domain is managed in accordance with data management
policies, standards and protocols.

• Be responsible for ensuring that effective data management takes place

within their business domain.

• In collaboration with TLBs and ALBs, appoint data stewards in each TLB and
ALB to carry out day-to-day data management tasks.

• Report to CDIO and the Permanent Secretary on the state of data

management in their business domains.

• Champion the use of the data in their business domain.

• Set the corporate requirement for data in their business domain.

• Ensure that data definitions specific to their business domains are stored
and maintained in the Defence Data Management Architecture.

• Create and implement business domain-specific data policies and standards

conformant with Defence data management policies and standards.

26
 ORGANISATION ROLES AND RESPONSIBILITIES
• Ensure the quality of their data through setting quality targets, standards
and policies, and driving initiatives to improve data quality.

• Identify authoritative data sources in their business domains and ensure

that this information is supplied to the Defence Data Management
Architecture for publication.

• Put in place appropriate data management processes and governance

conformant with Defence data management policies and standards.

• Define, assure and make available master data as required from their
business domain in standard, useable ways and formats.

• Prioritise changes to data systems in their business domains.

• Authorise or deny access to data.

• Provide representation to the Defence Data Management Working Group.

TLBs/ALBs • Oversee control and governance of activities within their areas of

responsibility.

• Identify, agree and promote authoritative data to agreed standards and of

suitable quality to meet the needs of Defence.

• Provide appropriate governance around the production of authoritative

data.

• Work to remove competing non-authoritative sources of data.

• Capture and share evidence of efficiencies and benefits realised through the
use of authoritative data.

• Provide advice to organisations using their data in the implementation of

new systems or extension of existing systems.

• In collaboration with DDAs, identify and empower data stewards.

Data Stewards • Carry out data management tasks as delegated by DDAs.

• Commit their organisations to data quality, providing leadership and

implementing internal governance processes that ensure authoritative data
meets agreed quality standards.

• Incorporate responsibilities for data quality within job descriptions,

performance monitoring and appraisal reporting and ensure that staff are
adequately aware, trained and resourced to meet their data quality
objectives.

• Implement processes and systems that prevent unauthorised data changes,

minimise erroneous data entry and assure the quality of data collection,
analysis and reporting.

27
 ORGANISATION ROLES AND RESPONSIBILITIES
• Regularly review data provision and report on their service delivery to the
appropriate Defence Data Authority.

• Provide appropriate metadata for publication within the Defence Data

Management Architecture25.

• Provide advice on relevance, quality and interpretation of corporate data

requirements and data definitions.

• Ensure the quality of their data through developing governance, policies,

standards, metrics, and procedures that are conformant with Defence data
management policies and standards.

• Monitor and enforce data policies and practices within TLBs/ALBs and
resolving data issues as they occur.

• Maintain and share TLB/ALB specific data management architectures, data

models, specifications and lessons learnt.

• Engage with their counterparts in other TLBs/ALBs through the 1* Defence

Management Information Steering Group and the Defence Data
Management Working Group and be an integral part of relevant working
groups.

• Appoint and coordinate subject matter experts to help them undertake

their responibilities.

• Sponsor and lead working groups to resolve issues affecting the communal
use of data.

• Clearly articulate the priority they place upon data management and include
data management compliance in reporting arrangements.

Information Asset • Lead and foster a culture that values, protects and uses information for the
Owners26, 27,28 good of Defence.

25 Until the Defence Data Management Reference Architecture is established, metadata should be provided to
the Reference Data Manager.
26 “Information Asset Owners (IAOs) must be senior/responsible individuals involved in running the relevant

business. Their role is to understand what information is held, what is added and what is removed, how
information is moved, and who has access and why. As a result they are able to understand and address risks to
the information, and ensure that information is fully used within the law for the public good. They provide a
written judgement of the security and use of their asset annually to support the audit process.” Guidance on the
IAO Role Version 1.2, The Cabinet Office, Oct 2013.
https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/365742/Guidance_on_the_IAO
_Role.pdf
27 Further information is available in JSP 440 Part 6: Information Security.
28 Drawn from Guidance on the IAO Role Version 1.2, The Cabinet Office, Oct 2013. Further guidance on the

responsibilities may be found in

28
 ORGANISATION ROLES AND RESPONSIBILITIES
• Know what information the asset holds, and what enters and leaves it and
why.

• Know who has access to the asset and why, and ensure their use of the
asset is monitored.

• Understand and address risks to the asset, and provide assurance to the
Senior Information Risk Owner.

• Ensure the asset is fully used for the public good, including responding to
access requests.

• Collaborate with data stewards in protecting the data.

All organisations • Use DDMRA29 data definitions. Where the Data Management Architecture
implementing new does not contain a suitable definition, organisations will propose a new
systems or extending definition for inclusion in the DDMRA.
existing systems
• Carry out a data discovery exercise in order to determine whether pre-
existing data is fit for the business purpose. If not, take remedial action.

• Consult data stewards when deciding whether existing data may be

modified or a new data source created.

• Justify full through life costs of acquiring, holding and maintaining new data
sources when seeking waivers.

• Submit a data through life management plan to the Defence Data Authority
for Information for scrutiny and approval.

29Until the Defence Data Management Reference Architecture is established, data definitions from the
Reference Data Manager should be used.

29