diff --git a/controllers/project.js b/controllers/project.js index 4ccd5fa..3653cd0 100644 --- a/controllers/project.js +++ b/controllers/project.js @@ -100,7 +100,8 @@ async function createProject(projectData, userId) { // Clone the dimensions of the assessment into the project's assessmentData field projectData.assessmentData = { - dimensions: assessment.dimensions + dimensions: assessment.dimensions, + levels: assessment.levels }; // Create a new project instance const project = new Project(projectData); diff --git a/index.js b/index.js index 6947184..b24e02c 100644 --- a/index.js +++ b/index.js @@ -42,9 +42,8 @@ db.once('open', function() { const logger = require('morgan'); app.use(logger('dev')); -// Middleware for parsing incoming requests -app.use(express.json()); -app.use(express.urlencoded({ extended: false })); +app.use(express.json({ limit: '10mb' })); +app.use(express.urlencoded({ limit: '10mb', extended: true })); // Other middleware and setup code... diff --git a/lib/docxBuilder.js b/lib/docxBuilder.js index 0802cc9..70aeebc 100644 --- a/lib/docxBuilder.js +++ b/lib/docxBuilder.js @@ -373,7 +373,7 @@ function createHeatmapTable(data, levelKeys, title = "Dimension") { children: [ new Paragraph({ children: [ - new TextRun( { + new TextRun({ text: level, color: "FFFFFF", verticalAlign: "center", @@ -399,7 +399,7 @@ function createHeatmapTable(data, levelKeys, title = "Dimension") { if (Array.isArray(data.dimensions)) { // Handle dimensions data.dimensions.forEach((dimension) => { - if (dimension.userProgress && Array.isArray(dimension.userProgress.levelCoveragePercent)) { + if (dimension.userProgress && typeof dimension.userProgress.levelCoveragePercent === 'object') { const rowCells = [ new TableCell({ children: [ @@ -414,8 +414,8 @@ function createHeatmapTable(data, levelKeys, title = "Dimension") { fill: colors.lightGrey, }, }), - ...dimension.userProgress.levelCoveragePercent.map((levelObject, index) => { - const percentage = levelObject[index + 1] || 0; + ...levelKeys.map((_, index) => { + const percentage = dimension.userProgress.levelCoveragePercent[index + 1] || 0; let cellContent = `${percentage}%`; let shadingColor = colors.lightGrey; @@ -452,7 +452,7 @@ function createHeatmapTable(data, levelKeys, title = "Dimension") { ); } }); - } else if (data.userProgress && Array.isArray(data.userProgress.levelCoveragePercent)) { + } else if (data.userProgress && typeof data.userProgress.levelCoveragePercent === 'object') { // Handle a single activity or dimension const rowCells = [ new TableCell({ @@ -468,8 +468,8 @@ function createHeatmapTable(data, levelKeys, title = "Dimension") { fill: colors.lightGrey, }, }), - ...data.userProgress.levelCoveragePercent.map((levelObject, index) => { - const percentage = levelObject[index + 1] || 0; + ...levelKeys.map((_, index) => { + const percentage = data.userProgress.levelCoveragePercent[index + 1] || 0; let cellContent = `${percentage}%`; let shadingColor = colors.lightGrey; @@ -568,24 +568,16 @@ function createActivityQuestionsTables(activity, levelKeys) { const paddingSize = 100; // Size in twips (1/20 of a point) - const createTableRows = (statements) => { - return statements.map(statement => { - const level = statement.associatedLevel; - const levelColor = levelColors[level] || colors.lightGrey; // Default to light grey if no level color + const createTableRows = (questions) => { + return questions.map(question => { + console.log(question); + const level = question.userAnswer?.level || 0; + const levelColor = levelColors[level] || colors.lightGrey; const cells = [ + // Question Column new TableCell({ - children: [new Paragraph({ - children: [ - new TextRun( { - text: levelKeys[level - 1], - color: "FFFFFF", - }) - ], - })], - shading: { - fill: levelColor, - }, + children: [new Paragraph(question.text)], margins: { top: paddingSize, bottom: paddingSize, @@ -594,8 +586,13 @@ function createActivityQuestionsTables(activity, levelKeys) { }, verticalAlign: "center", }), + // User Answer Column new TableCell({ - children: [new Paragraph(statement.text)], + children: [new Paragraph({ + text: question.userAnswer?.text + ? question.userAnswer.text + : "No answer", + })], margins: { top: paddingSize, bottom: paddingSize, @@ -604,25 +601,26 @@ function createActivityQuestionsTables(activity, levelKeys) { }, verticalAlign: "center", }), + // Level Column new TableCell({ - children: [ - new Paragraph({ - text: statement.userAnswer - ? (statement.userAnswer.answer === statement.positive ? "✔" : "✗") - : "-", - alignment: AlignmentType.CENTER, // Center the text in the paragraph - }), - ], + children: [new Paragraph({ + text: level ? levelKeys[level - 1] : 'No Level', + color: "FFFFFF", + })], + shading: { + fill: levelColor, + }, margins: { top: paddingSize, bottom: paddingSize, left: paddingSize, right: paddingSize, }, - verticalAlign: "center", // Ensure the content is vertically centered + verticalAlign: "center", }), + // Notes Column new TableCell({ - children: [new Paragraph(statement.userAnswer && statement.userAnswer.notes ? statement.userAnswer.notes : "-")], + children: [new Paragraph(question.userAnswer?.notes || "-")], margins: { top: paddingSize, bottom: paddingSize, @@ -637,7 +635,6 @@ function createActivityQuestionsTables(activity, levelKeys) { }); }; - // Function to create a complete table with a heading and rows const createTableWithHeading = (headingText, rows) => { const heading = new Paragraph({ text: headingText, @@ -649,8 +646,8 @@ function createActivityQuestionsTables(activity, levelKeys) { new TableCell({ children: [ new Paragraph({ - text: "Level", - alignment: AlignmentType.CENTER, // Center the text in the paragraph + text: "Question", + alignment: AlignmentType.CENTER, }), ], shading: { @@ -661,8 +658,8 @@ function createActivityQuestionsTables(activity, levelKeys) { new TableCell({ children: [ new Paragraph({ - text: "Question", - alignment: AlignmentType.CENTER, // Center the text in the paragraph + text: "Answer", + alignment: AlignmentType.CENTER, }), ], shading: { @@ -673,8 +670,8 @@ function createActivityQuestionsTables(activity, levelKeys) { new TableCell({ children: [ new Paragraph({ - text: "Achieved", - alignment: AlignmentType.CENTER, // Center the text in the paragraph + text: "Level", + alignment: AlignmentType.CENTER, }), ], shading: { @@ -686,7 +683,7 @@ function createActivityQuestionsTables(activity, levelKeys) { children: [ new Paragraph({ text: "Notes", - alignment: AlignmentType.CENTER, // Center the text in the paragraph + alignment: AlignmentType.CENTER, }), ], shading: { @@ -708,25 +705,14 @@ function createActivityQuestionsTables(activity, levelKeys) { return [heading, table]; }; - // Filter statements by level - const currentLevelStatements = activity.statements.filter(statement => statement.associatedLevel === activity.userProgress.achievedLevel); - const nextLevelStatements = activity.statements.filter(statement => statement.associatedLevel === activity.userProgress.achievedLevel + 1); - const higherLevelStatements = activity.statements.filter(statement => - statement.associatedLevel > activity.userProgress.achievedLevel + 1 && - (statement.userAnswer && (statement.userAnswer.answer !== undefined || statement.userAnswer.notes)) - ); + // Generate table rows for all questions in the activity + const questionRows = createTableRows(activity.questions); - // Create tables for each level - const currentLevelTable = createTableWithHeading("Current state at achieved level", createTableRows(currentLevelStatements)); - const nextLevelTable = createTableWithHeading("Progress towards next level", createTableRows(nextLevelStatements)); - const higherLevelTable = createTableWithHeading("Answers/Notes from higher levels", createTableRows(higherLevelStatements)); + // Create a table with heading for the questions and answers + const questionTable = createTableWithHeading("Activity Questions and Answers", questionRows); - // Return all tables combined - return [ - ...currentLevelTable, - ...nextLevelTable, - ...higherLevelTable, - ]; + // Return the table as the output + return questionTable; } function checkFileExists(filePath) { @@ -775,6 +761,10 @@ function getPublicationYear() { async function generateDocxReport(projectData,owner,template = "template") { let levelKeys = ["Initial", "Repeatable", "Defined", "Managed", "Optimising"]; + const assessmentData = projectData.assessmentData; + if (assessmentData.levels) { + levelKeys = assessmentData.levels; + } // Create sections const metadataSection = createMetadataSection(projectData); @@ -857,106 +847,4 @@ async function generateDocxReport(projectData,owner,template = "template") { } } -/* - // Combine all sections into one document - const doc = new Document({ - styles: { - paragraphStyles: [ - { - id: "Title", - name: "Title", - basedOn: "Normal", - next: "Normal", - quickFormat: true, - run: { - font: "Helvetica", - size: 48, // 24pt - bold: false, - color: colors.darkblue, - }, - paragraph: { - alignment: AlignmentType.CENTER, - spacing: { after: 400 }, - }, - }, - { - id: "Heading1", - name: "Heading 1", - basedOn: "Normal", - next: "Normal", - quickFormat: true, - run: { - font: "Helvetica", - size: 36, // 18pt - bold: true, - color: colors.darkblue, - }, - paragraph: { - spacing: { before: 500, after: 300 }, - }, - }, - { - id: "Heading2", - name: "Heading 2", - basedOn: "Normal", - next: "Normal", - quickFormat: true, - run: { - font: "Helvetica", - size: 32, // 16pt - bold: true, - color: colors.darkblue, - }, - paragraph: { - spacing: { before: 500, after: 300 }, - }, - }, - { - id: "Heading2", - name: "Heading 2", - basedOn: "Normal", - next: "Normal", - quickFormat: true, - run: { - font: "Helvetica", - size: 28, // 16pt - bold: true, - color: colors.darkblue, - }, - paragraph: { - spacing: { before: 300, after: 200 }, - }, - }, - { - id: "Normal", - name: "Normal", - quickFormat: true, - run: { - font: "Helvetica", - size: 24, // 12pt - }, - paragraph: { - spacing: { before: 200, after: 200 }, - }, - }, - ], - }, - sections: [ - { - properties: {}, - children: [ - ...metadataSection, - ...maturitySection, - ...heatmapSection, - ...dimensionSections, - ], - }, - ], - }); - - - return doc; -} - */ - module.exports = { generateDocxReport }; diff --git a/models/assessment.js b/models/assessment.js index 7b61f95..ea0f579 100644 --- a/models/assessment.js +++ b/models/assessment.js @@ -29,21 +29,26 @@ const statementSchema = new mongoose.Schema({ }], associatedLevel: { type: Number - }, - positive: { - type: Boolean } }, { _id: false }); +// Define the question schema +const questionSchema = new mongoose.Schema({ + text: { + type: String + }, + context: { + type: String + }, + statements: [statementSchema] +}, { _id: false }); + // Define the activity schema const activitySchema = new mongoose.Schema({ title: { type: String }, - statements: [statementSchema], - questions: { - type: mongoose.Schema.Types.Mixed - } + questions: [questionSchema] // Array of questions }, { _id: false }); // Define the dimension schema @@ -110,6 +115,9 @@ const assessmentSchema = new mongoose.Schema({ default: false, // Default value is false (not public) required: true }, + levels: { + type: [String], // Array of strings representing levels + }, readOnly: { type: Boolean, default: false, // Default value is false (not public) diff --git a/package-lock.json b/package-lock.json index 9034ae8..c230571 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,23 +1,26 @@ { "name": "maturity.theodi.org", - "version": "0.7.0", + "version": "2.0.0", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "maturity.theodi.org", - "version": "0.7.0", + "version": "2.0.0", "license": "ISC", "dependencies": { "@hubspot/api-client": "^11.1.0", "bcrypt": "^5.1.1", + "cheerio": "^1.0.0", "cors": "^2.8.5", + "csv-parse": "^5.5.6", "csv-parser": "^3.0.0", "docx": "^8.5.0", "dotenv": "^16.4.5", "ejs": "^3.1.8", "express": "^4.18.2", "express-session": "^1.17.3", + "fs": "^0.0.1-security", "json2csv": "^6.0.0-alpha.2", "mongoose": "^8.2.1", "morgan": "^1.10.0", @@ -403,9 +406,9 @@ } }, "node_modules/body-parser": { - "version": "1.20.2", - "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.2.tgz", - "integrity": "sha512-ml9pReCu3M61kGlqoTm2umSXTlRTuGTx0bfYj+uIUKKYycG5NtSbeetV3faSU6R7ajOPw0g/J1PvK4qNy7s5bA==", + "version": "1.20.3", + "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.3.tgz", + "integrity": "sha512-7rAxByjUMqQ3/bHJy7D6OGXvx/MMc4IqBn/X0fcM1QUcAItpZrBEYhWGem+tzXH90c+G01ypMcYJBO9Y30203g==", "dependencies": { "bytes": "3.1.2", "content-type": "~1.0.5", @@ -415,7 +418,7 @@ "http-errors": "2.0.0", "iconv-lite": "0.4.24", "on-finished": "2.4.1", - "qs": "6.11.0", + "qs": "6.13.0", "raw-body": "2.5.2", "type-is": "~1.6.18", "unpipe": "1.0.0" @@ -504,6 +507,46 @@ "url": "https://github.com/chalk/chalk?sponsor=1" } }, + "node_modules/cheerio": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/cheerio/-/cheerio-1.0.0.tgz", + "integrity": "sha512-quS9HgjQpdaXOvsZz82Oz7uxtXiy6UIsIQcpBj7HRw2M63Skasm9qlDocAM7jNuaxdhpPU7c4kJN+gA5MCu4ww==", + "dependencies": { + "cheerio-select": "^2.1.0", + "dom-serializer": "^2.0.0", + "domhandler": "^5.0.3", + "domutils": "^3.1.0", + "encoding-sniffer": "^0.2.0", + "htmlparser2": "^9.1.0", + "parse5": "^7.1.2", + "parse5-htmlparser2-tree-adapter": "^7.0.0", + "parse5-parser-stream": "^7.1.2", + "undici": "^6.19.5", + "whatwg-mimetype": "^4.0.0" + }, + "engines": { + "node": ">=18.17" + }, + "funding": { + "url": "https://github.com/cheeriojs/cheerio?sponsor=1" + } + }, + "node_modules/cheerio-select": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/cheerio-select/-/cheerio-select-2.1.0.tgz", + "integrity": "sha512-9v9kG0LvzrlcungtnJtpGNxY+fzECQKhK4EGJX2vByejiMX84MFNQw4UxPJl3bFbTMw+Dfs37XaIkCwTZfLh4g==", + "dependencies": { + "boolbase": "^1.0.0", + "css-select": "^5.1.0", + "css-what": "^6.1.0", + "domelementtype": "^2.3.0", + "domhandler": "^5.0.3", + "domutils": "^3.0.1" + }, + "funding": { + "url": "https://github.com/sponsors/fb55" + } + }, "node_modules/chokidar": { "version": "3.6.0", "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.6.0.tgz", @@ -663,6 +706,11 @@ "url": "https://github.com/sponsors/fb55" } }, + "node_modules/csv-parse": { + "version": "5.5.6", + "resolved": "https://registry.npmjs.org/csv-parse/-/csv-parse-5.5.6.tgz", + "integrity": "sha512-uNpm30m/AGSkLxxy7d9yRXpJQFrZzVWLFBkS+6ngPcZkw/5k3L/jjFuj7tVnEpRn+QgmiXr21nDlhCiUK4ij2A==" + }, "node_modules/csv-parser": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/csv-parser/-/csv-parser-3.0.0.tgz", @@ -862,13 +910,36 @@ "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==" }, "node_modules/encodeurl": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz", - "integrity": "sha512-TPJXq8JqFaVYm2CWmPvnP2Iyo4ZSM7/QKcSmuMLDObfpH5fi7RUGmd/rTDf+rut/saiDiQEeVTNgAmJEdAOx0w==", + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-2.0.0.tgz", + "integrity": "sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg==", "engines": { "node": ">= 0.8" } }, + "node_modules/encoding-sniffer": { + "version": "0.2.0", + "resolved": "https://registry.npmjs.org/encoding-sniffer/-/encoding-sniffer-0.2.0.tgz", + "integrity": "sha512-ju7Wq1kg04I3HtiYIOrUrdfdDvkyO9s5XM8QAj/bN61Yo/Vb4vgJxy5vi4Yxk01gWHbrofpPtpxM8bKger9jhg==", + "dependencies": { + "iconv-lite": "^0.6.3", + "whatwg-encoding": "^3.1.1" + }, + "funding": { + "url": "https://github.com/fb55/encoding-sniffer?sponsor=1" + } + }, + "node_modules/encoding-sniffer/node_modules/iconv-lite": { + "version": "0.6.3", + "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.6.3.tgz", + "integrity": "sha512-4fCk79wshMdzMp2rH06qWrJE4iolqLhCUH+OiuIgU++RB0+94NlDL81atO7GX55uUKueo0txHNtvEyI6D7WdMw==", + "dependencies": { + "safer-buffer": ">= 2.1.2 < 3.0.0" + }, + "engines": { + "node": ">=0.10.0" + } + }, "node_modules/entities": { "version": "4.5.0", "resolved": "https://registry.npmjs.org/entities/-/entities-4.5.0.tgz", @@ -926,36 +997,36 @@ } }, "node_modules/express": { - "version": "4.19.2", - "resolved": "https://registry.npmjs.org/express/-/express-4.19.2.tgz", - "integrity": "sha512-5T6nhjsT+EOMzuck8JjBHARTHfMht0POzlA60WV2pMD3gyXw2LZnZ+ueGdNxG+0calOJcWKbpFcuzLZ91YWq9Q==", + "version": "4.21.0", + "resolved": "https://registry.npmjs.org/express/-/express-4.21.0.tgz", + "integrity": "sha512-VqcNGcj/Id5ZT1LZ/cfihi3ttTn+NJmkli2eZADigjq29qTlWi/hAQ43t/VLPq8+UX06FCEx3ByOYet6ZFblng==", "dependencies": { "accepts": "~1.3.8", "array-flatten": "1.1.1", - "body-parser": "1.20.2", + "body-parser": "1.20.3", "content-disposition": "0.5.4", "content-type": "~1.0.4", "cookie": "0.6.0", "cookie-signature": "1.0.6", "debug": "2.6.9", "depd": "2.0.0", - "encodeurl": "~1.0.2", + "encodeurl": "~2.0.0", "escape-html": "~1.0.3", "etag": "~1.8.1", - "finalhandler": "1.2.0", + "finalhandler": "1.3.1", "fresh": "0.5.2", "http-errors": "2.0.0", - "merge-descriptors": "1.0.1", + "merge-descriptors": "1.0.3", "methods": "~1.1.2", "on-finished": "2.4.1", "parseurl": "~1.3.3", - "path-to-regexp": "0.1.7", + "path-to-regexp": "0.1.10", "proxy-addr": "~2.0.7", - "qs": "6.11.0", + "qs": "6.13.0", "range-parser": "~1.2.1", "safe-buffer": "5.2.1", - "send": "0.18.0", - "serve-static": "1.15.0", + "send": "0.19.0", + "serve-static": "1.16.2", "setprototypeof": "1.2.0", "statuses": "2.0.1", "type-is": "~1.6.18", @@ -1050,12 +1121,12 @@ } }, "node_modules/finalhandler": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.2.0.tgz", - "integrity": "sha512-5uXcUVftlQMFnWC9qu/svkWv3GTd2PfUhK/3PLkYNAe7FbqJMt3515HaxE6eRL74GdsriiwujiawdaB1BpEISg==", + "version": "1.3.1", + "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.3.1.tgz", + "integrity": "sha512-6BN9trH7bp3qvnrRyzsBz+g3lZxTNZTbVO2EV1CS0WIcDbawYVdYvGflME/9QP0h0pYlCDBCTjYa9nZzMDpyxQ==", "dependencies": { "debug": "2.6.9", - "encodeurl": "~1.0.2", + "encodeurl": "~2.0.0", "escape-html": "~1.0.3", "on-finished": "2.4.1", "parseurl": "~1.3.3", @@ -1131,6 +1202,11 @@ "node": ">= 0.6" } }, + "node_modules/fs": { + "version": "0.0.1-security", + "resolved": "https://registry.npmjs.org/fs/-/fs-0.0.1-security.tgz", + "integrity": "sha512-3XY9e1pP0CVEUCdj5BmfIZxRBTSDycnbqhIOGec9QYtmVH2fbLpj86CFWkrNOkt/Fvty4KZG5lTglL9j/gJ87w==" + }, "node_modules/fs-minipass": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/fs-minipass/-/fs-minipass-2.1.0.tgz", @@ -1324,6 +1400,24 @@ "he": "bin/he" } }, + "node_modules/htmlparser2": { + "version": "9.1.0", + "resolved": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-9.1.0.tgz", + "integrity": "sha512-5zfg6mHUoaer/97TxnGpxmbR7zJtPwIYFMZ/H5ucTlPZhKvtum05yiPK3Mgai3a0DyVxv7qYqoweaEd2nrYQzQ==", + "funding": [ + "https://github.com/fb55/htmlparser2?sponsor=1", + { + "type": "github", + "url": "https://github.com/sponsors/fb55" + } + ], + "dependencies": { + "domelementtype": "^2.3.0", + "domhandler": "^5.0.3", + "domutils": "^3.1.0", + "entities": "^4.5.0" + } + }, "node_modules/http-errors": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.0.tgz", @@ -1582,9 +1676,12 @@ "integrity": "sha512-ZS4Bp4r/Zoeq6+NLJpP+0Zzm0pR8whtGPf1XExKLJBAczGMnSi3It14OiNCStjQjM6NU1okjQGSxgEZN8eBYKg==" }, "node_modules/merge-descriptors": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.1.tgz", - "integrity": "sha512-cCi6g3/Zr1iqQi6ySbseM1Xvooa98N0w31jzUYrXPX2xqObmFGHJ0tQ5u74H3mVh7wLouTseZyYIq39g8cNp1w==" + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.3.tgz", + "integrity": "sha512-gaNvAS7TZ897/rVaZ0nMtAyxNyi/pdbjbAwUpFQpN70GqnVfOiXpeUUMKRBmzXaSQ8DdTX4/0ms62r2K+hE6mQ==", + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } }, "node_modules/methods": { "version": "1.1.2", @@ -2165,6 +2262,40 @@ "resolved": "https://registry.npmjs.org/pako/-/pako-1.0.11.tgz", "integrity": "sha512-4hLB8Py4zZce5s4yd9XzopqwVv/yGNhV1Bl8NTmCq1763HeK2+EwVTv+leGeL13Dnh2wfbqowVPXCIO0z4taYw==" }, + "node_modules/parse5": { + "version": "7.1.2", + "resolved": "https://registry.npmjs.org/parse5/-/parse5-7.1.2.tgz", + "integrity": "sha512-Czj1WaSVpaoj0wbhMzLmWD69anp2WH7FXMB9n1Sy8/ZFF9jolSQVMu1Ij5WIyGmcBmhk7EOndpO4mIpihVqAXw==", + "dependencies": { + "entities": "^4.4.0" + }, + "funding": { + "url": "https://github.com/inikulin/parse5?sponsor=1" + } + }, + "node_modules/parse5-htmlparser2-tree-adapter": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/parse5-htmlparser2-tree-adapter/-/parse5-htmlparser2-tree-adapter-7.0.0.tgz", + "integrity": "sha512-B77tOZrqqfUfnVcOrUvfdLbz4pu4RopLD/4vmu3HUPswwTA8OH0EMW9BlWR2B0RCoiZRAHEUu7IxeP1Pd1UU+g==", + "dependencies": { + "domhandler": "^5.0.2", + "parse5": "^7.0.0" + }, + "funding": { + "url": "https://github.com/inikulin/parse5?sponsor=1" + } + }, + "node_modules/parse5-parser-stream": { + "version": "7.1.2", + "resolved": "https://registry.npmjs.org/parse5-parser-stream/-/parse5-parser-stream-7.1.2.tgz", + "integrity": "sha512-JyeQc9iwFLn5TbvvqACIF/VXG6abODeB3Fwmv/TGdLk2LfbWkaySGY72at4+Ty7EkPZj854u4CrICqNk2qIbow==", + "dependencies": { + "parse5": "^7.0.0" + }, + "funding": { + "url": "https://github.com/inikulin/parse5?sponsor=1" + } + }, "node_modules/parseurl": { "version": "1.3.3", "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz", @@ -2290,9 +2421,9 @@ } }, "node_modules/path-to-regexp": { - "version": "0.1.7", - "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz", - "integrity": "sha512-5DFkuoqlv1uYQKxy8omFBeJPQcdoE07Kv2sferDCrAq1ohOU+MSDswDIbnx3YAM60qIOnYa53wBhXW0EbMonrQ==" + "version": "0.1.10", + "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.10.tgz", + "integrity": "sha512-7lf7qcQidTku0Gu3YDPc8DJ1q7OOucfa/BSsIwjuh56VU7katFvuM8hULfkwB3Fns/rsVF7PwPKVw1sl5KQS9w==" }, "node_modules/pause": { "version": "0.0.1", @@ -2341,11 +2472,11 @@ } }, "node_modules/qs": { - "version": "6.11.0", - "resolved": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz", - "integrity": "sha512-MvjoMCJwEarSbUYk5O+nmoSzSutSsTwF85zcHPQ9OrlFoZOYIjaqBAJIqIXjptyD5vThxGq52Xu/MaJzRkIk4Q==", + "version": "6.13.0", + "resolved": "https://registry.npmjs.org/qs/-/qs-6.13.0.tgz", + "integrity": "sha512-+38qI9SOr8tfZ4QmJNplMUxqjbe7LKvvZgWdExBOmd+egZTtjLB67Gu0HRX3u/XOq7UU2Nx6nsjvS16Z9uwfpg==", "dependencies": { - "side-channel": "^1.0.4" + "side-channel": "^1.0.6" }, "engines": { "node": ">=0.6" @@ -2480,9 +2611,9 @@ } }, "node_modules/send": { - "version": "0.18.0", - "resolved": "https://registry.npmjs.org/send/-/send-0.18.0.tgz", - "integrity": "sha512-qqWzuOjSFOuqPjFe4NOsMLafToQQwBSOEpS+FwEt3A2V3vKubTquT3vmLTQpFgMXp8AlFWFuP1qKaJZOtPpVXg==", + "version": "0.19.0", + "resolved": "https://registry.npmjs.org/send/-/send-0.19.0.tgz", + "integrity": "sha512-dW41u5VfLXu8SJh5bwRmyYUbAoSB3c9uQh6L8h/KtsFREPWpbX1lrljJo186Jc4nmci/sGUZ9a0a0J2zgfq2hw==", "dependencies": { "debug": "2.6.9", "depd": "2.0.0", @@ -2502,20 +2633,28 @@ "node": ">= 0.8.0" } }, + "node_modules/send/node_modules/encodeurl": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz", + "integrity": "sha512-TPJXq8JqFaVYm2CWmPvnP2Iyo4ZSM7/QKcSmuMLDObfpH5fi7RUGmd/rTDf+rut/saiDiQEeVTNgAmJEdAOx0w==", + "engines": { + "node": ">= 0.8" + } + }, "node_modules/send/node_modules/ms": { "version": "2.1.3", "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==" }, "node_modules/serve-static": { - "version": "1.15.0", - "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.15.0.tgz", - "integrity": "sha512-XGuRDNjXUijsUL0vl6nSD7cwURuzEgglbOaFuZM9g3kwDXOWVTck0jLzjPzGD+TazWbboZYu52/9/XPdUgne9g==", + "version": "1.16.2", + "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.16.2.tgz", + "integrity": "sha512-VqpjJZKadQB/PEbEwvFdO43Ax5dFBZ2UECszz8bQ7pi7wt//PWe1P6MN7eCnjsatYtBT6EuiClbjSWP2WrIoTw==", "dependencies": { - "encodeurl": "~1.0.2", + "encodeurl": "~2.0.0", "escape-html": "~1.0.3", "parseurl": "~1.3.3", - "send": "0.18.0" + "send": "0.19.0" }, "engines": { "node": ">= 0.8.0" @@ -2757,6 +2896,14 @@ "resolved": "https://registry.npmjs.org/undefsafe/-/undefsafe-2.0.5.tgz", "integrity": "sha512-WxONCrssBM8TSPRqN5EmsjVrsv4A8X12J4ArBiiayv3DyyG3ZlIg6yysuuSYdZsVz3TKcTg2fd//Ujd4CHV1iA==" }, + "node_modules/undici": { + "version": "6.19.8", + "resolved": "https://registry.npmjs.org/undici/-/undici-6.19.8.tgz", + "integrity": "sha512-U8uCCl2x9TK3WANvmBavymRzxbfFYG+tAu+fgx3zxQy3qdagQqBLwJVrdyO1TBfUXvfKveMKJZhpvUYoOjM+4g==", + "engines": { + "node": ">=18.17" + } + }, "node_modules/undici-types": { "version": "6.13.0", "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.13.0.tgz", @@ -2824,6 +2971,36 @@ "node": ">=12" } }, + "node_modules/whatwg-encoding": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/whatwg-encoding/-/whatwg-encoding-3.1.1.tgz", + "integrity": "sha512-6qN4hJdMwfYBtE3YBTTHhoeuUrDBPZmbQaxWAqSALV/MeEnR5z1xd8UKud2RAkFoPkmB+hli1TZSnyi84xz1vQ==", + "dependencies": { + "iconv-lite": "0.6.3" + }, + "engines": { + "node": ">=18" + } + }, + "node_modules/whatwg-encoding/node_modules/iconv-lite": { + "version": "0.6.3", + "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.6.3.tgz", + "integrity": "sha512-4fCk79wshMdzMp2rH06qWrJE4iolqLhCUH+OiuIgU++RB0+94NlDL81atO7GX55uUKueo0txHNtvEyI6D7WdMw==", + "dependencies": { + "safer-buffer": ">= 2.1.2 < 3.0.0" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/whatwg-mimetype": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/whatwg-mimetype/-/whatwg-mimetype-4.0.0.tgz", + "integrity": "sha512-QaKxh0eNIi2mE9p2vEdzfagOKHCcj1pJ56EEHGQOVxp8r9/iszLUUV7v89x9O1p/T+NlTM5W7jW6+cz4Fq1YVg==", + "engines": { + "node": ">=18" + } + }, "node_modules/whatwg-url": { "version": "13.0.0", "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-13.0.0.tgz", diff --git a/package.json b/package.json index 7ae38e5..fc9a0af 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "maturity.theodi.org", - "version": "1.1.0", + "version": "2.0.0", "description": "The ODI Maturity Assessment Tool", "main": "index.js", "scripts": { @@ -20,13 +20,16 @@ "dependencies": { "@hubspot/api-client": "^11.1.0", "bcrypt": "^5.1.1", + "cheerio": "^1.0.0", "cors": "^2.8.5", + "csv-parse": "^5.5.6", "csv-parser": "^3.0.0", "docx": "^8.5.0", "dotenv": "^16.4.5", "ejs": "^3.1.8", "express": "^4.18.2", "express-session": "^1.17.3", + "fs": "^0.0.1-security", "json2csv": "^6.0.0-alpha.2", "mongoose": "^8.2.1", "morgan": "^1.10.0", diff --git a/private/assessments/DEMM2024.json b/private/assessments/DEMM2024.json new file mode 100644 index 0000000..be06a76 --- /dev/null +++ b/private/assessments/DEMM2024.json @@ -0,0 +1,558 @@ +{ + "title": "Data Ethics Maturity Model (2024)", + "description": "

The Data Ethics Maturity Model is a tool for anyone who collects, uses and shares data. It helps assess and benchmark how widely embedded data ethics culture and practices are across your organisation.

", + "owner": "info@theodi.org", + "organisation": { + "name": "The Open Data Institute", + "homePage": "https://theodi.org", + "country": { + "name": "United Kingdom", + "code": "GB" + } + }, + "public": true, + "levels": [ + "Initial", + "Repeatable", + "Defined", + "Managed", + "Optimising" + ], + "dimensions": [ + { + "name": "Organisational governance and internal oversight", + "activities": [ + { + "title": "Organisational governance and internal oversight", + "questions": [ + { + "text": "How does your organisation perceive and engage with data ethics?", + "statements": [ + { + "text": "Data governance is seen as a legal issue, not a business need. Data ethics views focus on compliance and meeting a minimum standard, possibly with some resentment. Many within the organisation have no awareness of the importance of data ethics.", + "associatedLevel": 1 + }, + { + "text": "Data ethics are considered ad hoc on an individual or team-wide basis, without an overarching organisational vision", + "associatedLevel": 2 + }, + { + "text": "The importance of data ethics has been recognised at the highest levels of the organisation, but implementation of these ideals is not fully standardised or embedded", + "associatedLevel": 3 + }, + { + "text": "The organisation fully embraces the importance of data ethics at all levels and has developed a coherent statement or messaging around its approach to data ethics", + "associatedLevel": 4 + }, + { + "text": "Data ethics is viewed as an integral part of the organisation’s strategy from the board on down. Data ethics issues are regularly discussed and reviewed and policies updated as needed.", + "associatedLevel": 5 + } + ] + }, + { + "text": "How does your organisation establish and manage policies for the ethical collection, use, and sharing of data?", + "statements": [ + { + "text": "No strategies, policies or defined principles that include ethical collection, use and sharing of data", + "associatedLevel": 1 + }, + { + "text": "Strategies surrounding data ethics are developed and applied ad hoc, without an overarching policy and without much standardisation", + "associatedLevel": 2 + }, + { + "text": "Standardised strategies are applied in some areas, though individual policies may not have been joined up into a cohesive organisational strategy for data ethics", + "associatedLevel": 3 + }, + { + "text": "The organisation has developed a coherent strategy surrounding data ethics, which is consistently applied, though may not be regularly reviewed.", + "associatedLevel": 4 + }, + { + "text": "The organisation has developed a consistent and coherent strategy surrounding data ethics, which is consistently applied, its impact regularly assessed and reviewed, with changes made when needed.", + "associatedLevel": 5 + } + ] + }, + { + "text": "How clearly defined are roles and responsibilities for data ethics within your organisation?", + "statements": [ + { + "text": "No individual within the organisation takes responsibility for data ethics", + "associatedLevel": 1 + }, + { + "text": "Some individuals take responsibility for data ethics on an ad hoc basis. This may not be formalised. There may be a pro forma person in charge of data ethics with little organisation-wide communication; most within the organisation view data ethics as “someone else’s job”.", + "associatedLevel": 2 + }, + { + "text": "Data ethics roles within the organisation are clear, though responsibilities may not be efficiently delegated. A few people within the organisation may still view data ethics as “someone else’s job”.", + "associatedLevel": 3 + }, + { + "text": "Data ethics roles within the organisation are clear and responsibilities efficiently delegated. Everyone within the organisation is aware of their responsibility towards data ethics with appropriate performance standards in place.", + "associatedLevel": 4 + }, + { + "text": "The organisation has an ethics committee (or equivalent) to deal with decisions on ethical collection, use and sharing of data that affect the whole organisation, and regular reviews take place. Data ethics roles within the organisation are clear and responsibilities efficiently delegated. Everyone within the organisation is aware of their responsibility towards data ethics with appropriate performance standards in place.", + "associatedLevel": 5 + } + ] + }, + { + "text": "How does your organisation set targets and measure performance around data ethics?", + "statements": [ + { + "text": "No targets set or metrics collected around data ethics", + "associatedLevel": 1 + }, + { + "text": "Targets or metrics may be collected for individual projects on an ad hoc basis. There may be little formalised monitoring in place.", + "associatedLevel": 2 + }, + { + "text": "Targets or metrics are regularly collected for specific projects or for certain individuals, though these may not be tied to larger organisational strategies", + "associatedLevel": 3 + }, + { + "text": "Performance assessments of key staff are tied to delivery of objectives in the data strategy or adherence to principles for ethical collection, use and sharing of data.", + "associatedLevel": 4 + }, + { + "text": "Metrics monitoring ethical data practices are actively reviewed, used and adjusted over time to ensure alignment with the wider goals of the organisation.", + "associatedLevel": 5 + } + ] + }, + { + "text": "How is information about data ethics shared with internal and external stakeholders?", + "statements": [ + { + "text": "No available information on data ethics for stakeholders or employees", + "associatedLevel": 1 + }, + { + "text": "Individuals within the organisation discuss data ethics on an ad hoc basis, though the output of the conversations may not be shared or widely available.", + "associatedLevel": 2 + }, + { + "text": "The organisation has developed coherent messaging around data ethics. Some conversations and decisions may not be shared and organisation communication is lacking.", + "associatedLevel": 3 + }, + { + "text": "Data ethics are discussed and communicated from the board on down, including through the data ethics committee. Information is published and all stakeholders are able to access information around data ethics.", + "associatedLevel": 4 + }, + { + "text": "Data ethics are discussed and communicated from the board on down, including through the data ethics committee. Information is published and all stakeholders are able to access information around data ethics. Messaging is regularly reviewed and updated.", + "associatedLevel": 5 + } + ] + } + ] + } + ] + }, + { + "name": "Skills and knowledge", + "activities": [ + { + "title": "Skills and knowledge", + "questions": [ + { + "text": "How well is knowledge of data ethics embedded within the organisation?", + "statements": [ + { + "text": "No awareness of importance of data ethics or basic principles", + "associatedLevel": 1 + }, + { + "text": "There is no shared understanding of data ethics and what it means for collection, use and sharing of data", + "associatedLevel": 2 + }, + { + "text": "Data practitioners have a basic understanding of data ethics and what it means for collection, use and sharing of data for the organisation. Others within the organisation may not be clear on data ethics.", + "associatedLevel": 3 + }, + { + "text": "All staff have a basic understanding of data ethics and what it means for collection, use and sharing of data for the organisation. Data practitioners have a deeper knowledge and understanding of ethical collection, use and sharing of data.", + "associatedLevel": 4 + }, + { + "text": "All staff at all levels of the organisation have a deep knowledge and understanding of ethical collection, use and sharing of data. Staff are clear how this informs and supports organisational strategy.", + "associatedLevel": 5 + } + ] + }, + { + "text": "To what extent are data ethics discussions and Communities of Practice embedded within your organisation?", + "statements": [ + { + "text": "Data ethics are discussed rarely if at all and never in a formalised way", + "associatedLevel": 1 + }, + { + "text": "There are individuals with a focus on ethical decision making in each discipline, but it is not commonplace for whole teams to discuss ethical collection, use and sharing of data", + "associatedLevel": 2 + }, + { + "text": "Internal peer groups and experts exist that share advice and guidance on ethical collection, use and sharing of data, but these may not be commonly attended or there may not be widespread organisational awareness of these groups.", + "associatedLevel": 3 + }, + { + "text": "Well-established internal peer groups and experts exist that regularly and widely share advice and guidance on ethical collection, use and sharing of data.", + "associatedLevel": 4 + }, + { + "text": "The ethical collection, use and sharing of data is regularly discussed in a structured and formalised way designed to disseminate best practice and update knowledge and procedures throughout the organisation.", + "associatedLevel": 5 + } + ] + }, + { + "text": "What kind of training is available within the organisation on data ethics?", + "statements": [ + { + "text": "The organisation does not provide any direct support or training for staff in data ethics.", + "associatedLevel": 1 + }, + { + "text": "Training and support for individuals/teams around data ethics is driven by the needs of specific projects", + "associatedLevel": 2 + }, + { + "text": "The organisation allocates budget towards basic data ethics training for all staff but training is not mandatory", + "associatedLevel": 3 + }, + { + "text": "All staff are required to undertake an introduction to data ethics training.", + "associatedLevel": 4 + }, + { + "text": "Professional development of data practitioners in ethical data practices is considered a priority, and staff are encouraged to become certified data ethics practitioners.", + "associatedLevel": 5 + } + ] + }, + { + "text": "How does the organisation build and maintain expertise in data ethics?", + "statements": [ + { + "text": "Internal evangelists may be self-taught with little formalised training.", + "associatedLevel": 1 + }, + { + "text": "The organisation relies on external expertise for guidance and practical support", + "associatedLevel": 2 + }, + { + "text": "The organisation may draw on external expertise for support around complex topics and projects", + "associatedLevel": 3 + }, + { + "text": "The organisation builds and fosters networks of expertise within the organisation and wider community.", + "associatedLevel": 4 + }, + { + "text": "The organisation uses its in-house data ethics expertise to provide leadership to the market, through support and guidance.", + "associatedLevel": 5 + } + ] + } + ] + } + ] + }, + { + "name": "Data management risk processes", + "activities": [ + { + "title": "Data management risk processes", + "questions": [ + { + "text": "How are risks of harm to individuals and communities identified and assessed when collecting, using, and sharing data?", + "statements": [ + { + "text": "There are no defined processes for identifying and assessing risk of harm to individuals and communities when collecting, using and sharing data", + "associatedLevel": 1 + }, + { + "text": "Processes are ad hoc for identifying and assessing risks of harm to individuals and communities when collecting, using and sharing data.", + "associatedLevel": 2 + }, + { + "text": "Processes for identifying and assessing risk of harm to individuals and communities when collecting, using and sharing data are standardised and include consideration of positive and negative unintended impacts. Adoption of the processes is not universal.", + "associatedLevel": 3 + }, + { + "text": "All projects and disciplines follow standardised and embedded processes for identifying and assessing risk of harm to individuals and communities when collecting, using and sharing data that comprehensively include consideration of positive and negative unintended impacts.", + "associatedLevel": 4 + }, + { + "text": "All projects and disciplines follow standardised and embedded processes for identifying and assessing risk of harm to individuals and communities when collecting, using and sharing data that comprehensively include consideration of positive and negative unintended impacts. The organisation monitors and adapts to changes to community norms, customs and values that influence what is considered ethical collection, use and sharing of data.", + "associatedLevel": 5 + } + ] + }, + { + "text": "How are risks addressed and mitigated when collecting, using, and sharing data?", + "statements": [ + { + "text": "Risks are only addressed when they threaten to become problematic for the organisation", + "associatedLevel": 1 + }, + { + "text": "Risks are dealt with by individuals who care about or feel responsible for the issues, rather than in a systematic way", + "associatedLevel": 2 + }, + { + "text": "Risks are prioritised based on expected impact and are dealt with in order of priority.", + "associatedLevel": 3 + }, + { + "text": "The organisation puts mitigation processes in place for risks that have a higher likelihood of occurring.", + "associatedLevel": 4 + }, + { + "text": "Performance around reducing harm is routinely assessed, reevaluated and linked to mitigation strategies where needed on a dynamic basis.", + "associatedLevel": 5 + } + ] + }, + { + "text": "What tools are used to assess and address ethical implications in your organisation?", + "statements": [ + { + "text": "Very little awareness of tools to consider ethical implications.", + "associatedLevel": 1 + }, + { + "text": "Use of tools (for example Data Ethics Canvas, Consequence Scanning and the ODI’s Data Sharing Risk Assessment) to consider ethical implications from data is done on an ad hoc basis and is not consistent", + "associatedLevel": 2 + }, + { + "text": "The organisation has a preferred set of data ethics tools but these are not widely adopted.", + "associatedLevel": 3 + }, + { + "text": "Use of data ethics tools (e.g., Data Ethics Canvas, Consequence Scanning and the ODI’s Data Sharing Risk Assessment) are widespread throughout the organisation.", + "associatedLevel": 4 + }, + { + "text": "Data ethics tools have been customised for the organisation specifically and independently validated and regularly reviewed.", + "associatedLevel": 5 + } + ] + } + ] + } + ] + }, + { + "name": "Funding and Procurement", + "activities": [ + { + "title": "Funding and Procurement", + "questions": [ + { + "text": "How are ethical data practices funded within the organisation?", + "statements": [ + { + "text": "Activities to support ethical collection, use and sharing of data are unfunded", + "associatedLevel": 1 + }, + { + "text": "Individual projects may include costs to examine potential positive and negative impacts from their collection, use and sharing as part of their budget.", + "associatedLevel": 2 + }, + { + "text": "Project funding and operational costs routinely include long-term costs for assessing, building and demonstrating ethical collection, use and sharing of data.", + "associatedLevel": 3 + }, + { + "text": "There are organisation-wide standards and clarity around the costs and benefits of ethical data practices", + "associatedLevel": 4 + }, + { + "text": "The organisation publishes information about the costs/benefits of ethical data practices to help others learn from their approach.", + "associatedLevel": 5 + } + ] + }, + { + "text": "How does the organisation ensure ethical data practices in its procurement processes?", + "statements": [ + { + "text": "Procurement contracts do not include requirements around ethical data practices. The risk that suppliers use unethical practices around data is not recorded or mitigated", + "associatedLevel": 1 + }, + { + "text": "The organisation sometimes seeks clarity around ethical data practices of suppliers as part of procurement. This is driven by the needs of specific projects and is not routine.", + "associatedLevel": 2 + }, + { + "text": "The organisation tailors individual contracts to cover ethical data practises, as required by the needs of projects / products.", + "associatedLevel": 3 + }, + { + "text": "The organisation includes standard wording in all contracts that covers ethical data practices.", + "associatedLevel": 4 + }, + { + "text": "The organisation proactively carries out due diligence / audit around the ethical data practices of organisations they use data from, share data with and/or who collects data on their behalf.", + "associatedLevel": 5 + } + ] + } + ] + } + ] + }, + { + "name": "Stakeholder and staff engagement", + "activities": [ + { + "title": "Stakeholder and staff engagement", + "questions": [ + { + "text": "How does the organisation communicate with stakeholders who might be impacted by the data it collects, uses, or shares?", + "statements": [ + { + "text": "The organisation does not communicate with customers or staff that might be impacted by data collected, used or shared.", + "associatedLevel": 1 + }, + { + "text": "Communication with customers or staff that might be impacted by projects collecting using or sharing data is ad hoc and may be one-way", + "associatedLevel": 2 + }, + { + "text": "The organisation has documented a repeatable approach for engaging people around collection, use and sharing of data but this is not widely adopted. The organisation has identified a means by which individuals or communities can raise concerns around ethical collection, use and sharing of data.", + "associatedLevel": 3 + }, + { + "text": "It is routine for all teams to engage communities reflected in or impacted by the data.", + "associatedLevel": 4 + }, + { + "text": "The organisation proactively communicates their policies, and any changes to policies, with customers, staff and communities, and actively seeks feedback, including on the level of trust people have for the organisation with the data held on them.", + "associatedLevel": 5 + } + ] + }, + { + "text": "How does the organisation gather and use feedback from communities reflected in or impacted by its data?", + "statements": [ + { + "text": "Feedback is not sought from communities data is about; unsolicited feedback may be viewed as unwelcome or problematic.", + "associatedLevel": 1 + }, + { + "text": "Some teams / projects begin to use feedback from communities the data is about, or who are impacted by collection, use and sharing of the data, to inform internal data management processes", + "associatedLevel": 2 + }, + { + "text": "The organisation has documented how teams should use feedback from communities reflected in or impacted by data to inform their work. This is not yet widely adopted.", + "associatedLevel": 3 + }, + { + "text": "It is routine for all teams to act on feedback from communities reflected in or impacted by the data.", + "associatedLevel": 4 + }, + { + "text": "The communities reflected in, or impacted by data are actively involved in key decisions that may affect them and decisions will not be taken forward without consensus.", + "associatedLevel": 5 + } + ] + }, + { + "text": "How does the organisation ensure that communications about its ethical data practices are clear and accessible to all stakeholders?", + "statements": [ + { + "text": "Communications around ethical data practices are dense, technical and unreadable (for example in legal language)", + "associatedLevel": 1 + }, + { + "text": "Communications on ethical data practices do not use the language of the community reflected in, or impacted by, the data (for example they use internal, technical language)", + "associatedLevel": 2 + }, + { + "text": "The organisation uses language tailored to the audience when communicating with its community", + "associatedLevel": 3 + }, + { + "text": "The policy for ethical collection, use and sharing of data is published online and accessible to the public. It is written in such a way as to be understood by all stakeholders, though may not be proactively shared with those not immediately concerned (e.g., the wider industry).", + "associatedLevel": 4 + }, + { + "text": "The policy for ethical collection, use and sharing of data is published online and accessible to the public. It is written in such a way as to be understood by all stakeholders. The organisation shares its experience around ethical collection, use and sharing of data, for example in articles, case studies or at events.", + "associatedLevel": 5 + } + ] + } + ] + } + ] + }, + { + "name": "Legal standing and compliance", + "activities": [ + { + "title": "Legal standing and compliance", + "questions": [ + { + "text": "What is the organisation's level of awareness and understanding of legal and regulatory requirements for protecting individuals and communities from harm?", + "statements": [ + { + "text": "No awareness of legislative or compliance requirements to protect individuals and communities from harm.", + "associatedLevel": 1 + }, + { + "text": "Knowledge of legal and regulatory compliance to protect individuals from harm is limited to a few individuals within the organisation.", + "associatedLevel": 2 + }, + { + "text": "There is organisational guidance on compliance with legal and social requirements to avoid harm to individuals and communities, but this is not widely adopted.", + "associatedLevel": 3 + }, + { + "text": "The organisation has very clear guidance on compliance with all legal and social requirements, and engages proactively with regulators to shape future regulations and guidance to consider ethical collection, use and sharing of data.", + "associatedLevel": 4 + }, + { + "text": "The organisation has very clear guidance on compliance with all legal and social requirements, and engages proactively with regulators to shape future regulations and guidance to consider ethical collection, use and sharing of data. The organisation shares its approach to compliance to support best practice across the industry.", + "associatedLevel": 5 + } + ] + }, + { + "text": "How does the organisation ensure compliance with legal, regulatory, and social norms regarding data collection, use, and sharing?", + "statements": [ + { + "text": "There is no attempt to comply with legal or regulatory requirements", + "associatedLevel": 1 + }, + { + "text": "Some attempts are made on an ad hoc basis to comply with legal and regulatory requirements, but these may be inconsistent with some problems “swept under the carpet”.", + "associatedLevel": 2 + }, + { + "text": "There are clear organisation-wide attempts to comply with all legal and regulatory requirements. There may be a diminished focus on social norms and this may not be widely adopted.", + "associatedLevel": 3 + }, + { + "text": "All teams use a standardised structure for checking compliance against relevant legislation and social norms and this is measured as part of performance reporting.", + "associatedLevel": 4 + }, + { + "text": "Application of the organisation’s legal obligations around data collection, use and sharing are routinely reassessed and updated to reflect evolving requirements, social and political priorities.", + "associatedLevel": 5 + } + ] + } + ] + } + ] + } + ] +} \ No newline at end of file diff --git a/private/assessments/DMAG2024.json b/private/assessments/DMAG2024.json new file mode 100644 index 0000000..d70cc1d --- /dev/null +++ b/private/assessments/DMAG2024.json @@ -0,0 +1,4210 @@ +{ + "title": "Data Maturity Assessment for Government (2024)", + "description": "

The Data Maturity Assessment (DMA) for Government has been created specifically for use in the public sector. It is a way to understand and identify strengths and weaknesses in an organisation’s data ecosystem. It is measured and evaluated using the data maturity assessment framework.

", + "owner": "datamaturity@digital.cabinet-office.gov.uk", + "organisation": { + "name": "Central Digital and Data Office, Cabinet Office", + "homePage": "https://digital.cainet-office.gov.uk", + "country": { + "name": "United Kingdom", + "code": "GB" + } + }, + "public": true, + "readOnly": false, + "levels": ["Beginning", "Emerging", "Learning", "Developing", "Mastering"], + "dimensions": [ + { + "name": "Engaging with others", + "activities": [ + { + "title": "Culture", + "questions": [ + { + "text": "Making data available to those who need it.", + "context": "", + "statements": [ + { + "text": "Makes data available by default only to a single specialist person or team. Discourages sharing data internally.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Beginning to share data internally either verbally or via reports. Does not encourage data sharing across teams or provide ways to share data directly.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Enables specialist users to access and share some data internally, but systems or processes limit access to and sharing of data by default rather than by design. Some internal users are have appropriate access to data they need but may require specialist support to access or share data.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Beginning to provide ways to access and share data directly, but non-expert staff may require some intervention from specialists to do so. All internal users and some external users have appropriate access to data they need when they need it.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Data can be accessed and directly shared appropriately by all users who need it. All internal and external users can access data they need when they need it, without specialist support.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Sharing data with stakeholders and customers.", + "context": "", + "statements": [ + { + "text": "Only shares data externally for legal, contractual, or compliance reporting purposes.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Beginning to explore how to share data more effectively and make data publicly available. Aware of trade off between openness and security.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Routinely shares data with customers where possible. Makes insights and evidence publicly available where appropriate.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Exploring how data could be shared with clients on an individual basis as part of service delivery.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Conducts widespread knowledge and skills sharing within and beyond the organisation. Shares data internally and externally from different teams, departments and services.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Considering the needs of the users when making changes to data.", + "context": "", + "statements": [ + { + "text": "Makes changes to data without considering impact on users. Communicate changes to data only where it is externally mandated by legal or policy requirements.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Makes changes to data without considering users’ needs or how the changes will affect the users. Communicates changes to high profile data. The approach and format of communication is inconsistent.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Considers the needs of high impact users when making changes to data. Communicates changes to high profile data consistently and clearly.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Considers and consults some users and re-users of the data when making changes in order to understand their needs. Communicates changes to data clearly, however the approach or format is somewhat inconsistent across the organisation.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Has a comprehensive understanding of the needs of most users and re-users of data. Consistently makes best possible efforts to ensure that critical user needs are met when making changes to data. All changes are communicated clearly and consistently.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Sharing data as part of strategy.", + "context": "", + "statements": [ + { + "text": "Sees data sharing as an administrative task. Senior leaders do not hold responsibility or accountability for successful sharing.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Sees data sharing primarily as task, not as strategy. Beginning to become more open to data sharing in some pockets of the organisation.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Sees data sharing as strategy not task. Has more open attitudes to data sharing.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Beginning to see limited data sharing as a strategic priority. Beginning to define structures of responsibility and accountability for ensuring successful data sharing.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Includes data sharing in strategic priorities. Senior leaders take responsibility and hold accountability for ensuring successful data sharing. These structures are enforced and communicated consistently.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Discussing and learning from mistakes.", + "context": "", + "statements": [ + { + "text": "Staff or teams resolve data problems individually. Does not encourage avenues and forums to openly discuss issues with data. Does not record or communicate lessons learned from past mistakes.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Beginning to form a culture of openness and learning from mistakes. Makes some efforts to communicate lessons learned in an ad hoc way.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Openly discusses data issues lessons learned from past mistakes. Communicates these consistently. This mostly occurs reactively in response to incidents.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Openly discusses data and learns from data problems regularly rather than reactively. People from different teams and levels of seniority regularly discuss data issues and how to act on them. Makes efforts to communicate lessons learned widely, but may not reach all relevant areas of the organisation.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Proactively and regularly promotes discussion of data problems at all levels. Shares lessons learned both internally and externally as appropriate. Communicates known data problems and lessons learned effectively across the organisation.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Working with internal data users and meeting their needs.", + "context": "", + "statements": [ + { + "text": "Occasionally engages with some internal users of the organisations data for feedback on their needs. Does not act on this unless required to do so by external mandates.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Engages with some internal users of the organisation’s data to know what their needs are. Beginning to act on this in some high profile areas.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Beginning to build relationships with a wide range of important internal users to learn about their needs. Acts on this in most high profile areas.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Establishes and maintains relationships with high impact internal users of data to understand their needs. Acts on this in all high profile areas and some other important areas. The approach to this is inconsistent across the organisation.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Has a clear understanding of the needs of all important internal users of the organisation’s data. Consistently responds to internal user needs as appropriate.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Working with external data users and meeting their needs.", + "context": "", + "statements": [ + { + "text": "Occasionally engages with some external users of t he organisations data for feedback on their needs. Does not act on this unless required to do so by external mandates.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Engages with some external users of the organisation’s data to know what their needs are. Beginning to act on this in some high profile areas.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Beginning to build relationships with a wide range of high impact external users to learn about their needs. Acts on this in most high profile areas.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Establishes and maintains relationships all high impact external users and most important external users of data to understand their needs. Acts on this in all high profile areas and some other important areas. The approach to this is inconsistent across the organisation.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Has a clear understanding of the needs of all important external users of the organisation’s data. Consistently responds to external user needs as appropriate.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + } + ] + }, + { + "title": "Skills", + "questions": [ + { + "text": "Engaging with support teams and networks to develop data skills.", + "context": "", + "statements": [ + { + "text": "Sees little or no value in engaging with others to develop staff data literacy.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Beginning to engage internally to improve awareness of government support teams and networks, but this is limited in scope to small groups of highly specialised staff. Individual staff working with data may engage with these informally and infrequently.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "The organisation makes deliberate and planned engagements with government support teams and networks to develop data literacy. Frequency of engagement is ad hoc, based on specific needs.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Embeds regular engagement with government support teams and networks in working practices. Keeps up to date with developments in the field as part of ongoing commitment to data literacy.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Becoming experts that other partners, peers and departments use as a resource.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + } + ] + } + ] + }, + { + "name": "Having the right data skills and knowledge", + "activities": [ + { + "title": "Culture", + "questions": [ + { + "text": "Recognising the importance of data in individual staff’s work.", + "context": "", + "statements": [ + { + "text": "Awareness of data across the organisation is low or non-existent. Very few staff see how data relates to their work.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Most staff recognise data is part of the organisation’s operation but are not aware of how it relates to their work.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "People across the organisation are starting to talk about data and beginning to understand how it relates to their work.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Data advocacy may be present in high value data management or analytical areas of the organisation to support embedding of awareness of data. The approach to this may be unstructured and inconsistent across the organisation.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Data advocacy is present in each area of the organisation to actively promote and maintain embedded data awareness across the organisation. The organisation proactively embeds into networks of data knowledge and research in the context of its work.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + } + ] + }, + { + "title": "Data", + "questions": [ + { + "text": "Understanding when data can be shared.", + "context": "", + "statements": [ + { + "text": "Shares the wrong data, or avoids sharing or using data, because of inappropriate or incorrectly applied privacy assessments.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Routinely shares some appropriate data sets with appropriate assessments in place. Understands the legal and security concerns around sharing data and beginning to weigh business needs with privacy and security concerns appropriately in some data.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Has identified the data that can be shared. Has appropriate assessments and licencing in place for all shared data sets.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Shares data with appropriate assessments and licencing in place. Beginning to engage with internal and external support networks or expertise. Challenges practices that limit data sharing.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Is seen as a leader in sharing data. Proactively works with cross-government networks and communities of practice, and internal and external experts to ensure continuous improvement in this area. Draws on a range of expertise to ensure data sharing does not compromise ethical use of data.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + } + ] + }, + { + "title": "Leadership", + "questions": [ + { + "text": "Linking data management practices to organisational outcomes.", + "context": "", + "statements": [ + { + "text": "Leaders do not understand the link between poor data management and risks to business outcomes.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Leaders are beginning to question how the organisation’s data management practices support its business outcomes. Data initiatives are carried out without explicitly linking to outcomes that the data supports.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Leaders understand how good data management supports business outcomes. Data initiatives may not be consistently linked to all of the outcomes that the data supports.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Leaders consistently ask about the link between data management work and business outcomes. They are beginning to explore how to ensure that data initiatives are connected to the outcomes that they support.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Leaders have a clear understanding of the link between data management and business outcomes. They proactively work to ensure that data initiatives are connected to the outcomes that they support.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Having data and analysis skills in senior leadership positions.", + "context": "", + "statements": [ + { + "text": "Senior business leaders have a very basic level of understanding or expertise in data or analytics but require specialist support to make use of these. This may be limited to interpreting data visualisations with specialist support.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Senior business leaders have a basic level of knowledge or some experience of data and analytics. Some leaders are capable of making use of analyses and data with some specialist support.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Beginning to increase knowledge and experience of data and analytics amongst senior leaders. Most leaders are capable of making use of analyses and data with minimal specialist support. An advocate for data is present within the senior leadership.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Addressing data and analysis skills gap in leadership as a whole. All senior leaders are confident in making some use of analyses and data without support, and many are capable of making extensive use of analyses and data with some support.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Has many people with a range of data and analysis expertise in leadership positions including at most senior levels. All senior leaders are confident in making extensive use of analyses and data independently or with minimal support.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Valuing and promoting data and analysis expertise in senior leadership roles.", + "context": "", + "statements": [ + { + "text": "Sees data management and analytical skills as irrelevant for current and future strategic leaders.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Beginning to see value in data and analytical skills as part of business leadership. However, data and analytical literacy in senior leadership remains limited.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Sees value in data and analytical skills as part of business leadership. Beginning to increase data and analytical literacy among some staff in senior leadership positions.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Has people in leadership positions with a range of data and analysis expertise who are visible and demonstrate good practice.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Has many people with a range of data and analysis expertise in leadership positions at all levels of the organisation. Proactively works to ensure that these skills are maintained, visible, and encouraged across the organisation.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Allocating appropriate resources to improving data literacy across the organisation.", + "context": "", + "statements": [ + { + "text": "Allocates resources to provide training to improve data skills only where it is externally mandated by legal or policy requirements.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Provides training for to improve data skills in an ad hoc way or on a localised basis. This is limited to a small group of highly specialised staff.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Supports people whose work is heavily involved in data management to improve their data skills. This is generally done on an ad hoc basis.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Beginning to commit to upskilling all staff working with data. This occurs inconsistently across the organisation without coordinated senior oversight.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Invests appropriately and continuously in data skills across the organisation. Plans for improving data literacy are aligned with wider business plans. Coordination across the organisation ensures all areas have proportionate goals and plans for improving data skills.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + } + ] + }, + { + "title": "Skills", + "questions": [ + { + "text": "Having good data literacy among staff and defined responsibility for data within staff roles.", + "context": "", + "statements": [ + { + "text": "Limits training or expertise in data literacy to small groups of junior staff, usually in IT or administrative roles.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Data literacy is patchy, mostly low, amongst staff. Basic or adequate skills and training in using data for operational and administrative purposes.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Expects and provides for staff to have the skills to adequately understand and make use of data systems and tools.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Increased data literacy and responsibility across the organisation. Defines dedicated responsibilities for data management and data architecture within staff roles.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "All staff trained with ongoing investment in developing data skills with high levels of data literacy across the organisation.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Engaging with communities of practice and learning networks to develop data skills.", + "context": "", + "statements": [ + { + "text": "Sees little or no value in engaging with internal or external data learning networks or communities of practice to develop staff data literacy.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Individual staff working with data are aware of some internal or external data communities of practice and some learning opportunities. Staff may engage with these informally based on personal interest.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Sees engagement with internal or external data communities of practice as valuable, but this is limited to specialist staff. Continues to engage on an ad hoc basis rather than a continuous basis.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Embeds structured engagement with data learning networks and communities of practice across the organisation. Makes this visible to all staff.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Actively participating or leading within data learning networks and in communities of practice. Exploring new tools and skills.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Defining responsibility for data within roles and committing to improving staff data literacy.", + "context": "", + "statements": [ + { + "text": "Has no interest in developing specialised data roles, or in upskilling or recruiting staff to fill knowledge gaps. Staff manage and use data as part of other roles without dedicated responsibilities for data.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Different staff collect, manage and use data as part of their roles without coordinated, consistent responsibilities assigned to roles. Beginning to consider some training or specialisation, but with minimal commitment to change.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Beginning to establish dedicated data responsibilities within staff roles in the organisation. Increasing commitment to improving data and analytical literacy within specialist teams.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Has established dedicated, consistent data responsibilities defined within staff roles with several people responsible for data in different roles or teams. Beginning to commit to improving data and analytical literacy across the organisation, but the approach is inconsistent in different areas.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Has established a dedicated, consistent approach to integrating data responsibilities in staff roles across the organisation. Has a strong, consistent, and visible commitment to improving data and analytical literacy across the organisation with clear routes into skilled data roles for all staff.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Choosing appropriate way to address gaps in data skills.", + "context": "", + "statements": [ + { + "text": "Uses a single method for addressing skill gaps such as contracting, upskilling, recruitment, without considering or weighing the options.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Beginning to consider different options when addressing skill gaps but decisions are not always clearly linked to the organisation’s long and short terms needs.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Consistently considers different options when addressing skill gaps. Beginning to link this to the organisation’s long and short term data skill needs.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Carefully considers different options when addressing data skill gaps in most areas and clearly links these to the organisation’s long and short term skill needs. However, the approach is not consistently embedded across the organisation.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Fully considers all options when addressing data skill gaps in line with the organisation’s long and short term skill needs. Takes a consistent and joined-up approach across the organisation.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Supporting development of specialist data staff.", + "context": "", + "statements": [ + { + "text": "Expects people to learn data skills ‘on the job’. Does not provide specialist training for data skills.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Small groups of specialist staff working with data have access to specialised data training. The approach is ad hoc and uncoordinated. Awareness and documentation of specialist data skills amongst staff across the organisation is poor.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Specialist staff working with data have some support to improve their skills. The approach is somewhat organised but lacks centralised coordination. Beginning to document and improve awareness of specialist data skills in the organisation.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Specialist staff working with data have some support to improve their skills. The approach is organised and coordinated, but inconsistent across different areas of the organisation. Has a clear understanding of what specialist data skills are present in the organisation.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Specialist staff working with data have appropriate support to continuously improve their skills. The approach is consistently organised and coordinated across the organisation. Has a clear understanding of what specialist data skills are present in the organisation and proactively plans to fill gaps.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Providing opportunities for staff to develop data and analysis skills.", + "context": "", + "statements": [ + { + "text": "Staff learn data skills only through experience, with no access to external knowledge or expertise around data or analytics.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Beginning to provide some limited, internal training for basic, ‘adequate’ data skills, though staff mostly learn through experience.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Provides training for data, analysis, and relevant systems and tools in-house or externally.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Individuals responsible for data have advanced training and skills and regularly engage in learning to develop and improve systems and embed these across the organisation.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Specialist staff regularly update skills and knowledge through training and conferences.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Understanding the data and analysis skills that your organisation needs.", + "context": "", + "statements": [ + { + "text": "Struggles to understand the needs and skills required for building the organisation’s data capabilities, due to a lack of interest in or information about in staff’s current skills.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Beginning to understand needs around data skills and capabilities.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Exploring up-skilling and recruitment to fill skills gaps. Invested in developing analytical skills across the organisation.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Understands data and analytical skills needs and gaps in important output areas. Opportunities to develop data and analytical skills are visible and available to both specialist and non-specialist staff.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Has a clear understanding of data and analytical skills needed. Proactively seeks to upskill existing staff to meet upcoming needs.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + } + ] + }, + { + "title": "Uses", + "questions": [ + { + "text": "Making data available and interpretable for different users.", + "context": "", + "statements": [ + { + "text": "Manually reworks data for presentation. Makes all presentation of data and analysis the same regardless of audiences.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Manually reworks data for presentation in written reports for different internal and external audiences.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Enables some internal users to interactively explore and report on the organisation’s data, however the user may need substantial technical expertise or support from data specialists to do so.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Enables most internal users and some external users to interactively explore, analyse and report on the organisation’s data. Non data specialists are able to do so with minimal specialist support, if any.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Carefully considers different audiences from the beginning when planning data and analysis presentation. Uses interactive and static presentations of analyses as appropriate. Presents data and analyses in a way to be easily and quickly interpreted by non-specialists without support.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + } + ] + } + ] + }, + { + "name": "Having the right systems", + "activities": [ + { + "title": "Leadership", + "questions": [ + { + "text": "Allocating appropriate resources to improve tools for data.", + "context": "", + "statements": [ + { + "text": "Leaders seek to improve or replace data systems and tools only when it is mandated externally.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Leaders seek to improve or replace data systems and tools reactively when insufficient systems and tools have damaged organisational outcomes.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Leaders dedicate some resources to improving or replacing data systems and tools, before poor tools damage organisational outcomes. This generally occurs on an ad hoc basis. Changes made do not consistently link to organisational needs and outcomes.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Beginning to proactively commit resources to improving and replacing data systems and tools. Changes made are linked to organisational needs and outcomes. This occurs inconsistently across the organisation without coordinated senior oversight.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Continuously and proactively dedicates appropriate resources to improving and replacing data systems and tools across the organisation. Plans for improving and maintaining tools are aligned with wider organisational needs and outcomes. Coordination across the organisation ensures all areas have proportionate goals and plans for improving and maintaining data systems and tools.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + } + ] + }, + { + "title": "Tools", + "questions": [ + { + "text": "Having the right tools for analysing data.", + "context": "", + "statements": [ + { + "text": "Data tools are only used for operational requirements. Analysts frequently spend time on labour-intensive workarounds to meet user needs due to inadequate analytical capability of tools.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Tools mostly used operationally rather than analytically. May allow some basic inbuilt analysis and reporting but most often data has to be exported for analysis in another tool. Possible advanced analytical tool used for basic data processing or descriptive statistical analysis.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Tools support efficient and effective outputs for high impact analytical processes. Efficiency and effectiveness of some lower priority outputs are still reduced due to inadequate tooling resources. Some tools may be disproportionately complex for the needs of the organisation.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Tools for analysis are in line with the organisation’s needs and enable analysts to produce effective, efficient outputs.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Tools that meet the peak of the organisation’s analytical needs are in place and available across the organisation. Tools for delivering batch analytics and real-time streamed data are used.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Having the right tools for organising and accessing data.", + "context": "", + "statements": [ + { + "text": "Uses tools for accessing and organising data that are highly disproportionate to the organisation’s needs. Reviews tools when failures have had a substantial negative impact on outcomes.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Most tools for organising and accessing data allow for the organisation to meet its objectives. Some tools may be disproportionate to the organisation’s needs.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Tools for organising and accessing data are proportionate to the organisation’s needs and allow for registers of data assets to be maintained and updated.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Regularly reviews tools for organising and accessing data to ensure they are adequate and proportionate for current and short-term future needs. Some awareness of tools that might be relevant to the organisation in the future, but interest and buy-in at senior levels is limited.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Makes use of horizon scanning for emerging technology. Understands what future tools are relevant and proportionate to the organisation’s needs.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Having tools that allow appropriate access to internal data.", + "context": "", + "statements": [ + { + "text": "Shares data mostly by emailing spreadsheets and documents as attachments with duplication, version control, and security issues.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Safeguards are in place to ensure that data sharing does not compromise data security.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Tools allow for data to be shared internally as live documents for improved version control. Non-experts may require support from specialist users.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Tools allow for effective, direct access to internal data for appropriate expert and non-expert users. Exploring tools to support secure, direct access to data for external users.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Tools able to access and utilise internal and external data directly, for both experts and non-experts.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Planning effectively to ensure adequate tools for data.", + "context": "", + "statements": [ + { + "text": "Dedicates resources to tools, systems and infrastructure for data only when critical systems fail or when changes are legally required.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Acquires systems and tools on a ‘needs-must’ basis, eg for a specific, isolated purpose or project, or when the existing systems and tools fail.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Primarily acquires systems and tools as ‘one-offs’ for specific purposes with limited flexibility for change or improvement. Considers replacements for all critical systems and tools, and researches and costs this before they fail. Dedicates some resources to improving software tools and ad-hoc hardware replacement.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Commits resources to new and existing systems and tools across the organisation, but the approach is inconsistent. Proactively considers and costs replacements and upgrades for all critical and some important systems and tools.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Commits resources to new and existing systems and tools across the organisation, with a consistent, coordinated approach across the organisation. Proactively considers and costs replacements and upgrades for all critical and important systems and tools.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Keeping tools for data up to date and supported.", + "context": "", + "statements": [ + { + "text": "Does not understand what data tools are in use. Provides minimal, ad hoc support for tools. Invests in updating tools only when out of date tools have had substantial negative impacts on outcomes.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Understands what data tools are in use and provides basic support for high priority tools. Invests in updating tools only when out of date tools begin to have negative impacts on outcomes.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Most data tools are up to date with support available. Work-arounds for inadequate tools to mitigate negative impacts on outcomes are not well communicated or understood.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Most data tools are up to date with support available. Communicates some work-arounds for inadequate tools, but inconsistently. Actively plans replacements for poorer tools.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "All data tools are up to date and have adequate support in place. Consistently records and communicates work-arounds for inadequate tools, with a proactive, structured approach to replacing poorer tools.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Sharing data internally.", + "context": "", + "statements": [ + { + "text": "Users are not able to find or access data that they need due to inadequate data storage tools. Access to stored data is not managed, or is managed ad hoc without structured processes.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some people or teams may use cloud-based document storage to share some data. Access is managed ad hoc on an individual level by staff who may not be specially trained in security and governance.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Data storage tools are beginning to be used that allow for broader, internal sharing across the organisation. Access to data for non-experts may require specialist support.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Data storage tools allow for internal sharing across the organisation, with internal and external access managed appropriately. Tools in use in some areas of the organisation are not proportionate to data and analytical needs. Non-experts are able to access most data without specialist support.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Data storage and sharing tools are proportionate to analytical capability and data needs. Storage tools allow for non-experts to access appropriate data without requiring specialist support. Internal and external access is managed appropriately.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Sharing analytics internally.", + "context": "", + "statements": [ + { + "text": "Analytics tools in use are outdated and do not allow the organisation to consistently share analytics in ways that meet their users’ needs.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Analytics tools are being updated and allow the organisation to share some analytics internally. Non-specialists are not able to meaningfully make use of analytics tools without extensive, direct support from expert users.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Available tools allow for effective internal sharing of analytics but may not be meaningfully usable by non-specialists without support.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Self-service analytics available both inside the organisation and to some relevant external partners and stakeholders. Non-expert users may require support from data and analysis specialists in order to make effective use of analytics.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Self-service analytics available both inside the organisation and to relevant external partners and stakeholders. Non specialist users are able to extract meaning from analyses without support.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Having the right tools and systems to collect and store data.", + "context": "", + "statements": [ + { + "text": "Mostly uses unstructured tools and systems to collect data such as emails, SMS messages, paper forms. Does not consistently transfer this data into a structured physical or digital storage system.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Mostly collects data manually and then enters it into an isolated database or spreadsheet for analysis and reporting.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Holds data in a range of systems and tools that are all separately managed. Interlinking between systems is restricted by default rather than by design.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Collects and automatically stores data digitally wherever possible eg online forms or apps directly into databases. Beginning to break down silos by increasing interlinking between systems and tools.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Has capacity to store, manage, and analyse increasingly large volumes of data from multiple sources. Breaks down silos by increasing interlinking between data storage systems and tools with appropriately managed access.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Storing data in organised ways.", + "context": "", + "statements": [ + { + "text": "Data is disorganised and unmanaged and stored in a range of places: on desks, in filing cabinets, individual people’s email inboxes, computers, phones, or other devices.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Stores most data in designated locations. Data is stored in hardcopy and digital formats. Accessing the data requires physical presence in those designated locations. Organisation and management of stored data is ad hoc or manual.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Mostly stores important digital data on a secure, backed-up environment such as a cloud-based system or local server with managed access. Some data may remain inaccessible on computers, central shared drives or devices.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Stores all important data relevant to important business operations and outcomes in secure, backed-up digital systems with managed access where possible.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Draws data from a streamlined number of sub-databases and systems. Holds data in properly supported, securely accessed databases", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + } + ] + } + ] + }, + { + "name": "Knowing the data you have", + "activities": [ + { + "title": "Data", + "questions": [ + { + "text": "Ensuring findability of data.", + "context": "", + "statements": [ + { + "text": "Relies on individual staff member’s knowledge to make find data and make it available to those who need it. Finding data is ad hoc and inefficient.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Documents critical data sets in a central location, with a location of the data set. Relies on ad hoc processes or substantial specialist support to make data available to those who need it.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Documents all critical and some important data sets in a central location, with a location of the data set. The data is available to those who need it through efficient, structured routes. Some data requires specialist support to access.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Documents all critical and important data sets in a central location, with the location of the data set. The data is available to those who need it through efficient, structured, well-communicated routes. Most data can be accessed without specialist support.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Documents all critical and important data sets and makes them fully findable by all authorised users. Users are consistently able to access the data they need without specialist support.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Managing disposal of data in the right way.", + "context": "", + "statements": [ + { + "text": "Complies with minimum legal requirements for archiving of data. Disposal of data is ad hoc and does not consider the value or retention needs of the data.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Plans for organised disposal of data, but does not consider different value and sensitivity of data or retention needs for different data sets. Consistently records established processes for disposal of data and ownership of those processes.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Links the retention period for data in high profile data assets to the long-term value, sensitivity and context of the data. Records processes for disposal of the data alongside the data asset.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Automates disposal of data in line with legal requirements and the long-term value of the data. Documents processes for data disposal clearly, and reviews them in tandem with changes to the data.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Proactively considers the requirements and processes for end-of-lifecycle disposal of data at the beginning of the data lifecycle. Consistently balances user needs with requirements for long-term preservation of data when implementing data initiatives.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Recording the data you hold, and ensuring people can access it.", + "context": "", + "statements": [ + { + "text": "Has no formal record of the data that the organisation holds. Nobody is aware or interested in the data assets in the organisation.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Has a basic register of data assets. The process for how to record data in the register is not described, supported or monitored. There is no public layer to the records and the register cannot be accessed by those who need it.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Has a register of data assets with standardised processes. The register can be accessed by request at the discretion of the accountable party with no consistent, communicated process in place for this.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Has a comprehensive and standardised register of data assets with efficient and appropriately governed internal access. Exploring processes for a public access layer for transparency of the nature assets held by the organisation that cannot be accessed directly, but this may be poorly communicated.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Has a comprehensive, standardised, and visible register of data assets with efficient and appropriately governed internal and external access. A public access layer supports transparency around data assets that require limited access.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Keeping good metadata.", + "context": "", + "statements": [ + { + "text": "Has metadata for some data sets. Where metadata is present it is often incomplete or out of date.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Has metadata for most high priority data sets, however it may be incomplete and is not updated in tandem with changes to the data. Metadata does not account for user needs.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Includes information in metadata regarding where and when the data was collected or acquired, accounting for licencing that may affect long-term preservation. Metadata format and structure is standardised to some degree.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Includes information in metadata regarding why the data set was created or acquired, and the purposes and users for which the data set was created. Marks sensitivity of data in critical data sets, but this may be inconsistent across the organisation. Standardises metadata based on some understanding of user needs.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Actively maintains and updates metadata in tandem with changes to the data for all known data sets. Supports prevention of mosaic re-identification when combined with other data in archives by marking sensitivity of data clearly. Standardises metadata based on an in-depth understanding of user and data needs.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + } + ] + } + ] + }, + { + "name": "Making decisions with data", + "activities": [ + { + "title": "Leadership", + "questions": [ + { + "text": "Basing decisions and organisational planning on data.", + "context": "", + "statements": [ + { + "text": "Leaders rely on gut feeling, experience and what seems to work rather than data for decision making.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Typically uses data about what happened in the recent past and verbal accounts of what is happening now for decision-making.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Uses past and current data to understand trends and support some decision making.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Monitors what is happening in the present as well as past trends. Some exploratory forward-looking research and predictions.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Uses past, present and forward looking data for business planning and decision making (this may include forecasting, modelling, prediction and optimisation).", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Linking decisions that affect organisational outcomes to data.", + "context": "", + "statements": [ + { + "text": "Links decisions that affect business outcomes to data only when it is required for external reporting purposes. Does not consider the value of the organisation’s data to internal and external users.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Beginning to link decisions that affect high profile organisational outcomes to data. Customers and users are not considered when making changes based on data.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Links decisions that affect high profile organisational outcomes to data. Beginning to consider customers and users when making changes based on data.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Links decisions that affect all critical and some important organisational outcomes to data. Considers the needs of customers and users when making changes based on data. This is applied inconsistently across the organisation.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Consistently links decisions that affect all critical and important organisational outcomes to data. Takes a customer-focused approach, incorporating the value that the organisation’s data has to its users into decision making.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Using data to monitor and improve performance.", + "context": "", + "statements": [ + { + "text": "Leaders use anecdotal accounts of what is happening rather than data to monitor and improve organisational performance.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Leaders make use of some existing data to monitor performance in some high profile areas of the organisation. Decisions on how to improve are informed by both data and anecdotal accounts of what is happening.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Leaders make use of multiple data sources to monitor and improve organisational performance in all critical areas. Leaders are beginning to question what other data could be used for this. The approach is inconsistent across different areas of the organisation.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Leaders make use of data to monitor and improve performance in all critical areas and some important areas. Senior leaders actively question these data sources and support efforts to improve or broaden the data used for these purposes. The approach is somewhat inconsistent across different areas of the organisation.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Leaders use data to monitor and improve performance in all critical and important areas of the organisation. Leaders proactively encourage the use of new sources of data to better understand performance. The approach is consistent across different areas of the organisation.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + } + ] + }, + { + "title": "Uses", + "questions": [ + { + "text": "Using data for operational and strategic purposes.", + "context": "", + "statements": [ + { + "text": "Collects and uses data for requisite purposes eg basic financial management and legal or compliance reporting.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Captures data relating to internal activities and measuring outputs. Conducts basic financial analysis and forecasts.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Uses data for both operational and strategic purposes.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Actively exploring more ways to get more value out of data for operational and strategic purposes.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Uses data extensively for a wide range of strategic and operational purposes. Proactively looks for ways to get more value out of data to meet current and future needs.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Influencing stakeholders with data.", + "context": "", + "statements": [ + { + "text": "Makes data available to stakeholders and partners only in line with legal or policy requirements. Does not see data as useful in conversation to influence stakeholders.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Starting to make some data available to stakeholders and partners but does not consistently use the data as part of conversation to influence them.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Starting to lead conversations with stakeholders and partners using data.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Can coherently make the case to stakeholders and budget holders for existing and new services, products, and campaigns.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Uses data to provide robust, credible evidence to influence policy and decision makers.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Using data for business planning and strategy.", + "context": "", + "statements": [ + { + "text": "Prioritises speculative, subjective or anecdotal information, over data, to inform decisions.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Starting to use data to inform efficiency savings. Does not frequently use data to influence strategic decisions.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Consistently uses data to inform initiatives to improve efficiency and resource management. Sometimes uses data to support strategic planning and decision making.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Consistently uses data to understand which approaches work and which do not. Strategic planning and decision making are consistently informed by data.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Uses data and analyses of past, present, and future as core elements for all strategic planning and decision making.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Using data on customer needs to improve services.", + "context": "", + "statements": [ + { + "text": "Only collects data about customers’ and users’ needs in line with minimum legal or policy requirements. Does not communicate or implement insights from this data.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Collects some data about customers’ and users’ needs. The insights and understanding gained from the data is inconsistently communicated and applied to improving products and services.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Collects data to be able to understand and evidence the types of customers’ needs and problems the organisation addresses. Uses both internal and reliable external data sources to do so.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Collects data to understand and evidence a range of customer and user needs. Beginning to use this data as part of discussions for changing, updating, or introducing products and services.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Predicts user needs and service or product options based on understanding customer behaviours and how to influence these for the best outcomes.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Knowing who uses your products and services.", + "context": "", + "statements": [ + { + "text": "Records basic customer information and activities or work delivered in order to operate at a basic level.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Starting to explore service users, customers, and target audiences. Beginning to account for ethical considerations and any particular groups who could be negatively affected by the organisation’s data, but at a late stage.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Starting to use data to understand different ways customers initially contact and engage with services over time (or not). Accounts for ethical considerations and any particular groups who could be negatively affected by the organisation’s data. However this is inconsistent across the organisation and considered at a late stage.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Regularly reviews and adapts services, products and campaigns in response to data to optimise outcomes. Designs services to ensure inclusion and protection for societal groups who could be negatively impacted by the organisation’s data. Applies this somewhat inconsistently across different areas of the organisation.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Uses data to optimise design and delivery of services, products and campaigns at an individual or personal level. Consistently designs services from the beginning to ensure inclusion and protection for societal groups who could be negatively impacted by the organisation’s data.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Targeting services and campaigns.", + "context": "", + "statements": [ + { + "text": "Holds data on groups and locations where products and services are used, but does not use the data to evaluate differences or take action to target products and services.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Beginning to use data to understand the differences in groups and locations where products and services are used.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Uses data to understand the needs of end users. Beginning to use this understanding to target services, products, and campaigns at specific groups and geographic locations.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Uses data to understand the needs of end users and internal users. Consistently uses this understanding to improve efficiency and effectiveness of targeting services, products, and campaigns at specific groups and geographic locations.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Uses data to create highly targeted services and products in collaboration with other partners and service providers where appropriate. Uses understanding of internal needs to deliver insights and predictions to proactively improve services and products.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Monitoring product or service performance, and use of resources.", + "context": "", + "statements": [ + { + "text": "Does not use data to monitor and improve organisational performance except where legally required.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Uses existing data to improve some organisational performance and effectiveness.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Makes use of multiple data sources to monitor and improve all critical areas of organisational performance. Beginning to seek new data to do this.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Uses data to actively improve all critical areas of organisational performance, and some important areas. Actively seeks data and makes use of multiple data sources, including feedback from users or customers.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Uses data to actively improve all critical and important areas of organisational performance. Actively seeks out new sources of data, including user and customer feedback, to monitor and improve organisational performance. Routinely reviews these data sources to ensure effectiveness.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + } + ] + } + ] + }, + { + "name": "Managing and using data ethically", + "activities": [ + { + "title": "Culture", + "questions": [ + { + "text": "Accounting for limitations in data and how this may introduce bias.", + "context": "", + "statements": [ + { + "text": "Only accounts for how limitations in data that may create bias and negatively affect particular groups where it is externally mandated by legal, policy, or service level agreement requirements.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Beginning to account for how limitations in some high profile data sets may introduce bias that can negatively affect any particular groups. This occurs inconsistently in small pockets of the organisation.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Accounts for limitations in all high profile data sets that may introduce bias and negatively affect any particular groups. This may be inconsistent across different areas of the organisation.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Accounts for limitations in all high profile data sets and some important data sets that may introduce bias. This occurs consistently for high profile areas, but pockets of the organisation still struggle to apply this consistently.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Proactively considers how limitations in all high profile and important data sets may introduce bias. A consistent approach is taken across the organisation to ensure that limitations to data do not negatively impact any particular groups.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Ensuring transparency and scrutiny of data processing and analysis.", + "context": "", + "statements": [ + { + "text": "Does not ensure transparency in processing and analysis of data even where this is not restricted. Routes for public scrutiny and accountability are not available.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Ensures transparency around most high profile processing and analysis of data where appropriate. Routes for public scrutiny and accountability exist for high profile processes where appropriate, but are not well communicated. Considerations of these are ‘added on’ after the process is already active.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Ensures routes for public scrutiny exist for all appropriate processing and analysis of data and is making efforts to make these more visible. Makes methods and objectives used for this transparent where appropriate. Approaches to this tend to be considered as an after thought, not an integral part of developing the process.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Ensures routes for public scrutiny of processing and analysis of data are visible and well communicated where possible. Considers transparency and public scrutiny from the beginning as a fundamental part of all high profile processes.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "All processing and analysis of data has transparency and public scrutiny in mind from the early planning stages where appropriate. Makes internal, external, and public scrutiny integral to the design of all processes where possible.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Considering and mitigating ethical impacts of bias in data.", + "context": "", + "statements": [ + { + "text": "Considers potential negative impacts of interventions or data activities on specific societal groups and an extremely late stage in the process, and only where it is externally mandated by legal or policy requirements.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Explores potential negative impacts of interventions as well as data ethics.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Consistently considers potential negative impact of data initiatives on specific societal groups. Some parts of the organisation engage with external experts or advisory boards for high profile projects.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Seeks guidance from external data ethics advisory board. Consults with stakeholders in civil society groups or academia to improve ethical use of data. High profile projects may include public consultation.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Keeps up with societal changes in order to ensure that data collection and publication remains inclusive to all. Conducts extensive public consultations with groups who may be affected by data initiatives to ensure transparency and mitigate bias.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Meeting accessibility standards for published data.", + "context": "", + "statements": [ + { + "text": "Considers accessibility for published data and analysis at an extremely late stage, and only to the degree that it is externally mandated by legal or policy requirements.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Aware of accessibility requirements for active publications. Beginning to meet requirements that have an impact on the largest number of users.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Ensures that new publications meet accessibility standards, but previous, active and relevant publications have not been updated to meet minimum standards.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Beginning to ensure that all prominent active publications meet accessibility requirements.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Ensures that all active published data and analyses meet or exceed requirements for accessibility. Considers accessibility from the beginning when designing new analytical publications.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Ensuring transparency and scrutiny of data.", + "context": "", + "statements": [ + { + "text": "Complies with minimum legal requirements for transparency and public oversight of data use. These requirements are considered at a late stage of projects and usually met as an after thought.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Beginning to recognise the potential for increasing transparency and public oversight of the organisation’s data objectives, but no firm or structured plans. Where this occurs, it is driven by internal engagement.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Beginning to consider public visibility and oversight as a core element of high profile data initiatives. Engagement with some users to improve transparency occurs in isolated pockets of the organisation.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Engages with users to ensure appropriate transparency and accountability in structured ways. Some parts of the organisation consistently consider how to ensure appropriate public visibility from the start when planning data initiatives.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Actively engages with appropriate communities to empower the public to hold the organisation to account on their data objectives. Considerations of public visibility are integral to planning new data initiatives.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + } + ] + }, + { + "title": "Data", + "questions": [ + { + "text": "Understanding interactions of automated data processing and ethical data practices.", + "context": "", + "statements": [ + { + "text": "Does not consider how to use automation in data supply and processing. Does not consider how automation can reduce risks or bias in data processing. Does not consider oversight, transparency, and public scrutiny when automating data processing. Does not document these processes.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Beginning to consider how to use automation in high profile areas of data supply and processing. Beginning to consider how to mitigate against automation risks in high profile areas, however does so inconsistently and usually after the implementation. Beginning to consider oversight, transparency and routes for public scrutiny when automating data processing. Does not document changes to these processes.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Consistently considers risks and benefits of automation of data supply and processing and in high profile areas. Understands where automation is proportionate, and mitigates against the potential for automation to introduce bias, though somewhat inconsistently in different areas of the organisation. Consistently considers oversight, transparency, and public scrutiny of automated data processing, but does so at a late stage. Documentation of changes is sporadic.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Consistently considers the risks and benefits of automation in all high profile areas, and beginning to do so in other areas. Understands where automation is proportionate, mitigates risks appropriately, and plans to do so from early stages for all processes, though this may be inconsistent across the organisation. Considers oversight, transparency, and public scrutiny from early stages of automation initiatives, and consistently documents all changes.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Has a clear understanding of the interactions between automation of data supply and preparation and data ethics. Proactively plans automation in processes to reduce human bias whilst carefully considering and mitigating any bias the automation could introduce. Plans for oversight, transparency, and public scrutiny from the beginning in all data processing automation initiatives. Documents all changes to these processes and the reasons for the changes clearly and consistently across the organisation.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Collecting data in inclusive and ethical ways.", + "context": "", + "statements": [ + { + "text": "Considers accessibility, transparency and the potential for bias in data collection at a late stage in the development process, and only to meet legal or policy requirements.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Checks data for bias and documents any mitigation made against bias. Considers transparency and accessibility in data collection methods but applies this at late stages in development to meet legal or policy requirements.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Embeds transparency of methods into the process when designing data collection where appropriate. Makes efforts from the beginning to mitigate bias and make collection methods accessible to ensure that no societal group is disadvantaged by the methods used. Applies this very inconsistently in different areas of the organisation.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Embeds transparency, inclusivity and accessibility in data collection methods from the beginning. Checks data collection processes for bias, with actions to mitigate bias recorded and communicated. Applies this somewhat inconsistently in different areas of the organisation.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Embeds a deep consideration of data ethics from the beginning when planning data collection. Proactively embeds transparency of methods, accessibility, inclusivity and mitigation of bias into new data collection processes consistently across the organisation.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + } + ] + }, + { + "title": "Leadership", + "questions": [ + { + "text": "Creating diverse leadership to support ethical use of data.", + "context": "", + "statements": [ + { + "text": "Considers data ethics through a limited lens due to a lack of diversity in leadership.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Considers data ethics, but faces difficulty in doing so with depth or breadth due to a lack of diversity in the organisation’s leadership.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Understands the importance of diversity amongst leadership in supporting ethical use of data. Beginning to build a more diverse leadership team.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Has an increasingly diverse leadership team which is beginning to support depth and breadth in considerations of data ethics.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Has a diverse leadership team which consistently supports broad perspectives on the use, value, and ethics of data at all stages of its lifecycle.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Ensuring responsibility and oversight for data ethics.", + "context": "", + "statements": [ + { + "text": "Senior leaders only engage with ensuring oversight and scrutiny is in place for the ethical use of data where it is externally mandated by legal or policy requirements.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Senior leaders are beginning to engage with ensuring external and public oversight and scrutiny is in place for the ethical use of data. However, their approach is unstructured or reactive.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Senior leaders are engaged with ensuring oversight and scrutiny is in place for the ethical use of data however this does not consistently reach across the organisation. Lines of responsibility and accountability for data ethics are structured, but visibility of these is poor.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Senior leaders are engaged with ensuring oversight and scrutiny is in place for the ethical use of data across the organisation. Lines of responsibility and accountability for data ethics are structured, though visibility of this may be limited. Champions for data ethics are present in the organisation, however they may lack the seniority or the reach to have a large impact.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Senior leaders are proactively engaged with ensuring oversight and scrutiny is in place for the ethical collection, storage, and use of data across the organisation. Senior leaders are highly visible as champions for promoting data ethics across the organisation. Responsibility and accountability for this is clear, structured, and visible.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + } + ] + }, + { + "title": "Skills", + "questions": [ + { + "text": "Having the skills to understand ethical management and use of data.", + "context": "", + "statements": [ + { + "text": "Staff consider ethics when working with data only in line with legal or policy requirements, due to a lack of availability or interest in relevant training.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Staff working with data have awareness and skills to identify and address bias in data.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Staff working with data have a firm understanding of the importance of ethical use of data and are beginning to see how this applies to their own work.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Staff have the skills to understand the unintended consequences of data collection and use, and how misuse of data can reinforce existing problems in the treatment of different societal groups.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Staff working with data are confident in proactively mitigating against negative impacts for particular societal groups in the way that they collect, process, store, and destroy data. They are able to identify areas where misuse could reinforce existing problems.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + } + ] + }, + { + "title": "Tools", + "questions": [ + { + "text": "Ensuring tools for data are inclusive.", + "context": "", + "statements": [ + { + "text": "Considers accessibility and inclusivity for tools at the end of the acquisition or design process, and only when it is externally mandated by legal or policy requirements.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Data and analytics tools meet minimum accessibility requirements. Considers accessibility and inclusivity as an afterthought at a late stage when designing or acquiring tools.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Adapts tools for data collection, storage, and processing to improve inclusivity for different societal groups. Considers inclusivity and accessibility at a late stage in the process when designing or acquiring new tools.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Designs new tools with inclusivity and accessibility in mind for all users from the earliest stages of the design process.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Sees accessibility and inclusivity as high priority from the beginning when updating, designing or acquiring any tools.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + } + ] + } + ] + }, + { + "name": "Managing your data", + "activities": [ + { + "title": "Culture", + "questions": [ + { + "text": "Building a data quality culture.", + "context": "", + "statements": [ + { + "text": "Measures and addresses data quality at extremely late stages, and only when it is externally mandated by legal, policy or service level agreement requirements. Does not link data quality to business outcomes.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some interest in improving data quality, but does not consistently link these to damages to business outcomes. Attempts to improve data quality are ad hoc and do not address root causes.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Beginning to understand data quality in terms of the risks it poses to business outcomes. Addresses issues with data quality through tackling root causes not only through cleansing.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Consistently links data quality to the risks it poses to business outcomes. Aware of trade-offs in data quality in line with the needs of users and the purposes of data.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Consistently frames all data quality issues in terms of their impact on business outcomes. Everyone in the organisation is committed to ensuring quality data is available to support services and decision-making.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Managing data disposal the right way.", + "context": "", + "statements": [ + { + "text": "Considers disposal of data only at a very late stage in the data lifecycle. Defines ownership of and responsibility for disposal of data only in line with minimum legal or policy requirements. Does not understand differences in types of disposal of data.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Staff responsible for data sets understand differences in types of disposal. Responsibilities for implementing appropriate disposal methods are beginning to be defined. Any considerations of how to dispose of data occur at a very late stage in the data lifecycle.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Beginning to give greater consideration to data disposal, but it is not seen as fundamental when planning data initiatives. Ownership and responsibility for disposal of data is recorded alongside all high profile data sets. Staff working with data have some understanding of expectations and requirements for data preservation and disposal.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "All staff working with data understand their responsibilities to ensuring records are able to be created and preserved of all appropriate data. Responsibility for disposal of data is defined and recorded alongside all data assets, but implementation is inconsistent across the organisation.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Collaborates with archiving experts to ensure that data sets can be preserved appropriately. Proactively considers the end of the data lifecycle when planning new data initiatives. Ownership of and responsibility for disposal of data is clearly defined, recorded, and implemented for all data assets.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Communicating limitations of data appropriately to users.", + "context": "", + "statements": [ + { + "text": "Communicates limitations of data only in line with externally mandated requirements. The style and method of this communication does not consider users’ needs.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Beginning to understand limitations of data and communicates these in some high-profile areas. Some pockets of the organisation consider the needs of some important users and communicate in a way to meet these needs, through a limited range of routes.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Understands and communicates limitations of data in all high-profile areas. Understands the needs of some important users and communicates in a way that meets these needs, however the range of routes may be limited. The approach to this is inconsistent across different areas of the organisation.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Understands and communicates limitations of data. Understands the needs of most important users of the data and communicates in a way that meets these needs, using a range of appropriate routes. The approach to this is inconsistent across different areas of the organisation.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Understands and communicates limitations of data. Understands the needs of all important users of the data and communicates in a way that meets these needs, using a range of appropriate routes. The approach to this is consistent across the organisation.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + } + ] + }, + { + "title": "Data", + "questions": [ + { + "text": "Linking data collection processes to organisational outcomes.", + "context": "", + "statements": [ + { + "text": "Collects data in order to meet minimum requirements without understanding how this is attached to business needs. Has a minimal awareness of collection methods based on what has previously been used, but does not record or address errors.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Beginning to understand the need to collect data that is attached to business needs, and to avoid collecting data that is not. Does not regularly apply or incorporate this into practices. Has some awareness of collection methods and errors but does not record or address these.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Understands the need to collect data that is attached to business needs, and to avoid collecting data that is not. Beginning to incorporate this into planning collection or use of data. Beginning to consider and record methods and errors but does not consistently address these.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Understands the need to collect data that is attached to business needs, and to avoid collecting data that is not. Incorporates this in critical business process in some areas of the organisation. Regularly plans ahead regarding the collection or use of data but this is not embedded from beginning to end. Considers and records methods and errors and is beginning to address these in higher profile initiatives.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Has a clear understanding of the need to collect data that is attached to business needs, and to avoid collecting data that is not. Consistently incorporates this in critical and important business process across the organisation. Embeds planning of collection or use of data from beginning to end. Gives full consideration to methods and errors and ensures that these are addressed promptly.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Acquiring existing data in the right way.", + "context": "", + "statements": [ + { + "text": "Acquires existing data over collecting data only when required or requested to do so by external impetus. Does not record licencing of acquired data alongside data sets.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Beginning to understand the difference in value of acquiring existing data compared to collecting new data and which is most appropriate. Does not make use of existing data. Has some awareness of licencing of data acquired from other sources but does not record licencing of acquired data alongside data sets.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Understands the value of using existing data rather than collecting new data and which is most appropriate. Beginning to make use of some open data sets where appropriate. Beginning to record licencing of data acquired from other sources alongside data sets. Beginning to plan for effects of licencing on long-term preservation of data sets containing acquired data.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Understands the value of using existing data rather than collecting new data and which is most appropriate. Makes good use of open data sets where appropriate but does not fully embed the approach from beginning to end. Records and communicates licencing of data acquired from other sources but this approach is not fully embedded from beginning to end. Plans for effects of licencing on long-term preservation of data sets containing acquired data but this approach is not fully embedded from beginning to end.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Has a clear understanding of the value of using existing data rather than collecting new data and which is most appropriate. Makes full use of open data sets where appropriate and fully embeds the approach from beginning to end. Fully records licencing of data acquired from other sources and this approach is fully embedded from beginning to end. Plans for effects of licencing on long-term preservation of data sets containing acquired data and this approach is fully embedded from beginning to end.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Applying data users’ needs to product design.", + "context": "", + "statements": [ + { + "text": "Has a minimal awareness of who the users of the organisation’s data are and what their needs are, driven only by legal or service level agreement requirements. Does not incorporate or apply information about data user needs in product design and development", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Has some awareness of who the users of the organisation’s data are and what their needs are, but does not incorporate this into product design and development.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Understands who the users of the organisation’s data are and what their needs are. Beginning to incorporate and apply user needs into product design and development.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Has a good understanding of data users and their needs though this may be inconsistent across the organisation. Beginning to incorporate and apply data users’ needs in product design and development, but this is not embedded from beginning to end.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Has a clear understanding of data users needs in all relevant areas of the organisation. Consistently incorporates and applies data users’ needs in product design and development, and embeds this from beginning to end.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Collecting data with user needs in mind.", + "context": "", + "statements": [ + { + "text": "Has a minimal awareness of the user (eg member of the public or civil servant) providing data to government, driven only by legal or service level agreement requirements. Designs and develops products without considering or incorporating the needs of these users.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Has some awareness of the needs of the user providing data, and of user-centred design and methods. Does not incorporate or apply this understanding in product design and development", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Understands the needs of the user providing data, and of user-centred design and methods. Beginning to incorporate and apply this understanding to product design and development.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Has a good understanding the needs of the user providing data, and of user-centred design and methods, though this may be inconsistent across the organisation. Incorporates and applies this understanding to product design and development in some areas, but may not embed this from beginning to end.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Has a clear understanding of the needs of the user providing data, and of user-centred design and methods in all relevant areas of the organisation. Fully embeds application of this understanding in product design and development from beginning to end.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Conducting data quality assessments.", + "context": "", + "statements": [ + { + "text": "Assesses data quality only when it is externally mandated by legal, policy, or service level agreement requirements. Does not record or track data quality assessment results over time.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Assess data quality against generic standards. Does not update data quality assessments across the lifespan of the data.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Re-assesses data quality during the data’s lifetime, but does not link the frequency of assessment to changes in the data. Beginning to conduct assessments that consider quality dimensions, measurements, and requirements in relation to the way in which the data is used.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Proactively monitors the quality of data in important data sets is in a way that is linked to purpose, documented and communicated. Conducts data quality assessments that are evidence-based and tracked over time.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Proactively monitors and fully understands the quality of the data it holds and hence has high levels of confidence and trust in its data.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Managing data quality across the data lifecycle.", + "context": "", + "statements": [ + { + "text": "Makes efforts to manage data quality only when it is externally mandated by legal, policy, or service level agreement requirements. Does not make dedicated resources available for this.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Manages data quality ad hoc and at a late stage in the data lifecycle. Where resources and processes are in place for managing data quality, they focus only on data cleaning.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Beginning to manage data quality for priority data at different stages of the data lifecycle.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Puts resources and processes in place for managing data quality at all stages of the data lifecycle, but does not apply this consistently across the organisation.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Proactively invests in resources to collect, maintain, and manage high quality data at all stages of the data lifecycle. Data quality is managed consistently across the organisation.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Understanding the data quality needs of your users.", + "context": "", + "statements": [ + { + "text": "Engages with a minimal number of internal users to understand data quality needs, based primarily on policy or service level agreement requirements.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Beginning to engage with some immediate users of the organisation’s priority data to understand their data quality needs.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Accounts for the needs of immediate, internal users in data quality assessments and initiatives", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Actively engages with a wide range of internal users to understand their data quality needs and reviews these needs regularly. Beginning to communicate data quality alongside high profile data sets.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Considers the data quality needs of all knowable users alongside immediate internal user needs when collecting, processing, and publishing data. Consistently communicates the quality of data alongside data sets.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Understanding what data processing to automate.", + "context": "", + "statements": [ + { + "text": "Does not understand what data processing can or should be automated. Where automation occurs, it does so without understanding or considering what is useful and proportionate in the long-term to achieve efficiency and quality.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Beginning to understand what data processing can and should be automated. Makes some consideration of what automation is useful and proportionate in the long-term to achieve efficiency and quality in high profile processes, though the approach is inconsistent and occurs as an after thought.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Able to apply a good understanding of what data processing can and should be automated for high profile areas, but inconsistently elsewhere. Considers what automation is useful and proportionate in the long-term to achieve efficiency and quality, but somewhat inconsistently in different areas of the organisation.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Has a good understanding of what data processing can and should be automated for high profile areas, and is beginning to apply this consistently across the organisation. Considers what automation is useful and proportionate in the long-term to achieve efficiency and quality but with some inconsistency.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Has a clear understanding of what data processing can and should be automated. Carefully considers what automation is useful and proportionate in the long-term to achieve efficiency and quality.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Building reproducible data processing.", + "context": "", + "statements": [ + { + "text": "Designs data processing without considering adequate testing, transparency and documentation to ensure that processes can be reproduced for the same output. Does not document processes or changes to processes.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some testing and documentation for important data processing. Aware of the importance of documentation or transparency to ensure good automation. Documentation that exists may not be appropriately available to those who need it, or may assume prior knowledge of the processes.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Tests and documents most important data processing and is able to reproduce the same outputs efficiently in most cases. Testing covers a range of data scenarios. Documentation of processes is sporadic, this may be done at a late stage. It may be poorly communicated or inaccessible. The approach is highly inconsistent across the organisation.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Designs, tests and documents all important data processing. Tests include typical changes that may occur. Testing strategy may be considered after processes are created. Most processes are clearly documented, documentation is communicated and available as appropriate. The approach is somewhat inconsistent across different areas of the organisation.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Proactively designs, tests, and documents all important data processing from the beginning to ensure that they can be efficiently reproduced with the same outputs and are resilient to change. Documentation and processes are transparent, communicated and available as appropriate. The approach is consistent across the organisation.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Applying data standards in your organisation.", + "context": "", + "statements": [ + { + "text": "Applies data standards only where they are externally mandated for compliance. Considers interoperability between data sets only to mitigate against critical failures.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Beginning to apply data standards on an ad hoc basis where interoperability between data sets is needed for a specific purpose.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Applies data standards in some areas but does so inconsistently. Some data is versatile and re-usable internally for limited purposes.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Beginning to apply data standards consistently enough to allow data to be re-used internally for a range of purposes. Some data is re-usable externally but with limited scope.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Applies data standards consistently across the organisation to ensure that data is versatile and re-usable for multiple purposes and audiences.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Engaging with cross-government data standards.", + "context": "", + "statements": [ + { + "text": "Only engages with data standards in other areas of government to comply with externally mandated requirements.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Engages with other areas of government to begin exploring how to implement data standards internally.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Acknowledges the importance of data standards in other areas of government. Actively engages internally to embed standards.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Actively applying most cross-government data standards. Exploring shared measures and benchmarks with other organisations.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Proactively involved in the development of cross-government standards and actively applies these across the organisation. The organisation compares its data with other organisations through shared measures and benchmarks.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + } + ] + }, + { + "title": "Leadership", + "questions": [ + { + "text": "Engaging senior leaders with data and its value to the organisation.", + "context": "", + "statements": [ + { + "text": "Leaders are not engaged with data or how it is used. They do not understand how difficult or complex it is to achieve their requests for data.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Leaders are aware of some uses for data in the organisation but do not see value in it for business outcomes. Leaders do not see data as a priority in the organisation.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Leaders occasionally ask questions about the data they are given but are not entirely convinced about its value. Leaders have little or no interest in the full data lifecycle.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Leaders are beginning to engage with the value of data throughout the data lifecycle. They ask the right questions of data, are active in harnessing its value, and supportive of the organisation’s data needs.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Leaders are fully engaged with the value of data at all stages of the data lifecycle. They proactively seek to understand the organisation’s current and future data needs.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + } + ] + } + ] + }, + { + "name": "Protecting your data", + "activities": [ + { + "title": "Culture", + "questions": [ + { + "text": "Managing policies for data protection and data security.", + "context": "", + "statements": [ + { + "text": "Has basic policies for data protection and security in place, but does not have a method to monitor or enforce these.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Has policies in place to ensure data about identifiable individuals is deleted when no longer necessary and to respond to subject access requests.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Monitors and enforces policies for data protection and data security consistently. Reviews policies regularly to ensure they are fit for current needs.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Communicates and enforces policies for data protection and data security consistently. Beginning to embed policies across all levels of the organisation.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Thoroughly embeds positive attitudes to and understanding of data protection and data security at all levels of the organisation.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Controlling access to data.", + "context": "", + "statements": [ + { + "text": "Data security in place only to meet minimum legal or policy requirements. Does not link security vetting of staff to data protection and data security measures.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Most critical systems, processes, and data have limited security and security governance. Security vetting of some staff is linked to data security.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "All critical data assets have at least limited security and security governance in place. Security vetting of most staff is linked to data security.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Consistent and comprehensive security and security governance policies are in place for all critical data assets. Clearly links security vetting and background checks of all staff to data security and legitimate business need.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Communicates security governance clearly and openly throughout the organisation. Clearly links security vetting and background checks of all staff to data security and legitimate business need. Reflects security clearance for access to data assets in employment contracts where appropriate.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Reviewing governance and security incident responses.", + "context": "", + "statements": [ + { + "text": "Reviews of data security incidents are limited in scope and responses to incidents are inconsistent. Very little, if any, review or assessment of governance takes place.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Reviews and assesses security controls, but this is inconsistent or limited in scope. Beginning to identify and review data security incidents and take appropriate responses.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Regularly reviews assesses all critical governance and security controls for effectiveness, though recording of these may be inconsistent. Identifies and reviews data security incidents and takes appropriate responses.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Regularly reviews and assesses all governance and security controls regularly for effectiveness. Recording of reviews is clear and consistent, though not consistently available as appropriate. Reviews all security incidents promptly and takes appropriate, proportionate actions.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Regularly reviews and assesses all governance and security controls for effectiveness. Recording is clear, consistent and appropriately available both internally and externally to support continuous improvement. Reviews all security incidents quickly and takes appropriate, proportionate actions. Discusses lessons learned from security incidents openly as appropriate.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Ensuring business continuity for data.", + "context": "", + "statements": [ + { + "text": "Business continuity plans exist for some critical activities, but nobody has full oversight of which activities are critical to the organisation’s operation. No clear central record of the potential impact of critical failure on staff, customers, services, products and reputations.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Has business continuity plans in place for all critical data activities, but these are not centralised. Does not have standardised risk assessments for activities.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Centrally coordinates oversight for business continuity as appropriate to ensure all critical activities are understood and calibrated. Standardises risk assessments for activities to promote parity across the organisation. Tests business continuity plans occasionally.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Has business continuity plans for data in place for all areas of the organisation with central oversight. There are clear lines of ownership for plans and they are regularly tested with actions planned for improvements.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Regularly reviews and tests business continuity plans with lessons learned and actions for improvement. Ties the frequency of reviews to the level of criticality of the activity and an understanding of threats to the organisation’s operation. Business continuity plan owners have access to regular updates and refreshes on best practice.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + } + ] + }, + { + "title": "Data", + "questions": [ + { + "text": "Measuring the effectiveness of your data protection processes.", + "context": "", + "statements": [ + { + "text": "Assesses effectiveness of data protection measures only in line with minimum legal or policy requirements.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Regularly conducts data protection impact assessments.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Proactively reviews data protection impact assessments to ensure continuous improvement.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Actively engages internally to ensure that data protection impact assessments and improvements are understood and valued across the organisation.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Proactively engages internally and externally to promote good practice in data protection. Seen as a leader in assessing data protection impact and implementing data protection measures.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Assessing risks to data assets.", + "context": "", + "statements": [ + { + "text": "Only assesses or knows security risks to data in line with minimal legal or policy requirements. Does not assess data assets for their value.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Only assesses data assets for their value or sensitivity when it is externally mandated by legal, policy or service level agreement requirements. Assesses risks to critical data assets.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Routinely assess the value of the organisation’s data assets. Assesses risks to all appropriately valuable individual data assets.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Routinely assesses data assets for their value to the organisation’s outcomes and assigns appropriate levels of sensitivity. Assigns ownership of data assets but this may not be fully embedded or communicated.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Understands the value of data in terms of how it is used. Assesses risks to all data assets to implement cost-effective data security measures, matched to the value of the assets they protect. Defines ownership and responsibility for data assets clearly.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + } + ] + }, + { + "title": "Skills", + "questions": [ + { + "text": "Training staff to comply with and enforce data protection regulations.", + "context": "", + "statements": [ + { + "text": "Staff have basic data protection and compliance training though are not be very confident in applying this.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Staff know how to respond to a data breach, potential breach, or near miss. Staff know how to respond to a subject access request.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "All staff who work with data understand legal constraints around data e.g. computer misuse regulations, and data protection regulations. These staff are able to apply this understanding confidently.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Firmly embeds data protection and compliance with data regulations within staff training. Non-specialist staff are not fully confident in applying this training without support.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Firmly embeds data protection and compliance with data regulations within staff training. All staff are confident in applying this knowledge.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Training staff to work with data securely.", + "context": "", + "statements": [ + { + "text": "Staff have basic data security training though are not very confident in applying this.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Staff are aware of security requirements and the need to operate securely in line with policy, procedures and processes.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Staff working with data are aware of the need to work securely. Reviews and updates to security training are limited in frequency or scope. Non-expert users may not be confident in applying policies without support.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Staff are confident in their understanding of data security requirements. The organisation is committed to embedding and instilling good security practice in people who work with data.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Uses training materials and internal communications to actively work to embed good data security practice and inform staff of risks and threats.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + } + ] + }, + { + "title": "Tools", + "questions": [ + { + "text": "Protecting your data.", + "context": "", + "statements": [ + { + "text": "Does not design systems and tools to protect data. Users are able to access systems and data assets irrespective of having a legitimate business need to do so. Does not monitor systems usage.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "The most critical data storage and processing systems and tools integrate data security by design, including some access control and monitoring of use. Assesses data security risks when changes are made to critical systems.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "All data systems and tools integrate data security and are subject to risk assessments when changes are made. Bases access to systems and data on legitimate business needs.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Considers risks and security requirements throughout the development of new systems and tools. Monitors systems and data access for misuse or attack.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Tailors data security tools to the organisation’s specific risks and threat patterns. Uses the development of new data storage and processing tools as an opportunity to improve data security tools. Routinely reviews access permissions to systems, tools, and data.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Recording and securing your data tools and systems.", + "context": "", + "statements": [ + { + "text": "Records minimal or no information regarding IT assets that the organisation holds to store and process data. Any records are usually collected indirectly without organisation or coherent structure. Considers physical security measures to protect data held on IT assets only in line with minimal legal requirements.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Has a basic IT asset register. The process for how to record tools is not described, supported or monitored. The register captures only high profile assets. Some security risks to high value assets have been identified and addressed. No monitoring and review of risks and physical data security measures.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Standardised processes for recording IT assets are in place. Value and sensitivity of data stored in these assets is not consistently recorded. Security risks to all known IT assets are assessed and addressed. Physical security for high priority assets is reviewed regularly, however the security implemented is not measured in relation to the value or sensitivity of the data.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Standardised processes for recording IT assets are embedded. The value and sensitivity of data is a priority element of recording physical IT assets. Physical security measures for all recorded IT assets are regularly reviewed and linked to the value and sensitivity of the data they hold.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "The IT asset register is thorough and ownership and accountability for these assets is defined, implemented, and transparent. Physical security measures are reviewed and tested proactively to ensure the security of data.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + } + ] + } + ] + }, + { + "name": "Setting your data direction", + "activities": [ + { + "title": "Culture", + "questions": [ + { + "text": "Creating and embedding data principles and policies.", + "context": "", + "statements": [ + { + "text": "Only creates structures for responsibility, accountability and oversight for data policies and data principles by default rather than by design.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Data principles and policies exist but are not supported or understood.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Some awareness of Data Principles and Policies as they are developed in line with the needs of the organisation.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "People are aware of Data Principles and policies and they are supported by senior leaders.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Data principles and policies embedded and governed with clear visibility across the organisation and to the public.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + } + ] + }, + { + "title": "Data", + "questions": [ + { + "text": "Communicating data strategy, policies, and principles.", + "context": "", + "statements": [ + { + "text": "Builds data policies, data principles and data strategy in a disconnected way. Does not communicate or seek to embed these due to a lack of interest or dedicated resource.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Starting to build data strategy alongside the data principles with regard to data policies.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Makes data strategy, principles and policies publicly available.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Actively working to embed data strategy, principles and policies across the organisation.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Has fully embedded the organisation’s data strategy, principles and policies with an established assurance and review process in place.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + } + ] + }, + { + "title": "Leadership", + "questions": [ + { + "text": "Linking data principles and policies to organisational objectives.", + "context": "", + "statements": [ + { + "text": "Links data objectives, data principles, and data policies to organisational objectives only to minimum degrees required by externally enforced mandates.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Beginning to see value in linking data objectives to organisational objectives. Attempts to do so are limited in scope and do not consistently surface in data policies or data principles.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Beginning to consistently link data objectives to organisational objectives, though this may not always be made clear in organisational plans. Some of this may surface in data policies or data principles, but the links are not explicit.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Leaders have clear sight of how and why data objectives, data principles and data policies link to organisational objectives. These links surface in data policies and data principles, but the approach is somewhat inconsistent.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Leaders proactively work to ensure that data objectives are aligned with organisational objectives. Clearly and consistently aligns data principles, data policies, and data strategy with organisational strategy.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Seeing data as an organisational priority.", + "context": "", + "statements": [ + { + "text": "Senior leaders do not see data as important or valuable.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Leaders show some recognition of the importance of data to the organisation, but they do not see the value of engaging with it.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Leaders know data is important and are curious to learn about its potential uses and benefits. Some leaders are beginning to model good data culture.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Leaders see data as an organisational priority, and especially so in high impact projects or work. Senior leadership teams model good data culture and are working to embed this culture throughout the organisation.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Leaders see data as a major organisational priority, with value for all business areas. Senior leadership teams model good data culture and a continuously support a well-embedded, strong data culture throughout the organisation.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Linking data strategy to organisational strategy.", + "context": "", + "statements": [ + { + "text": "Links data strategy to organisational strategy only where it is required for external reporting purposes. Any connections are not acted on internally. Leaders do not see data as a priority.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Beginning to see the relevance of data strategy to organisational strategy, but does not attempt to connect these for internal action. Sees data as useful, but not a high priority.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Leaders see data as important to organisational outcomes. Beginning to incorporate data strategy in organisational strategies but this may be inconsistent or disjointed.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Leaders see data as a priority. Prioritises and plans data strategy as part of organisational strategy, though application may not be consistent across the organisation. Data strategy has sponsorship at a senior level.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Consistently sees data as a vital resource for the organisation. Plans and prioritises data strategy as a core element of organisational strategy. Sponsorship and promotion of this by senior leaders is visible and communicated.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Aligning data goals with organisational needs and outcomes.", + "context": "", + "statements": [ + { + "text": "Aligns data practices with work plans only where it is externally mandated or by chance rather than by design. Rarely aligns data goals with the organisation’s needs, outcomes or strategies.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Beginning to consider how to link data practices to work plans. Considers some of the organisation’s current needs, outcomes or strategies when setting goals for data in some areas the organisation.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Consistently links data practices to work plans and considers the organisation’s current needs when setting goals for data in most areas of the organisation. Beginning to align some data goals with the organisation’s outcomes and strategies in some areas of the organisation.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Aligns data practices with work plans, though communication of this may not be clear outside of data specialists. Aligns data goals with the organisation’s current needs, outcomes, and strategies, though application of this may be inconsistent across the organisation.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Aligns data practices and data goals clearly with work plans based on outcomes, desired impact, and the organisation’s current and future needs.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + } + ] + }, + { + "title": "Uses", + "questions": [ + { + "text": "Understanding the value of your data to your organisation.", + "context": "", + "statements": [ + { + "text": "Relies on external impetus to see value of data that the organisation holds or how to make use of it.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Understands at a basic level how data is useful through time. Reflects on the value of the data the organisation holds.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Has a reasonable understanding of the value of the data the organisation holds and potential uses of this data.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Has a good understanding of the value of most of the data the organisation holds and making attempts to quantify this.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Has a deep understanding of the value of the data the organisation holds, and takes steps to maximise this value for the good of society. Actively and regularly measuring the value of its data.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + } + ] + } + ] + }, + { + "name": "Taking responsibility for data", + "activities": [ + { + "title": "Culture", + "questions": [ + { + "text": "Defining and recording accountability and ownership for data.", + "context": "", + "statements": [ + { + "text": "Consistent structures for ownership of data are not in place. Where ownership exists, this is assigned by default not by design. Documents responsibility and ownership of data only where externally mandated.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Beginning to assign ownership of critical data. Documents and communicates ownership sporadically or inconsistently.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Assigns ownership to all critical data. Documents ownership clearly and beginning to document responsibilities of data owners. Staff require specialist support to find or access this documentation.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Assigns ownership to all critical data. Beginning to assign ownership to other important data. Clearly documents data ownership and data owners’ responsibilities in a way that is findable for all staff. Processes around this are inconsistently applied across the organisation.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Assigns ownership to all important data. Clearly and consistently documents data ownership and data owners’ responsibilities. Ensures that this documentation is available and findable for all relevant stakeholders.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Creating and embedding data governance.", + "context": "", + "statements": [ + { + "text": "Only has governance systems in place for sharing and use of data in line with externally driven requirements. Struggles to use or share data within the organisation due to lack of clarity on what is possible.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "There is a policy or framework for governance of data in place, but this is not understood, known or possible to implement.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "People are aware of governance frameworks, systems and accountabilities. These have been developed with the needs of the organisation in mind.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Robust, needs-based governance frameworks are embedded in the organisation.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Governance for use and sharing of data is fully embedded. Governance, ownership and accountability for analysis are well documented and enforced, and clearly visible across the organisation. Analysts understand how their work relates to these structures.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Defining who should have responsibility for data.", + "context": "", + "statements": [ + { + "text": "Sees data as a chore with questions and requirements mostly externally driven. Assigns responsibility for data by defaults rather than by design, usually to staff in IT or administrative roles.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Places responsibility for data purely with administration or IT roles. Staff working with data do not understand how data management relates to the business’ objectives and see data as the responsibility of ‘someone else’.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Beginning to define and implement roles, responsibilities, and accountabilities for maintenance and improvement of data. Most staff working with data understand the importance of good data management, but may not be aware of how this relates to the organisation’s objectives and outcomes.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Clearly defines and implements roles, responsibilities, and accountabilities for data management across the organisation, with good visibility.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Sees data as a team effort and critical asset for every part of the organisation. All staff working with data understand the importance of good data management and feel empowered to challenge each other when this does not happen. Staff understand how data management links to the organisation’s outcomes.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + } + ] + }, + { + "title": "Data", + "questions": [ + { + "text": "Taking responsibility for recording the data you hold.", + "context": "", + "statements": [ + { + "text": "Defines responsibilities and accountabilities for data assets only in line with minimum legal or policy requirements. Does not record or enforce these structures.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Beginning to define some responsibilities for maintaining registers of data assets. There is no accountability system in place for maintenance of the register and little to no resources are available for this.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Has a recorded structure of responsibility and accountability for the register of data assets, but is not well understood or enforced. Relies on ad hoc or periodic updating and monitoring of systems with limited resources available.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Understands and enforces accountability for updates and maintenance of the register of data assets. Resources for maintenance are not fully allocated.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Updates and maintenance for the register of data assets are fully resourced. Understanding use of the register is embedded across the organisation.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + } + ] + }, + { + "title": "Leadership", + "questions": [ + { + "text": "Maintaining awareness of data legislation within senior leadership.", + "context": "", + "statements": [ + { + "text": "Board and senior management are aware of relevant legislation but may not be confident in applying this to their organisation.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Board and senior management are up to date on legislation. They are able to respond to this somewhat consistently in their organisation.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Board and senior management are up to date on legislation and have some awareness of future changes. There is some degree of planning for the future.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Board and senior management keep abreast of future changes in legislation and best practice. They plan for changes across their organisation, but implementation is inconsistent or incomplete.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Board and senior management keep abreast of future changes in legislation and best practice. The organisation is fully prepared for future changes.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Creating and enforcing structured responsibility and accountability for data.", + "context": "", + "statements": [ + { + "text": "Only creates structures for responsibility, accountability and oversight for data by default rather than by design. Does not make these structures visible or support staff in understanding their responsibilities for data.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Has structures for responsibility, accountability and oversight for data in place, however the implementation of this is not well understood. Monitoring and enforcement of policy is inconsistent.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Leaders monitor adherence to data and analysis policies and processes and enforce where necessary.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Leaders are invested in ensuring that responsibility, accountability and oversight for data is structured, maintained, and enforced.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Has transparent and well-communicated structures for responsibility, accountability and oversight for data across the organisation. Leaders ensure that staff have a clear understanding of how this relates to their own work.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + } + ] + }, + { + "title": "Skills", + "questions": [ + { + "text": "Defining oversight and responsibility for ensuring staff have necessary data skills.", + "context": "", + "statements": [ + { + "text": "Does not have structures of responsibility for developing data and analytical literacy in the organisation. There is no oversight from leadership to develop data and analytical skills in the organisation.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Skills to be responsible for data are being developed in specific areas. Some interest in developing data and analytical literacy skills, but oversight and organisation of this is limited.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Defines and enforces responsibility within senior leadership for development of data skills across the organisation. Some skilled data people in other roles, though perhaps with limited capacity to fulfil the task.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "A senior person or team brings organisation-wide data together. Development of data and analytical skills has oversight and sponsorship at a senior level.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "High levels of commitment to developing data and analytical skills from staff at senior, specialist, technical, and administrative levels.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + } + ] + }, + { + "title": "Tools", + "questions": [ + { + "text": "Assigning ownership and responsibility for data tools and systems.", + "context": "", + "statements": [ + { + "text": "Holds a minimal record of some tools used or owned by the organisation. Any records are usually collected indirectly without organisation or coherent structure. Only creates structures of responsibility for maintaining and updating tools by default rather than by design.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "An inventory of tools and systems (including hardware, software, licence, passwords and access) is managed and maintained. Ownership and responsibility for tools and systems is not consistently recorded.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Formal responsibility for data and analytics tools is established, however this is not well monitored or visible across the organisation. Staff do not understand how these structures relate to their work.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "People are formally responsible for managing the storage, cleaning and maintenance, security, and backup of all data. Where possible this is becoming routine and/or automated.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Ownership, oversight and support for all tools is documented. Accountability and responsibility for tools is transparent and visible across the organisation. Staff understand how these structures relate to their work.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + } + ] + } + ] + } + ] +} \ No newline at end of file diff --git a/private/assessments/DPAT2024.json b/private/assessments/DPAT2024.json index 7194132..10d070a 100644 --- a/private/assessments/DPAT2024.json +++ b/private/assessments/DPAT2024.json @@ -12,337 +12,346 @@ }, "public": true, "readOnly": false, + "levels": ["Initial", "Repeatable", "Defined", "Managed", "Optimising"], "dimensions": [ { "name": "Accountability", "activities": [ { "title": "People", - "statements": [ - { - "text": "Job descriptions do not clearly outline the data accountabilities and responsibilities for roles, leading to potential confusion and gaps in data management.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some job descriptions include data accountabilities and responsibilities, but they are inconsistent.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "Job descriptions generally outline data accountabilities and responsibilities, with consistent content.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Job descriptions clearly and consistently outline data accountabilities and responsibilities for all roles. They have well-defined documentation and regular updates to ensure clarity and alignment with organisational needs.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Job descriptions with data related responsibilties are proactively managed to ensure alignment with strategic goals.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "There is limited understanding among individuals about their responsibilities for compliance with applicable regulations, leading to potential inconsistencies and a risk of non-compliance.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some individuals understand their compliance responsibilities, but the level of knowledge is inconsistent.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "Most individuals have a fair understanding of their responsibilities for compliance with the organisation's data processes and regulations, though the level of understanding may vary.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "All individuals have a good understanding of their responsibilities for compliance with the organisation's data processes and regulations, ensuring a consistent following.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "There is a comprehensive and thorough understanding among all individuals of their responsibilities for compliance with the organisation's data processes and regulations, to help ensure consistent and effective compliance.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "There are no clear accountabilities for data within the senior management team, leading to potential gaps in oversight and strategic alignment.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some members of the senior management team may have informal or partial responsibilities for data.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "Clear accountabilities for data are established within the senior management team, though the level of enforcement may vary.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "The senior management team has well-defined and consistently applied accountabilities for data, helping to ensure strategic alignment and effective governance.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "The senior management team has advanced, comprehensive accountabilities for data, helping to ensure optimal data governance and strategic alignment across the organisation.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "There is no dedicated group responsible for developing and supporting accountability for data across the organisation, leading to potential inconsistencies in data practice and oversight.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "An informal or ad-hoc group may address data accountability issues, but there is no official and consistently defined group.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "A formal group is established to develop and support data accountability across the organisation, though its actions and effectiveness may be inconsistent.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "A well-defined and consistently acting group is in place to develop and support data accountability across the organisation, helping to ensure comprehensive oversight and support.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "A well-established group is strategically positioned to develop and support data accountability across the organisation, helping to ensure optimal data governance and accountability.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true + "questions": [ + { + "text": "Do job descriptions clearly outline the data accountabilities and responsibilities of all roles?", + "context": "Being clear on who is accountable for what relating to data allows decisions to be made by the right people.", + "statements": [ + { + "text": "Job descriptions do not clearly outline the data accountabilities and responsibilities for roles, leading to potential confusion and gaps in data management.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some job descriptions include data accountabilities and responsibilities, but they are inconsistent.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Job descriptions generally outline data accountabilities and responsibilities, with consistent content.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Job descriptions clearly and consistently outline data accountabilities and responsibilities for all roles. They have well-defined documentation and regular updates to ensure clarity and alignment with organisational needs.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Job descriptions with data related responsibilties are proactively managed to ensure alignment with strategic goals.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Does everyone understand their responsibilities for compliance with the organisations data processes and applicable regulations and legislation?", + "context": "Everyone will come into contact with data during their work, therefore everyone will have a role in complying with processes. This includes complaying withg internal guidance and policy as well as external compliance.", + "statements": [ + { + "text": "There is limited understanding among individuals about their responsibilities for compliance with applicable regulations, leading to potential inconsistencies and a risk of non-compliance.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some individuals understand their compliance responsibilities, but the level of knowledge is inconsistent.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Most individuals have a fair understanding of their responsibilities for compliance with the organisation's data processes and regulations, though the level of understanding may vary.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "All individuals have a good understanding of their responsibilities for compliance with the organisation's data processes and regulations, ensuring a consistent following.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "There is a comprehensive and thorough understanding among all individuals of their responsibilities for compliance with the organisation's data processes and regulations, to help ensure consistent and effective compliance.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Does your organisation have clear accountabilities for data in your senior management team?", + "context": "Somebody on the senior team must have accountability for data. This does not need to be someone technical, however they must have the ability and desire to understand issues around data and champion trustworthy data practices.", + "statements": [ + { + "text": "There are no clear accountabilities for data within the senior management team, leading to potential gaps in oversight and strategic alignment.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some members of the senior management team may have informal or partial responsibilities for data.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Clear accountabilities for data are established within the senior management team, though the level of enforcement may vary.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "The senior management team has well-defined and consistently applied accountabilities for data, helping to ensure strategic alignment and effective governance.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "The senior management team has advanced, comprehensive accountabilities for data, helping to ensure optimal data governance and strategic alignment across the organisation.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Is there a group or groups that develops and supports accountability for data across the organisation?", + "context": "Data' is not a single expertise, there are many different types of expertise within the data domain. It is important that these different expert area views are represented and accessible to those who are primarily accountable. Groups can include governance boards, management teams or project teams.", + "statements": [ + { + "text": "There is no dedicated group responsible for developing and supporting accountability for data across the organisation, leading to potential inconsistencies in data practice and oversight.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "An informal or ad-hoc group may address data accountability issues, but there is no official and consistently defined group.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "A formal group is established to develop and support data accountability across the organisation, though its actions and effectiveness may be inconsistent.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "A well-defined and consistently acting group is in place to develop and support data accountability across the organisation, helping to ensure comprehensive oversight and support.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "A well-established group is strategically positioned to develop and support data accountability across the organisation, helping to ensure optimal data governance and accountability.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] } ] }, { "title": "Process", - "statements": [ - { - "text": "There is no clear link between the organisation's business plans and data activities, which therefore lack an overarching data strategy or roadmap, leading to potential misalignment and missed opportunities.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some informal connections exist between business plans and data activities, but there is no comprehensive data strategy or roadmap to link them consistently.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "A data strategy or roadmap exists and is linked to business plans, but alignment may be uneven, with some areas more closely integrated than others.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "A well-defined and consistently applied data strategy or roadmap clearly links the organisation's business plans with data activities, with documented alignment to arising business challanges and regular reviews to ensure effective integration and support.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "An advanced, continuously refined data strategy or roadmap ensures a strategic and evolving link between the organisation's business plans and data activities. There is proactive management, detailed documentation, and alignment with strategic goals to drive optimal data-driven decision-making and value creation.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "There are no KPIs or metrics in place to demonstrate conformance to the processes that control data, leading to potential gaps in monitoring and accountability.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some informal KPIs or metrics may be used to assess conformance to data processes, but there is no consistent set of measures to monitor adherence.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "Formal KPIs or metrics are established to demonstrate conformance to data control processes, though the scope and effectiveness of these measures may vary.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Well-defined and consistently applied KPIs or metrics are in place to effectively demonstrate conformance to data control processes, with effective management to ensure accurate and reliable monitoring.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Advanced, continuously refined KPIs or metrics are used to proactively and comprehensively demonstrate conformance to data control processes. There is detailed documentation, proactive management, and alignment with best practices to ensure optimal oversight and continuous improvement.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "There are no named individuals accountable for each data asset, leading to potential unclear ownership and responsibility.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some data assets have designated individuals responsible for them, but accountability is not uniformly applied across all data assets.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "Named individuals are assigned accountability for all important data assets, though the clarity and enforcement of these accountabilities may vary.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Clearly defined individuals are accountable for all data assets, with well-documented roles and responsibilities, regular reviews, and effective management to ensure comprehensive ownership and oversight.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Advanced, continuously refined processes ensure that a senior individual is accountable for each data asset. They have comprehensive authority, provide proactive management, and align with best practices to ensure optimal data stewardship and governance.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "There is no formal process for identifying, recording, or mitigating risks associated with data assets, leading to potential unmanaged risks and vulnerabilities.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some informal methods are used to identify and record risks related to data assets, but there is no consistent process for assessing or mitigating these risks.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "A formal process is in place to identify, record, and mitigate risks associated with data assets, though the comprehensiveness and application of these processes may vary.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Well-defined and consistently applied processes exist for identifying, recording, and mitigating risks associated with data assets. They have clear documentation, regular reviews, and effective oversight to ensure thorough risk management and mitigation.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Advanced, continuously refined processes ensure comprehensive identification, recording, and mitigation of risks associated with data assets. There are proactive risk management strategies, detailed documentation, and alignment with best practices to ensure optimal risk reduction and data asset protection.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true + "questions": [ + { + "text": "Does your organisation have a clear link between its business plans and data activities, for example an overarching data strategy or roadmap?", + "context": "Having a detailed plan for how data is 'treated' within the organisation, across the data practices, allows clarity in decision making, for example, around data management. This can include a data strategy, a development roadmap, project plans or data processes.", + "statements": [ + { + "text": "There is no clear link between the organisation's business plans and data activities, which therefore lack an overarching data strategy or roadmap, leading to potential misalignment and missed opportunities.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some informal connections exist between business plans and data activities, but there is no comprehensive data strategy or roadmap to link them consistently.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "A data strategy or roadmap exists and is linked to business plans, but alignment may be uneven, with some areas more closely integrated than others.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "A well-defined and consistently applied data strategy or roadmap clearly links the organisation's business plans with data activities, with documented alignment to arising business challanges and regular reviews to ensure effective integration and support.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "An advanced, continuously refined data strategy or roadmap ensures a strategic and evolving link between the organisation's business plans and data activities. There is proactive management, detailed documentation, and alignment with strategic goals to drive optimal data-driven decision-making and value creation.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Does your organisation have KPIs or metrics that demonstrate conformance to the processes that control your data?", + "context": "Having a transparent mechanism for measuring how your organisation is doing across the data practices is important to enable you to know where to focus your efforts.", + "statements": [ + { + "text": "There are no KPIs or metrics in place to demonstrate conformance to the processes that control data, leading to potential gaps in monitoring and accountability.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some informal KPIs or metrics may be used to assess conformance to data processes, but there is no consistent set of measures to monitor adherence.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Formal KPIs or metrics are established to demonstrate conformance to data control processes, though the scope and effectiveness of these measures may vary.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Well-defined and consistently applied KPIs or metrics are in place to effectively demonstrate conformance to data control processes, with effective management to ensure accurate and reliable monitoring.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Advanced, continuously refined KPIs or metrics are used to proactively and comprehensively demonstrate conformance to data control processes. There is detailed documentation, proactive management, and alignment with best practices to ensure optimal oversight and continuous improvement.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Is there a named individual who is accountable for each data asset?", + "context": "Data assets often contain specialised information. Datasets will need specific considerations depending on the constituent data. A named accountable member of staff who understands the dataset will be critical to managing it in a trustworthy manner as a contact or escalation point for issues arising.", + "statements": [ + { + "text": "There are no named individuals accountable for each data asset, leading to potential unclear ownership and responsibility.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some data assets have designated individuals responsible for them, but accountability is not uniformly applied across all data assets.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Named individuals are assigned accountability for all important data assets, though the clarity and enforcement of these accountabilities may vary.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Clearly defined individuals are accountable for all data assets, with well-documented roles and responsibilities, regular reviews, and effective management to ensure comprehensive ownership and oversight.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Advanced, continuously refined processes ensure that a senior individual is accountable for each data asset. They have comprehensive authority, provide proactive management, and align with best practices to ensure optimal data stewardship and governance.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Is there a process to identify and record risks and, where relevant, mitigations, associated with data assets?", + "context": "Having a step-by-step approach to consider risks across the data practices when sharing data will demonstrate that you take all aspects of data collection, use and sharing seriously.", + "statements": [ + { + "text": "There is no formal process for identifying, recording, or mitigating risks associated with data assets, leading to potential unmanaged risks and vulnerabilities.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some informal methods are used to identify and record risks related to data assets, but there is no consistent process for assessing or mitigating these risks.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "A formal process is in place to identify, record, and mitigate risks associated with data assets, though the comprehensiveness and application of these processes may vary.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Well-defined and consistently applied processes exist for identifying, recording, and mitigating risks associated with data assets. They have clear documentation, regular reviews, and effective oversight to ensure thorough risk management and mitigation.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Advanced, continuously refined processes ensure comprehensive identification, recording, and mitigation of risks associated with data assets. There are proactive risk management strategies, detailed documentation, and alignment with best practices to ensure optimal risk reduction and data asset protection.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] } ] } @@ -353,371 +362,380 @@ "activities": [ { "title": "People", - "statements": [ - { - "text": "There is no named person accountable for ensuring data privacy, leading to potential gaps in privacy management and compliance.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some informal responsibility for data privacy may exist, but there is no designated person accountable for ensuring data privacy across the organisation.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "A named person is assigned to oversee data privacy, with documented responsibilities, though their role and authority may not be fully integrated across all departments.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "A dedicated person is clearly accountable for ensuring data privacy, with well-defined responsibilities and effective oversight of privacy practices across the organisation.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "A senior individual is accountable for data privacy, with comprehensive authority and responsibility, continuously ensuring alignment with regulatory requirements and organisational goals.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "There is no formal training provided on data protection and privacy laws and regulations, leading to potential gaps in understanding and compliance.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some individuals receive training on data protection and privacy laws and regulations, but it is inconsistent and not uniformly applied across the organisation.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "Training on data protection and privacy laws and regulations is provided and documented for most individuals, though the depth and frequency of training may vary.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "All individuals receive regular and appropriate training on data protection and privacy laws and regulations, with clear documentation and consistent application across the organisation.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Training on data protection and privacy laws and regulations is comprehensive, continuously updated, and tailored to roles, ensuring that all individuals are well-informed and aligned with the latest compliance requirements.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "There is little to no understanding of relevant data privacy laws and regulations, leading to potential non-compliance and gaps in data protection.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some awareness of relevant data privacy laws and regulations exists, but understanding is inconsistent and may not be integrated into organisational practices.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "The organisation maintains a general understanding of relevant data privacy laws and regulations, with documented knowledge and some processes in place to ensure compliance.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "The organisation has a thorough understanding of relevant data privacy laws and regulations, with established practices to stay updated and ensure compliance across all data activities.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "The organisation not only has a comprehensive and current understanding of relevant data privacy laws and regulations, but also proactively adapts its practices to anticipate changes and enhance data protection.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true + "questions": [ + { + "text": "Does your organisation have a named person accountable for ensuring data privacy?", + "context": "Being clear on who is accountable for what relating to data allows decisions to be made by the right people.", + "statements": [ + { + "text": "There is no named person accountable for ensuring data privacy, leading to potential gaps in privacy management and compliance.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some informal responsibility for data privacy may exist, but there is no designated person accountable for ensuring data privacy across the organisation.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "A named person is assigned to oversee data privacy, with documented responsibilities, though their role and authority may not be fully integrated across all departments.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "A dedicated person is clearly accountable for ensuring data privacy, with well-defined responsibilities and effective oversight of privacy practices across the organisation.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "A senior individual is accountable for data privacy, with comprehensive authority and responsibility, continuously ensuring alignment with regulatory requirements and organisational goals.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Have all individuals received appropriate training on data protection and privacy laws and regulations?", + "context": "Everyone will come into contact with data during their work, therefore everyone will have a role in complying with processes.", + "statements": [ + { + "text": "There is no formal training provided on data protection and privacy laws and regulations, leading to potential gaps in understanding and compliance.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some individuals receive training on data protection and privacy laws and regulations, but it is inconsistent and not uniformly applied across the organisation.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Training on data protection and privacy laws and regulations is provided and documented for most individuals, though the depth and frequency of training may vary.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "All individuals receive regular and appropriate training on data protection and privacy laws and regulations, with clear documentation and consistent application across the organisation.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Training on data protection and privacy laws and regulations is comprehensive, continuously updated, and tailored to roles, ensuring that all individuals are well-informed and aligned with the latest compliance requirements.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Does your organisation maintain a thorough understanding of relevant data privacy laws and regulations?", + "context": "Legislation and guidance around privacy will change as a result of case law and findings from the regulator. To keep your processes compliant, you must have an approach in place to keep on top of any relevant updates or changes.", + "statements": [ + { + "text": "There is little to no understanding of relevant data privacy laws and regulations, leading to potential non-compliance and gaps in data protection.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some awareness of relevant data privacy laws and regulations exists, but understanding is inconsistent and may not be integrated into organisational practices.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "The organisation maintains a general understanding of relevant data privacy laws and regulations, with documented knowledge and some processes in place to ensure compliance.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "The organisation has a thorough understanding of relevant data privacy laws and regulations, with established practices to stay updated and ensure compliance across all data activities.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "The organisation not only has a comprehensive and current understanding of relevant data privacy laws and regulations, but also proactively adapts its practices to anticipate changes and enhance data protection.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] } ] }, { "title": "Process", - "statements": [ - { - "text": "There are no formal processes in place to ensure compliance with data privacy laws and regulations, leading to potential non-compliance and legal risks.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some informal processes may be used to address compliance with data privacy laws and regulations, but there is no consistent or formally defined approach across the organisation.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "Formal processes have been implemented to ensure compliance with data privacy laws and regulations, though their effectiveness and consistency may vary.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Well-defined processes are in place to ensure compliance with data privacy laws and regulations, with regular reviews and updates to maintain effectiveness.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Advanced processes are continuously refined to ensure comprehensive compliance with data privacy laws and regulations, proactively adapting to changes and integrating best practices across the organisation.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "There are no formal processes in place to identify personal data and sensitive personal data, leading to potential risk of non-compliance.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some informal processes may be used to identify personal data and sensitive personal data, but there is no consistent or formally defined process across the organisation.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "Formal processes are established for identifying personal data and sensitive personal data, with documented procedures, though the implementation and coverage may vary.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Well-defined and consistently applied processes are in place to identify personal data and sensitive personal data, ensuring comprehensive data classification and management.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Advanced processes are continuously refined to effectively identify and manage personal data and sensitive personal data, with proactive updates and integration into all relevant data handling practices.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "There are no formal processes in place for transferring personal data between systems or to third parties, resulting in potential non-compliance and data security risks.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some informal processes exist for transferring personal data between systems or to third parties, but these are inconsistent.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "Formal processes are established for transferring personal data between systems or to third parties, with documented procedures and compliance checks, though effectiveness may vary.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Well-defined processes are in place for transferring personal data between systems or to third parties, with rigorous compliance checks and regular reviews to help ensure adherence to applicable regulations.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Advanced, continuously improved processes ensure the secure and compliant transfer of personal data between systems or to third parties, with proactive measures and integration of best practices to address regulatory requirements.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "There is no formal process in place for addressing requests from individuals about the data held about them, leading to potential delays or failures in responding to such requests.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some informal methods may exist for handling requests from individuals about their data, but there is no consistent process across the organisation.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "A formal process is established for addressing requests from individuals about their data, with documented procedures, though the process may not be uniformly applied or fully efficient.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Well-defined and consistently applied processes are in place for addressing requests from individuals about their data, with clear documentation, timely responses, and regular reviews.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Advanced processes are in place for addressing requests from individuals about their data, with proactive management, high efficiency, and continuous improvements to ensure prompt, transparent, and compliant handling of all requests.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "There is no formal process in place for alerting or working with affected individuals in the event of a privacy breach, leading to potential delays and unmanaged responses.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some informal procedures are in place for handling privacy breaches, but they are inconsistent and lack a structured approach for alerting and working with affected individuals.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "A formal process exists for alerting and working with affected individuals in the event of a privacy breach, with documented procedures, though the implementation and effectiveness may vary.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Well-defined and consistently applied processes are in place for promptly alerting and working with affected individuals in the event of a privacy breach, with clear communication and support mechanisms.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Advanced processes are in place for managing privacy breaches, including proactive and efficient alerting of affected individuals, comprehensive support, and continuous improvements to ensure effective handling and compliance with regulations.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "The organisation has no formal process to ensure the organisation has the necessary lawful basis to collect, use, and share personal data, leading to potential legal and compliance risks.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some informal checks are made to establish a lawful basis for collecting, using, and sharing personal data, but these practices are inconsistent.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "Formal processes are established to ensure the organisation has a lawful basis for collecting, using, and sharing personal data, with documented procedures, though adherence and comprehensiveness may vary.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Well-defined and consistently applied processes are in place to ensure the organisation always has the necessary lawful basis for collecting, using, and sharing personal data, with regular reviews and effective documentation.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Advanced processes are continuously refined to ensure robust and proactive management of a lawful basis for collecting, using, and sharing personal data, with comprehensive documentation and alignment with evolving legal requirements.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true + "questions": [ + { + "text": "Has your organisation implemented processes to ensure compliance with data privacy laws and regulations?", + "context": "Organisational processes will capture your specific approach across the organisation. Documenting your approach and sharing it will help to engender trust in your actions.", + "statements": [ + { + "text": "There are no formal processes in place to ensure compliance with data privacy laws and regulations, leading to potential non-compliance and legal risks.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some informal processes may be used to address compliance with data privacy laws and regulations, but there is no consistent or formally defined approach across the organisation.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Formal processes have been implemented to ensure compliance with data privacy laws and regulations, though their effectiveness and consistency may vary.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Well-defined processes are in place to ensure compliance with data privacy laws and regulations, with regular reviews and updates to maintain effectiveness.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Advanced processes are continuously refined to ensure comprehensive compliance with data privacy laws and regulations, proactively adapting to changes and integrating best practices across the organisation.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Does your organisation have processes to identify personal data and sensitive personal data?", + "context": "In many jurisdictions there are specific requirements that need to be followed depending on the data classification. You should be ensuring your organisational processes follow these requirements where they apply.", + "statements": [ + { + "text": "There are no formal processes in place to identify personal data and sensitive personal data, leading to potential risk of non-compliance.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some informal processes may be used to identify personal data and sensitive personal data, but there is no consistent or formally defined process across the organisation.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Formal processes are established for identifying personal data and sensitive personal data, with documented procedures, though the implementation and coverage may vary.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Well-defined and consistently applied processes are in place to identify personal data and sensitive personal data, ensuring comprehensive data classification and management.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Advanced processes are continuously refined to effectively identify and manage personal data and sensitive personal data, with proactive updates and integration into all relevant data handling practices.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Are there processes in place for transferring personal data between systems or to third parties, in compliance with applicable regulations?", + "context": "In many jurisdictions there are specific requirements that need to be followed depending on the data classification. You should be ensuring your organisational processes follow these requirements where they apply.", + "statements": [ + { + "text": "There are no formal processes in place for transferring personal data between systems or to third parties, resulting in potential non-compliance and data security risks.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some informal processes exist for transferring personal data between systems or to third parties, but these are inconsistent.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Formal processes are established for transferring personal data between systems or to third parties, with documented procedures and compliance checks, though effectiveness may vary.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Well-defined processes are in place for transferring personal data between systems or to third parties, with rigorous compliance checks and regular reviews to help ensure adherence to applicable regulations.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Advanced, continuously improved processes ensure the secure and compliant transfer of personal data between systems or to third parties, with proactive measures and integration of best practices to address regulatory requirements.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Does your organisation have a process for addressing requests from people about the data held about them?", + "context": "In many jurisdictions there are specific requirements that need to be followed depending on the data classification. You should be ensuring your organisational processes follow these requirements where they apply.", + "statements": [ + { + "text": "There is no formal process in place for addressing requests from individuals about the data held about them, leading to potential delays or failures in responding to such requests.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some informal methods may exist for handling requests from individuals about their data, but there is no consistent process across the organisation.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "A formal process is established for addressing requests from individuals about their data, with documented procedures, though the process may not be uniformly applied or fully efficient.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Well-defined and consistently applied processes are in place for addressing requests from individuals about their data, with clear documentation, timely responses, and regular reviews.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Advanced processes are in place for addressing requests from individuals about their data, with proactive management, high efficiency, and continuous improvements to ensure prompt, transparent, and compliant handling of all requests.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Does your organisation have a process for alerting and working with affected people in the event of a privacy breach?", + "context": "In many jurisdictions there are specific requirements that need to be followed depending on the data classification. You should be ensuring your organisational processes follow these requirements where they apply.", + "statements": [ + { + "text": "There is no formal process in place for alerting or working with affected individuals in the event of a privacy breach, leading to potential delays and unmanaged responses.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some informal procedures are in place for handling privacy breaches, but they are inconsistent and lack a structured approach for alerting and working with affected individuals.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "A formal process exists for alerting and working with affected individuals in the event of a privacy breach, with documented procedures, though the implementation and effectiveness may vary.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Well-defined and consistently applied processes are in place for promptly alerting and working with affected individuals in the event of a privacy breach, with clear communication and support mechanisms.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Advanced processes are in place for managing privacy breaches, including proactive and efficient alerting of affected individuals, comprehensive support, and continuous improvements to ensure effective handling and compliance with regulations.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Does your organisation have the necessary lawful basis to collect, use and share data from the individual (if it is personal data)", + "context": "", + "statements": [ + { + "text": "The organisation has no formal process to ensure the organisation has the necessary lawful basis to collect, use, and share personal data, leading to potential legal and compliance risks.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some informal checks are made to establish a lawful basis for collecting, using, and sharing personal data, but these practices are inconsistent.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Formal processes are established to ensure the organisation has a lawful basis for collecting, using, and sharing personal data, with documented procedures, though adherence and comprehensiveness may vary.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Well-defined and consistently applied processes are in place to ensure the organisation always has the necessary lawful basis for collecting, using, and sharing personal data, with regular reviews and effective documentation.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Advanced processes are continuously refined to ensure robust and proactive management of a lawful basis for collecting, using, and sharing personal data, with comprehensive documentation and alignment with evolving legal requirements.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] } ] } @@ -728,296 +746,303 @@ "activities": [ { "title": "People", - "statements": [ - { - "text": "There is no named person accountable for ensuring data security, leading to potential gaps in data protection and security management.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "A few individuals may be involved in data security, but there is no clearly designated person with overall accountability for ensuring data security across the organisation.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "A named person is assigned responsibility for ensuring data security, with documented roles and responsibilities, though their influence and authority may not be fully integrated.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "A dedicated individual is clearly accountable for ensuring data security, with well-defined responsibilities and effective oversight across the organisation.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "A senior individual is specifically accountable for data security, with comprehensive authority, continuous improvement initiatives, and proactive measures ensuring robust and integrated data security practices across the organisation.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "There is no formal training provided for data security, leading to potential vulnerabilities and a lack of awareness among individuals.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some individuals receive data security training, but it is not uniformly applied across the organisation.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "Training in data security is provided to most individuals, though the depth and frequency of training may vary.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "All individuals receive regular standardised data security training, with clear documentation and consistent application across the organisation.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Training in data security is comprehensive, continuously updated, and tailored to roles, ensuring all individuals are well-informed and equipped to handle data security effectively as appropriate.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "There is little to no understanding of relevant data security regulations and laws, leading to risks of non-compliance.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some awareness of relevant data security regulations and laws exists, but understanding is inconsistent and not systematically integrated into organisational practices.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "The organisation maintains a general understanding of relevant data security regulations and laws, with documented knowledge and some processes in place to ensure compliance.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "The organisation has a thorough understanding of relevant data security regulations and laws, with established practices to stay updated and ensure compliance across all data security activities.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "The organisation has a comprehensive and current understanding of relevant data security regulations and laws, and proactively adapts its practices to anticipate changes and enhance security measures.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true + "questions": [ + { + "text": "Does your organisation have a named person accountable for ensuring data security?", + "context": "Being clear on who is accountable for what relating to data allows decisions to be made by the right people.", + "statements": [ + { + "text": "There is no named person accountable for ensuring data security, leading to potential gaps in data protection and security management.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "A few individuals may be involved in data security, but there is no clearly designated person with overall accountability for ensuring data security across the organisation.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "A named person is assigned responsibility for ensuring data security, with documented roles and responsibilities, though their influence and authority may not be fully integrated.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "A dedicated individual is clearly accountable for ensuring data security, with well-defined responsibilities and effective oversight across the organisation.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "A senior individual is specifically accountable for data security, with comprehensive authority, continuous improvement initiatives, and proactive measures ensuring robust and integrated data security practices across the organisation.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Have all individuals received appropriate training in data security?", + "context": "Everyone will come into contact with data during their work, therefore everyone will have a role in complying with processes.", + "statements": [ + { + "text": "There is no formal training provided for data security, leading to potential vulnerabilities and a lack of awareness among individuals.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some individuals receive data security training, but it is not uniformly applied across the organisation.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Training in data security is provided to most individuals, though the depth and frequency of training may vary.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "All individuals receive regular standardised data security training, with clear documentation and consistent application across the organisation.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Training in data security is comprehensive, continuously updated, and tailored to roles, ensuring all individuals are well-informed and equipped to handle data security effectively as appropriate.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Does your organisation maintain a thorough understanding of relevant data security regulations and laws?", + "context": "Legislation, guidance and best practice around security will change over time. To keep your processes compliant, you must adopt an approach to keep on top of any relevant updates or changes.", + "statements": [ + { + "text": "There is little to no understanding of relevant data security regulations and laws, leading to risks of non-compliance.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some awareness of relevant data security regulations and laws exists, but understanding is inconsistent and not systematically integrated into organisational practices.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "The organisation maintains a general understanding of relevant data security regulations and laws, with documented knowledge and some processes in place to ensure compliance.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "The organisation has a thorough understanding of relevant data security regulations and laws, with established practices to stay updated and ensure compliance across all data security activities.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "The organisation has a comprehensive and current understanding of relevant data security regulations and laws, and proactively adapts its practices to anticipate changes and enhance security measures.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] } ] }, { "title": "Process", - "statements": [ - { - "text": "There are no formal processes for classifying data according to the level of security needed, leading to inconsistent data protection practices.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some informal methods for data classification exist, but they lack documentation and uniform application.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "Formal processes are established for classifying data according to the level of security needed, with documented procedures, though implementation may vary.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Well-defined and consistently applied processes are in place for classifying data based on security needs, with clear documentation and regular reviews to ensure effective data protection.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Advanced and continuously refined processes are in place for classifying data according to security needs. There is proactive management and integration into all data handling practices, ensuring optimal protection and compliance.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "There are no formal processes in place to ensure the security of data being collected, used and shared, leading to potential vulnerabilities and risks.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some informal measures are taken to secure data during collection, use and sharing, but these processes are inconsistent and lack documentation.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "Formal processes are established to ensure the security of data during collection, use and sharing. There are documented procedures, though their effectiveness may vary.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Well-defined and consistently applied processes are in place to ensure data security throughout its lifecycle, including collection, use and sharing, with regular reviews and clear documentation.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Advanced, continuously improved processes ensure robust security of data during collection, use and sharing. There are proactive measures, comprehensive documentation, and integration of best practices to protect data throughout its lifecycle.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "No data security assessment has been undertaken within the last 12 months, whether through an independent party or self-assessment.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "A data security assessment, either through an independent party or self-assessment, has been conducted within the last 12 months, but it was informal or limited in scope, and may not have been comprehensive.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "A formal data security assessment, either through an independent party or self-assessment, has been completed within the last 12 months, with documented findings and recommendations.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "A thorough data security assessment has been conducted within the last 12 months, with comprehensive documentation and follow-up actions, performed either by an independent party or through a rigorous self-assessment.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Regular, detailed data security assessments are conducted at least once a year, with proactive and continuous improvements, which are based on comprehensive evaluations by independent parties or through robust self-assessment.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true + "questions": [ + { + "text": "Has your organisation implemented appropriate processes for classification of data, according to the level of security needed?", + "context": "Organisational processes will capture your specific approach across the organisation. Documenting your approach and sharing it will help to engender trust in your actions.", + "statements": [ + { + "text": "There are no formal processes for classifying data according to the level of security needed, leading to inconsistent data protection practices.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some informal methods for data classification exist, but they lack documentation and uniform application.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Formal processes are established for classifying data according to the level of security needed, with documented procedures, though implementation may vary.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Well-defined and consistently applied processes are in place for classifying data based on security needs, with clear documentation and regular reviews to ensure effective data protection.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Advanced and continuously refined processes are in place for classifying data according to security needs. There is proactive management and integration into all data handling practices, ensuring optimal protection and compliance.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Does your organisation have processes in place to ensure the security of data being collected, used and shared?", + "context": "Organisational processes will capture your specific approach across the organisation. Documenting your approach and sharing it will help to engender trust in your actions.", + "statements": [ + { + "text": "There are no formal processes in place to ensure the security of data being collected, used and shared, leading to potential vulnerabilities and risks.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some informal measures are taken to secure data during collection, use and sharing, but these processes are inconsistent and lack documentation.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Formal processes are established to ensure the security of data during collection, use and sharing. There are documented procedures, though their effectiveness may vary.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Well-defined and consistently applied processes are in place to ensure data security throughout its lifecycle, including collection, use and sharing, with regular reviews and clear documentation.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Advanced, continuously improved processes ensure robust security of data during collection, use and sharing. There are proactive measures, comprehensive documentation, and integration of best practices to protect data throughout its lifecycle.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Has your organisation undertaken a data security assessment within the last 12 months? (Your organisation may have commissioned an independent party or it could have been a self assessment )", + "context": "There are data security assessments you can take to ask more detailed and specific questions about your implementation of processes. These can be very useful in demonstrating that you take data security seriously.", + "statements": [ + { + "text": "No data security assessment has been undertaken within the last 12 months, whether through an independent party or self-assessment.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "A data security assessment, either through an independent party or self-assessment, has been conducted within the last 12 months, but it was informal or limited in scope, and may not have been comprehensive.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "A formal data security assessment, either through an independent party or self-assessment, has been completed within the last 12 months, with documented findings and recommendations.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "A thorough data security assessment has been conducted within the last 12 months, with comprehensive documentation and follow-up actions, performed either by an independent party or through a rigorous self-assessment.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Regular, detailed data security assessments are conducted at least once a year, with proactive and continuous improvements, which are based on comprehensive evaluations by independent parties or through robust self-assessment.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] } ] }, { "title": "Technology", - "statements": [ - { - "text": "The organisation lacks appropriate technology to ensure the security of data being collected, used and shared, leading to potential vulnerabilities.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some technology is in place to secure data during collection, use and sharing, but it is inconsistent and may not fully address all data security needs.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "The organisation has appropriate technology to ensure data security during collection, use and sharing, with documented policies and procedures, though its effectiveness may vary.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Well-established and effective technology is in place to ensure data security during collection, use and sharing, with regular updates, clear documentation, and integration into organisational practices.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Advanced, continuously updated technology ensures comprehensive security of data during collection, use and sharing. There is proactive management, full integration into all data processes, and alignment with best practices and emerging threats.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true + "questions": [ + { + "text": "Does your organisation have the appropriate technology to ensure the security of data being collected, used and shared?", + "context": "Technology can embed organisational processes (ways of working) into how they operate. Ensuring your processes are up to date and that their requirements cascade into the technology you use is essential to demonstrate trust.", + "statements": [ + { + "text": "The organisation lacks appropriate technology to ensure the security of data being collected, used and shared, leading to potential vulnerabilities.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some technology is in place to secure data during collection, use and sharing, but it is inconsistent and may not fully address all data security needs.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "The organisation has appropriate technology to ensure data security during collection, use and sharing, with documented policies and procedures, though its effectiveness may vary.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Well-established and effective technology is in place to ensure data security during collection, use and sharing, with regular updates, clear documentation, and integration into organisational practices.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Advanced, continuously updated technology ensures comprehensive security of data during collection, use and sharing. There is proactive management, full integration into all data processes, and alignment with best practices and emerging threats.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] } ] } @@ -1028,591 +1053,605 @@ "activities": [ { "title": "People", - "statements": [ - { - "text": "There is no named person accountable for the management of data within the organisation, leading to potential gaps in oversight and coordination of data management activities.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some informal or ad-hoc responsibility for data management exists, but there is no designated individual accountable for overseeing data management across the organisation.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "A named person is formally assigned accountability for the management of data, with documented roles and responsibilities, though the integration and effectiveness of this role may vary.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "A clearly defined and consistently accountable individual is responsible for the management of data, for example with well-documented roles, regular reviews, and effective management to help ensure comprehensive data oversight and coordination.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "An advanced, continuously refined role is in place with a senior individual accountable for the management of data. They is proactive management, detailed documentation, and alignment with best practices to ensure optimal data governance and strategic alignment.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "There is no clear understanding among staff about their roles in the management of data, leading to potential confusion and inconsistent practices.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some informal awareness exists regarding individual roles in the management of data, but there is no consistently defined understanding across the organisation.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "Roles in the management of data are formally defined and documented, and there is a basic understanding among staff about their responsibilities, though the clarity and communication of these roles may vary.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Roles and responsibilities in the management of data are well-defined and consistently communicated to staff, with clear documentation and regular updates to ensure understanding and effective management.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Roles in the management of data are clearly defined, communicated, and integrated into the organisational culture, with ongoing training and refinement to ensure everyone fully understands and effectively fulfills their responsibilities.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "Few have received training for the management of data appropriate for their role.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some informal or ad-hoc training may be provided in the management of data for specific roles.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "Formal training is established for all individuals regarding their roles in the management of data, though the coverage and effectiveness of the training may vary.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Well-defined and consistently applied training programs are in place to ensure that all individuals understand their roles in the management of data, with clear documentation, regular updates, and effective delivery.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Advanced, continuously refined training programs ensure that all individuals receive comprehensive and up-to-date training on their roles in the management of data, with detailed documentation, ongoing evaluations, and alignment with best practices.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true + "questions": [ + { + "text": "Does your organisation have a named person accountable for the management of data in your organisation?", + "context": "Being clear on who is accountable for what relating to data allows decisions to be made by the right people.", + "statements": [ + { + "text": "There is no named person accountable for the management of data within the organisation, leading to potential gaps in oversight and coordination of data management activities.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some informal or ad-hoc responsibility for data management exists, but there is no designated individual accountable for overseeing data management across the organisation.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "A named person is formally assigned accountability for the management of data, with documented roles and responsibilities, though the integration and effectiveness of this role may vary.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "A clearly defined and consistently accountable individual is responsible for the management of data, for example with well-documented roles, regular reviews, and effective management to help ensure comprehensive data oversight and coordination.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "An advanced, continuously refined role is in place with a senior individual accountable for the management of data. They is proactive management, detailed documentation, and alignment with best practices to ensure optimal data governance and strategic alignment.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Does everyone know what their role is in the management of data?", + "context": "It is important that all individuals understand the impact of their activity on the quality and availability of the organisations data.", + "statements": [ + { + "text": "There is no clear understanding among staff about their roles in the management of data, leading to potential confusion and inconsistent practices.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some informal awareness exists regarding individual roles in the management of data, but there is no consistently defined understanding across the organisation.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Roles in the management of data are formally defined and documented, and there is a basic understanding among staff about their responsibilities, though the clarity and communication of these roles may vary.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Roles and responsibilities in the management of data are well-defined and consistently communicated to staff, with clear documentation and regular updates to ensure understanding and effective management.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Roles in the management of data are clearly defined, communicated, and integrated into the organisational culture, with ongoing training and refinement to ensure everyone fully understands and effectively fulfills their responsibilities.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Have all individuals received appropriate training in their role in the management of data?", + "context": "Because everyone will come into contact with data in their work, everyone will have a role in complying with processes.", + "statements": [ + { + "text": "Few have received training for the management of data appropriate for their role.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some informal or ad-hoc training may be provided in the management of data for specific roles.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Formal training is established for all individuals regarding their roles in the management of data, though the coverage and effectiveness of the training may vary.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Well-defined and consistently applied training programs are in place to ensure that all individuals understand their roles in the management of data, with clear documentation, regular updates, and effective delivery.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Advanced, continuously refined training programs ensure that all individuals receive comprehensive and up-to-date training on their roles in the management of data, with detailed documentation, ongoing evaluations, and alignment with best practices.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] } ] }, { "title": "Process", - "statements": [ - { - "text": "There is no record of what data is collected, used and shared.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "There is some record of what data is collected, used and shared. There is greater focus on prominent high visibility data which is collected and used, but sharing may not be so well tracked.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "There is a good record of what data is collected, used and shared, catering for a wide range of data sets. The process may have some level of automation to ensure it is simple and robust.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "There is a complete record of what data is collected, used and shared, which is automated to a high degree.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Data records are readily available, automatically updated, and can be easily and understandably inspected by anyone with appropriate permissions.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "The organisation does not use a metadata standard.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some metadata is applied to a number of key data sets, but may not have wider adoption or enforcement.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "Metadata is systematically gathered for most data sets, and is well maintained and accessible. In particular, it is structured and formatted in a machine readable way.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "A generic machine readable open metadata standard is used throughout the organisation.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "The organisation not only uses a generic open metadata standard, but is comfortable enough to extend it if need be, and to promote those extensions to the wider community outside of the organisation itself.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "There are no formal quality processes in place for how each data set is collected or created, leading to potential inconsistencies and inaccuracies in the data.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some informal or ad-hoc quality processes may be used for collecting or creating data sets, but there is no consistently defined approach applied across all data.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "Formal quality processes are established for collecting and creating each data set, with documented procedures and guidelines, though the application and adherence may vary.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Well-defined and consistently applied quality processes are in place for collecting and creating each data set, with clear documentation, regular reviews, and effective management.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Advanced, continuously refined quality processes ensure optimal standards for how each data set is collected and created. There is proactive management, detailed documentation, and alignment with best practices to drive superior data quality and reliability.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "The organisation can not explain the purpose for which many data sets have been collected/created. For example, there is a lot of historical data which is sitting in storage with little to no information about it.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "There is some record and understanding about the purpose for the collection and creation of certain key data sets. There is still a lot of other data without such insights, spread across multiple historical locations and projects.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "There is good record and understanding of the purpose for the collection and creation of nearly all data sets. Surrounding documentation is clear, even if the original data collectors and creators have moved on.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "All data has a clear purpose and scope. For example, processes may include regular checks to ensure that outdated or redundant data is removed and does not become a liability, especially regarding GDPR.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Purpose and scope are primary considerations for all data collection and creation activities, and are well considered in planning future projects. Documentation is clear, usage is always within initial scope, and retention policies are strictly adhered to.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "There are no data specifications in place to standardise the data collected, used, and shared by the organisation, which may lead to inconsistencies and potential issues with data integration.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some informal guidelines or practices exist for data standardisation, but there is little documentation or consistent application across the organisation.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "Formal data specifications are established to standardise the data collected, used and shared, with documented guidelines, though implementation may vary across departments.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Well-defined and consistently applied data specifications are in place to standardise data collection, usage, and sharing, with clear documentation and regular reviews to ensure adherence.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Advanced, continuously refined data specifications are fully integrated into all data processes, ensuring comprehensive standardisation of data collection, usage and sharing, with proactive management and alignment with best practices.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "There are no formal processes for archiving or deleting data that is no longer required, leading to potential data retention issues and inefficiencies.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some informal methods for archiving and deleting data exist, but these processes are inconsistent and lack documentation or systematic application.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "Formal processes are established for archiving and deleting data that is no longer required, with documented procedures, though adherence and effectiveness may vary.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Well-defined and consistently applied processes are in place for archiving and deleting data that is no longer required, with clear documentation, regular reviews, and effective management.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Advanced, continuously improved processes ensure efficient archiving and deletion of data that is no longer required. There is proactive management, comprehensive documentation, and alignment with best practices and regulatory requirements.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true + "questions": [ + { + "text": "Does your organisation have a record of the data that your organisation collects, uses and shares?", + "context": "Contextual information about the data assets you hold is important to allow non-experts in that data asset to understand it. A simple inventory or a more detailed catalogue.", + "statements": [ + { + "text": "There is no record of what data is collected, used and shared.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "There is some record of what data is collected, used and shared. There is greater focus on prominent high visibility data which is collected and used, but sharing may not be so well tracked.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "There is a good record of what data is collected, used and shared, catering for a wide range of data sets. The process may have some level of automation to ensure it is simple and robust.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "There is a complete record of what data is collected, used and shared, which is automated to a high degree.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Data records are readily available, automatically updated, and can be easily and understandably inspected by anyone with appropriate permissions.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Does your organisation use a metadata standard to standardise the record of data your organisation collects, uses and shares?", + "context": "There are several, well recognised, standards for metadata collection. Using a standard for metadata collection will make it easier to share.", + "statements": [ + { + "text": "The organisation does not use a metadata standard.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some metadata is applied to a number of key data sets, but may not have wider adoption or enforcement.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Metadata is systematically gathered for most data sets, and is well maintained and accessible. In particular, it is structured and formatted in a machine readable way.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "A generic machine readable open metadata standard is used throughout the organisation.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "The organisation not only uses a generic open metadata standard, but is comfortable enough to extend it if need be, and to promote those extensions to the wider community outside of the organisation itself.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Does your organisation have basic quality processes for how each data set you hold is collected/created?", + "context": "It is important to demostrate the quality assurance processes. Having a detailed understanding of how data is collected (and created) is important when decisions are being made on reusing or sharing that data asset.", + "statements": [ + { + "text": "There are no formal quality processes in place for how each data set is collected or created, leading to potential inconsistencies and inaccuracies in the data.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some informal or ad-hoc quality processes may be used for collecting or creating data sets, but there is no consistently defined approach applied across all data.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Formal quality processes are established for collecting and creating each data set, with documented procedures and guidelines, though the application and adherence may vary.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Well-defined and consistently applied quality processes are in place for collecting and creating each data set, with clear documentation, regular reviews, and effective management.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Advanced, continuously refined quality processes ensure optimal standards for how each data set is collected and created. There is proactive management, detailed documentation, and alignment with best practices to drive superior data quality and reliability.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Can you explain the purpose for which data has been collected/created?", + "context": "Data quality is a subjective consideration,and data needs to be appropriate and fit for the purpose for which it was collected. If data is reused, it needs to be done with the knowledge of why it was collected in the first place, as the new purpose may not be appropriate.", + "statements": [ + { + "text": "The organisation can not explain the purpose for which many data sets have been collected/created. For example, there is a lot of historical data which is sitting in storage with little to no information about it.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "There is some record and understanding about the purpose for the collection and creation of certain key data sets. There is still a lot of other data without such insights, spread across multiple historical locations and projects.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "There is good record and understanding of the purpose for the collection and creation of nearly all data sets. Surrounding documentation is clear, even if the original data collectors and creators have moved on.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "All data has a clear purpose and scope. For example, processes may include regular checks to ensure that outdated or redundant data is removed and does not become a liability, especially regarding GDPR.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Purpose and scope are primary considerations for all data collection and creation activities, and are well considered in planning future projects. Documentation is clear, usage is always within initial scope, and retention policies are strictly adhered to.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Does your organisation have data content specifications that describe how to standardise the data your organisation collects, uses and shares?", + "context": "Applying standards, appropriate thresholds, units and formats for the particular data type is important in supporting reuse. Perhaps reflecting common sector standards where they are accepted.", + "statements": [ + { + "text": "There are no data specifications in place to standardise the data collected, used, and shared by the organisation, which may lead to inconsistencies and potential issues with data integration.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some informal guidelines or practices exist for data standardisation, but there is little documentation or consistent application across the organisation.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Formal data specifications are established to standardise the data collected, used and shared, with documented guidelines, though implementation may vary across departments.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Well-defined and consistently applied data specifications are in place to standardise data collection, usage, and sharing, with clear documentation and regular reviews to ensure adherence.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Advanced, continuously refined data specifications are fully integrated into all data processes, ensuring comprehensive standardisation of data collection, usage and sharing, with proactive management and alignment with best practices.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Are there processes in place for archiving and deleting data that is no longer required?", + "context": "Understanding whether data is still needed is important for many reasons. Making open and proactive decisions to archive and/or delete data is an important step in the data lifecycle. It is important to recogniose and ahdere to data retention guidelines", + "statements": [ + { + "text": "There are no formal processes for archiving or deleting data that is no longer required, leading to potential data retention issues and inefficiencies.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some informal methods for archiving and deleting data exist, but these processes are inconsistent and lack documentation or systematic application.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Formal processes are established for archiving and deleting data that is no longer required, with documented procedures, though adherence and effectiveness may vary.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Well-defined and consistently applied processes are in place for archiving and deleting data that is no longer required, with clear documentation, regular reviews, and effective management.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Advanced, continuously improved processes ensure efficient archiving and deletion of data that is no longer required. There is proactive management, comprehensive documentation, and alignment with best practices and regulatory requirements.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] } ] }, { "title": "Technology", - "statements": [ - { - "text": "There is no documentation for the algorithms used in the technology for collecting or creating data, this may lead to a lack of transparency and understanding of their operation.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some algorithms used in data collection or creation are documented, but the documentation is inconsistent and may not cover all aspects of their operation.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "Formal documentation exists for the algorithms used in the technology for collecting or creating data, with documented descriptions and functions, though the level of detail and completeness may vary.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Comprehensive documentation is in place for the algorithms used in data collection or creation, with clear descriptions, purposes, and operational details, which is regularly reviewed for accuracy and completeness.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Detailed and continuously updated documentation exists for all algorithms used in data collection or creation, with thorough descriptions, purposes, and operational insights, ensuring full transparency and alignment with best practices.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true + "questions": [ + { + "text": "If the technology you use to collect/create data uses algorithms are these documented?", + "context": "The algorithms used to process data through a modelling process should be explainable. Explaining the algorithms you use and how they work is important in helping people trust how you are handling data.", + "statements": [ + { + "text": "There is no documentation for the algorithms used in the technology for collecting or creating data, this may lead to a lack of transparency and understanding of their operation.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some algorithms used in data collection or creation are documented, but the documentation is inconsistent and may not cover all aspects of their operation.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Formal documentation exists for the algorithms used in the technology for collecting or creating data, with documented descriptions and functions, though the level of detail and completeness may vary.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Comprehensive documentation is in place for the algorithms used in data collection or creation, with clear descriptions, purposes, and operational details, which is regularly reviewed for accuracy and completeness.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Detailed and continuously updated documentation exists for all algorithms used in data collection or creation, with thorough descriptions, purposes, and operational insights, ensuring full transparency and alignment with best practices.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] } ] } - ] - }, - { - "name": "Resourcing", - "activities": [ - { - "title": "People", - "statements": [ - { - "text": "There is no named person accountable for ensuring that data is fully resourced within the organisation, leading to potential gaps in data management and resource allocation.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some individuals may informally oversee data resourcing, but there is no clearly designated person with full accountability for ensuring data is properly resourced within the organisation.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "A named person is assigned accountability for ensuring data is fully resourced within the organisation, with documented responsibilities, though the scope and effectiveness of their role may vary.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "A dedicated individual is clearly accountable for ensuring data is fully resourced within the organisation, with well-defined responsibilities, effective oversight, and regular assessments to ensure adequate data resources.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "A senior individual is accountable for ensuring optimal data resourcing within the organisation. They provide comprehensive authority, proactive management, and alignment with strategic goals to ensure effective and efficient data resource allocation and support.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "There is no complete staffing structure for all the roles required to collect, use and share data, leading to potential gaps and inefficiencies in data management.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some elements of the staffing structure for roles related to data collection, use and sharing are in place, but it is incomplete or unclear and lacks proper documentation.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "A formal staffing structure exists for roles related to data collection, use and sharing, with documented roles and responsibilities, though there may be areas where the structure is still developing or evolving.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "A well-defined and consistently applied staffing structure is in place for all roles required to collect, use and share data. There is clear documentation, regular reviews, and effective management to ensure comprehensive coverage and alignment with organisational needs.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "An advanced and continuously refined staffing structure is established for all roles involved in data collection, use and sharing. There is proactive management, detailed documentation, and alignment with strategic objectives to ensure optimal efficiency and effectiveness in data management.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true + ] + }, + { + "name": "Resourcing", + "activities": [ + { + "title": "People", + "questions": [ + { + "text": "Does your organisation have a named person accountable for ensuring data is fully resourced in the organisation?", + "context": "Being clear on who is accountable for what relating to data allows decisions to be made by the right people.", + "statements": [ + { + "text": "There is no named person accountable for ensuring that data is fully resourced within the organisation, leading to potential gaps in data management and resource allocation.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some individuals may informally oversee data resourcing, but there is no clearly designated person with full accountability for ensuring data is properly resourced within the organisation.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "A named person is assigned accountability for ensuring data is fully resourced within the organisation, with documented responsibilities, though the scope and effectiveness of their role may vary.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "A dedicated individual is clearly accountable for ensuring data is fully resourced within the organisation, with well-defined responsibilities, effective oversight, and regular assessments to ensure adequate data resources.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "A senior individual is accountable for ensuring optimal data resourcing within the organisation. They provide comprehensive authority, proactive management, and alignment with strategic goals to ensure effective and efficient data resource allocation and support.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Is there a current complete staffing structure for all the roles required to collect, use and share data?", + "context": "Because everyone will come into contact with data in their work, everyone will have a role in complying with processes.", + "statements": [ + { + "text": "There is no complete staffing structure for all the roles required to collect, use and share data, leading to potential gaps and inefficiencies in data management.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some elements of the staffing structure for roles related to data collection, use and sharing are in place, but it is incomplete or unclear and lacks proper documentation.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "A formal staffing structure exists for roles related to data collection, use and sharing, with documented roles and responsibilities, though there may be areas where the structure is still developing or evolving.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "A well-defined and consistently applied staffing structure is in place for all roles required to collect, use and share data. There is clear documentation, regular reviews, and effective management to ensure comprehensive coverage and alignment with organisational needs.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "An advanced and continuously refined staffing structure is established for all roles involved in data collection, use and sharing. There is proactive management, detailed documentation, and alignment with strategic objectives to ensure optimal efficiency and effectiveness in data management.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] } ] }, { "title": "Process", - "statements": [ - { - "text": "There is no dedicated annual budget for data-related activities, for example infrastructure and staff costs, leading to potential resource constraints and inconsistent funding.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some budget allocation exists for data-related activities, but it is not comprehensive and may not fully cover all aspects of infrastructure and staff costs consistently.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "A formal annual budget is allocated for data-related activities, including infrastructure and staff costs, with documented plans, though the coverage and adequacy of the budget may vary.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "A well-defined and consistently applied annual budget is established to cover all aspects of data-related activities, including infrastructure and staff costs, with clear documentation and regular reviews to ensure sufficient and effective resource allocation.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "An advanced, continuously refined annual budget comprehensively covers all aspects of data-related activities, including infrastructure and staff costs. There is proactive management, detailed planning, and alignment with strategic goals to ensure optimal funding and support for data initiatives.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "There are no formal processes in place for identifying and mitigating financial risks associated with data-related activities and services, leading to potential exposure to unmanaged financial risks.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some informal methods may be used to address financial risks associated with data-related activities and services, but there is no consistently defined process for identifying and mitigating these risks.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "Formal processes are established for identifying and mitigating financial risks related to data-related activities and services, though the effectiveness and consistency of these processes may vary.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Well-defined and consistently applied processes are in place for identifying and mitigating financial risks associated with data-related activities and services, with clear documentation, regular reviews, and effective management to ensure comprehensive handling of risks.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Advanced, continuously refined processes ensure proactive identification and mitigation of financial risks associated with data-related activities and services. There is a comprehensive risk management strategy, detailed documentation, and alignment with best practices to effectively manage and minimise financial exposure.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true + "questions": [ + { + "text": "Does the organisation have an annual budget to cover all aspects of data-related activities, including infrastructure and staff costs?", + "context": "Having an identified budget is important to establish if there is any shortfall and to enable prioritisation of activities.", + "statements": [ + { + "text": "There is no dedicated annual budget for data-related activities, for example infrastructure and staff costs, leading to potential resource constraints and inconsistent funding.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some budget allocation exists for data-related activities, but it is not comprehensive and may not fully cover all aspects of infrastructure and staff costs consistently.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "A formal annual budget is allocated for data-related activities, including infrastructure and staff costs, with documented plans, though the coverage and adequacy of the budget may vary.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "A well-defined and consistently applied annual budget is established to cover all aspects of data-related activities, including infrastructure and staff costs, with clear documentation and regular reviews to ensure sufficient and effective resource allocation.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "An advanced, continuously refined annual budget comprehensively covers all aspects of data-related activities, including infrastructure and staff costs. There is proactive management, detailed planning, and alignment with strategic goals to ensure optimal funding and support for data initiatives.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Are there processes in place for identifying and mitigating any financial risks associated with data-related activities and services?", + "context": "Being able to escalate specific needs to the appropriate decision-maker, and having a process of decision-making documented, enables all involved to understand how to deal with issues.", + "statements": [ + { + "text": "There are no formal processes in place for identifying and mitigating financial risks associated with data-related activities and services, leading to potential exposure to unmanaged financial risks.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some informal methods may be used to address financial risks associated with data-related activities and services, but there is no consistently defined process for identifying and mitigating these risks.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Formal processes are established for identifying and mitigating financial risks related to data-related activities and services, though the effectiveness and consistency of these processes may vary.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Well-defined and consistently applied processes are in place for identifying and mitigating financial risks associated with data-related activities and services, with clear documentation, regular reviews, and effective management to ensure comprehensive handling of risks.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Advanced, continuously refined processes ensure proactive identification and mitigation of financial risks associated with data-related activities and services. There is a comprehensive risk management strategy, detailed documentation, and alignment with best practices to effectively manage and minimise financial exposure.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] } ] } @@ -1623,296 +1662,303 @@ "activities": [ { "title": "People", - "statements": [ - { - "text": "There is no named person accountable for ensuring the organisation has the required data capabilities, leading to potential gaps in both human and technical resources.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some individuals may be involved in overseeing data capabilities, but there is no clearly designated person with overall accountability for ensuring both human and technical resources are adequate.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "A named person is assigned accountability for ensuring the organisation has the required data capabilities, both human and technical, and with documented roles and responsibilities, though their influence and authority may not be fully integrated.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "A dedicated individual is clearly accountable for ensuring the organisation has the necessary data capabilities, including both human and technical resources, with well-defined responsibilities and effective authority and oversight.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "A senior individual is accountable for ensuring the organisation maintains and enhances its data capabilities. They have comprehensive authority and responsibility for both human and technical resources, driving continuous improvement and alignment with strategic goals.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "There is no formal process to review or maintain a record of the data skills and understanding of staff, leading to potential gaps in data competency.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some informal reviews of staff data skills and understanding occur, but there is no consistent or comprehensive record-keeping process in place.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "A formal process is in place to review and maintain records of staff data skills and understanding, though the depth and frequency of reviews may vary.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Well-defined processes are consistently applied to review and maintain clear records of staff data skills and understanding, with regular assessments and comprehensive documentation.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Advanced, continuously improved processes ensure a detailed and up-to-date record of staff data skills and understanding. There is proactive management, regular assessments, and alignment with evolving data needs and organisational goals.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "There are no established training or development programmes to address gaps in skills or competence, leading to potential deficiencies in staff capabilities.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some ad-hoc training and development efforts are made to address skills and competence gaps, but these programmes are inconsistent and lack formal structure.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "Formal training and development programmes are in place to address gaps in skills and competence, with documented plans and processes, though implementation and coverage may vary.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Well-defined and consistently applied training and development programmes are established to address gaps in skills and competence, with clear documentation, regular updates, and effective tracking of progress.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Advanced, continuously refined training and development programmes are in place to proactively address and close skills and competence gaps. There is tailored content, comprehensive tracking, and alignment with strategic goals and emerging needs.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "There is no formal effort to maintain an understanding of emerging data trends and technologies, which may lead to missed opportunities and outdated practices.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some awareness of emerging data trends and technologies exists, but it is informal and not systematically integrated into organisational strategies.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "The organisation maintains a good understanding of emerging data trends and technologies.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Well-defined processes are in place to help stay informed about emerging data trends and technologies, with regular updates and systematic integration into organisational strategies and decision-making.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "The organisation actively monitors and integrates emerging data trends and technologies. There are advanced practices for continuous learning and adaptation, ensuring alignment with strategic goals and leveraging innovations effectively.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true + "questions": [ + { + "text": "Does your organisation have a named person accountable for ensuring the organisation has the required data capabilities, both human and technical?", + "context": "Being clear on who is accountable for capabilities in the organisation allows decisions to be made by the right people.", + "statements": [ + { + "text": "There is no named person accountable for ensuring the organisation has the required data capabilities, leading to potential gaps in both human and technical resources.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some individuals may be involved in overseeing data capabilities, but there is no clearly designated person with overall accountability for ensuring both human and technical resources are adequate.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "A named person is assigned accountability for ensuring the organisation has the required data capabilities, both human and technical, and with documented roles and responsibilities, though their influence and authority may not be fully integrated.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "A dedicated individual is clearly accountable for ensuring the organisation has the necessary data capabilities, including both human and technical resources, with well-defined responsibilities and effective authority and oversight.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "A senior individual is accountable for ensuring the organisation maintains and enhances its data capabilities. They have comprehensive authority and responsibility for both human and technical resources, driving continuous improvement and alignment with strategic goals.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Does the organisation review and maintain a clear record of the data skills and understanding of all staff?", + "context": "Because everyone will come into contact with data in their work, everyone will have a role in complying with processes.", + "statements": [ + { + "text": "There is no formal process to review or maintain a record of the data skills and understanding of staff, leading to potential gaps in data competency.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some informal reviews of staff data skills and understanding occur, but there is no consistent or comprehensive record-keeping process in place.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "A formal process is in place to review and maintain records of staff data skills and understanding, though the depth and frequency of reviews may vary.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Well-defined processes are consistently applied to review and maintain clear records of staff data skills and understanding, with regular assessments and comprehensive documentation.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Advanced, continuously improved processes ensure a detailed and up-to-date record of staff data skills and understanding. There is proactive management, regular assessments, and alignment with evolving data needs and organisational goals.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Has your organisation established appropriate training and development programs to address any gaps in skills or competence?", + "context": "Everyone needs to have the requisite level of training for the role they are in,\n \n as everyone will come into contact with data.", + "statements": [ + { + "text": "There are no established training or development programmes to address gaps in skills or competence, leading to potential deficiencies in staff capabilities.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some ad-hoc training and development efforts are made to address skills and competence gaps, but these programmes are inconsistent and lack formal structure.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Formal training and development programmes are in place to address gaps in skills and competence, with documented plans and processes, though implementation and coverage may vary.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Well-defined and consistently applied training and development programmes are established to address gaps in skills and competence, with clear documentation, regular updates, and effective tracking of progress.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Advanced, continuously refined training and development programmes are in place to proactively address and close skills and competence gaps. There is tailored content, comprehensive tracking, and alignment with strategic goals and emerging needs.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Does your organisation maintain an understanding of emerging data trends and technologies appropriate for your organisation?", + "context": "The world of data changes rapidly with new technology, legislation and best practice - keeping on top of these changes are important to ensure all processes and approaches are up to date", + "statements": [ + { + "text": "There is no formal effort to maintain an understanding of emerging data trends and technologies, which may lead to missed opportunities and outdated practices.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some awareness of emerging data trends and technologies exists, but it is informal and not systematically integrated into organisational strategies.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "The organisation maintains a good understanding of emerging data trends and technologies.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Well-defined processes are in place to help stay informed about emerging data trends and technologies, with regular updates and systematic integration into organisational strategies and decision-making.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "The organisation actively monitors and integrates emerging data trends and technologies. There are advanced practices for continuous learning and adaptation, ensuring alignment with strategic goals and leveraging innovations effectively.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] } ] }, { "title": "Process", - "statements": [ - { - "text": "Required data competencies are not defined within job descriptions, leading to unclear expectations and potential gaps in required skills.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some job descriptions include data competencies, but these are inconsistent and not systematically applied across all roles.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "Formal processes are in place to define required data competencies within job descriptions, with documented information for most roles, though there may be variations in detail and application.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Well-defined and consistently applied processes ensure that required data competencies are clearly defined in job descriptions, with comprehensive documentation and regular updates to align with evolving needs.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Advanced processes are in place to ensure that required data competencies are thoroughly and proactively defined in job descriptions. There is continuous refinement, alignment with strategic goals, and integration of best practices to meet current and future demands.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "Technological deployments are not consistently aligned with data processes or standards during development, leading to potential mismatches and inefficiencies.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some technological deployments align with data processes and standards, but this is inconsistent and lacks proper documentation and systematic application.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "Formal processes are in place to ensure technological deployments conform with data processes and standards during development, though implementation and adherence may vary.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Well-defined and consistently applied processes ensure that technological deployments conform with data processes and standards throughout development, with clear documentation, regular reviews, and effective integration.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Advanced, continuously refined processes ensure that technological deployments are proactively aligned with data processes and standards. There is thorough documentation, proactive management, and integration of best practices to ensure optimal performance and compliance.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true + "questions": [ + { + "text": "Does your organisation ensure that required data competencies are defined within job descriptions?", + "context": "The level of competency should be clearly defined in all role descriptions, as everyone will come into contact with data.", + "statements": [ + { + "text": "Required data competencies are not defined within job descriptions, leading to unclear expectations and potential gaps in required skills.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some job descriptions include data competencies, but these are inconsistent and not systematically applied across all roles.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Formal processes are in place to define required data competencies within job descriptions, with documented information for most roles, though there may be variations in detail and application.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Well-defined and consistently applied processes ensure that required data competencies are clearly defined in job descriptions, with comprehensive documentation and regular updates to align with evolving needs.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Advanced processes are in place to ensure that required data competencies are thoroughly and proactively defined in job descriptions. There is continuous refinement, alignment with strategic goals, and integration of best practices to meet current and future demands.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Do your organisation's technological deployments conform with all your data processes, including standards, when they are being developed?", + "context": "Technology can automatically ensure compliance with some of your organisation's data processes. It is important, therefore, to ensure that these processes are considered in the deployment of new technology.", + "statements": [ + { + "text": "Technological deployments are not consistently aligned with data processes or standards during development, leading to potential mismatches and inefficiencies.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some technological deployments align with data processes and standards, but this is inconsistent and lacks proper documentation and systematic application.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Formal processes are in place to ensure technological deployments conform with data processes and standards during development, though implementation and adherence may vary.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Well-defined and consistently applied processes ensure that technological deployments conform with data processes and standards throughout development, with clear documentation, regular reviews, and effective integration.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Advanced, continuously refined processes ensure that technological deployments are proactively aligned with data processes and standards. There is thorough documentation, proactive management, and integration of best practices to ensure optimal performance and compliance.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] } ] }, { "title": "Technology", - "statements": [ - { - "text": "There is no awareness or documentation of whether the technology used to collect, create, or share data employs algorithms, leading to potential gaps in understanding and oversight.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some technology used for data collection, creation, or sharing may use algorithms, but there is inconsistent documentation or awareness regarding their use and function.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "The technology used to collect, create, or share data employs algorithms, and there is formal documentation describing them, though the level of detail may vary.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Well-defined and consistently applied documentation exists for the algorithms used in technology for data collection, creation, and sharing, with clear descriptions and operational details.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Advanced and continuously updated documentation exists for all algorithms used in technology for data collection, creation, and sharing. This ensures full transparency and integration with best practices for data management and analysis.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true + "questions": [ + { + "text": "Is the technology used to collect/create and share data using algorithms?", + "context": "", + "statements": [ + { + "text": "There is no awareness or documentation of whether the technology used to collect, create, or share data employs algorithms, leading to potential gaps in understanding and oversight.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some technology used for data collection, creation, or sharing may use algorithms, but there is inconsistent documentation or awareness regarding their use and function.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "The technology used to collect, create, or share data employs algorithms, and there is formal documentation describing them, though the level of detail may vary.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Well-defined and consistently applied documentation exists for the algorithms used in technology for data collection, creation, and sharing, with clear descriptions and operational details.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Advanced and continuously updated documentation exists for all algorithms used in technology for data collection, creation, and sharing. This ensures full transparency and integration with best practices for data management and analysis.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] } ] } @@ -1923,211 +1969,216 @@ "activities": [ { "title": "People", - "statements": [ - { - "text": "There is no named person accountable for ensuring that internal and external data stakeholders are involved in data decision-making processes, leading to potential oversight and lack of stakeholder engagement.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some individuals may be involved in including internal and external data stakeholders in decision-making processes, but there is no clearly designated person with overall accountability for this involvement.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "A named person is assigned responsibility for ensuring that internal and external data stakeholders are included in the data decision-making process, though the effectiveness of stakeholder engagement may vary.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "A dedicated individual is clearly accountable for ensuring that both internal and external data stakeholders are actively involved in the data decision-making process, with well-defined responsibilities and effective oversight.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "A senior individual is accountable for integrating both internal and external data stakeholders into the data decision-making process. They have comprehensive authority, proactive engagement strategies, and initiate continuous improvements to ensure effective collaboration and alignment with strategic goals.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "There are no defined roles or elements in job descriptions related to engaging with data stakeholders, leading to unclear responsibilities and potential gaps in stakeholder interaction.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some roles or job descriptions may include elements related to engaging with data stakeholders, but these are inconsistent and not systematically defined across the organisation.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "Formal roles or elements related to engaging with data stakeholders are defined in all relevant job descriptions, though the level of detail and consistency may vary.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Well-defined roles and elements related to engaging with data stakeholders are clearly outlined in all relevant job descriptions, with comprehensive documentation and consistent application across relevant positions.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Advanced roles and responsibilities related to engaging with data stakeholders are thoroughly defined and integrated into job descriptions. There is continuous refinement and alignment with strategic objectives to ensure effective stakeholder engagement and collaboration.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true + "questions": [ + { + "text": "Does your organisation have a named person accountable for ensuring that internal and external data stakeholders are part of any data decision making process?", + "context": "Being clear on who is accountable for engagement allows decisions in the organisation to be made by the right people.", + "statements": [ + { + "text": "There is no named person accountable for ensuring that internal and external data stakeholders are involved in data decision-making processes, leading to potential oversight and lack of stakeholder engagement.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some individuals may be involved in including internal and external data stakeholders in decision-making processes, but there is no clearly designated person with overall accountability for this involvement.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "A named person is assigned responsibility for ensuring that internal and external data stakeholders are included in the data decision-making process, though the effectiveness of stakeholder engagement may vary.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "A dedicated individual is clearly accountable for ensuring that both internal and external data stakeholders are actively involved in the data decision-making process, with well-defined responsibilities and effective oversight.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "A senior individual is accountable for integrating both internal and external data stakeholders into the data decision-making process. They have comprehensive authority, proactive engagement strategies, and initiate continuous improvements to ensure effective collaboration and alignment with strategic goals.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Does your organisation have defined roles, or elements in job descriptions, that relate to engaging with data stakeholders?", + "context": "Data stakeholders may be internal or external and understanding their requirements can help with developing approaches to collecting, using and sharing data.", + "statements": [ + { + "text": "There are no defined roles or elements in job descriptions related to engaging with data stakeholders, leading to unclear responsibilities and potential gaps in stakeholder interaction.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some roles or job descriptions may include elements related to engaging with data stakeholders, but these are inconsistent and not systematically defined across the organisation.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Formal roles or elements related to engaging with data stakeholders are defined in all relevant job descriptions, though the level of detail and consistency may vary.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Well-defined roles and elements related to engaging with data stakeholders are clearly outlined in all relevant job descriptions, with comprehensive documentation and consistent application across relevant positions.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Advanced roles and responsibilities related to engaging with data stakeholders are thoroughly defined and integrated into job descriptions. There is continuous refinement and alignment with strategic objectives to ensure effective stakeholder engagement and collaboration.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] } ] }, { "title": "Process", - "statements": [ - { - "text": "There is limited understanding of stakeholders and their requirements for data collection, use or sharing, leading to potential gaps in addressing their needs.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "There is some understanding of stakeholders and their requirements for data collection, use or sharing, but it is incomplete and inconsistent.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "A general understanding of stakeholders and their requirements for data collection, use or sharing is established, with documented processes, though the depth of understanding and coverage may vary.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Well-defined processes ensure a thorough understanding of all stakeholders and their requirements for data collection, use or sharing, with clear documentation and regular updates to address evolving needs.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Advanced processes are in place to maintain an extensive and continuously updated understanding of all stakeholders and their requirements for data collection, use or sharing. There is proactive engagement and alignment with strategic goals, ensuring comprehensive and effective stakeholder management.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "There are no formal processes for engaging with stakeholders, leading to potential inconsistencies and gaps in communication and collaboration.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some informal methods for engaging with stakeholders exist, but these are inconsistent and lacking systematic application.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "Formal processes are established for engaging with stakeholders, with documented procedures for communication and interaction, though effectiveness and consistency may vary.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "There are communication channels in place for stakeholders to submit data requests and compliants, and where relevant updates can be shared.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Advanced, continuously refined processes ensure proactive and strategic engagement with stakeholders. There is comprehensive documentation, regular feedback loops, and alignment with organisational goals to foster strong relationships and effective collaboration.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "There are no tools or tech to support two-way communication for stakeholders to lodge data requests, complaints, or receive updates, leading to potential gaps in stakeholder engagement.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some informal or ad-hoc tools or tech supports communication channels for stakeholders to lodge requests or complaints and receive updates, but there is no consistent or formally defined system for managing these interactions.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "Formal tools or tech are in place to support two-way communication channels for stakeholders to lodge data requests, complaints, and receive updates, with documented procedures, though the effectiveness and coverage of these channels may vary.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Well-defined and robust tools or tech is applied to two-way communication channels for stakeholders to lodge data requests, complaints, and receive updates, with clear documentation, regular reviews, and effective management.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Advanced, continuously upgraded tools or tech support two-way communication channels to ensure proactive and effective engagement with stakeholders, allowing for seamless lodging of requests, complaints, and updates, with detailed documentation, proactive management, and alignment with best practices.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true + "questions": [ + { + "text": "Does your organisation have a good understanding of all its stakeholders and their requirements for data collection, use or sharing?", + "context": "Data stakeholders may be internal or external and understanding their requirements can help with developing approaches to collecting, using and sharing data.", + "statements": [ + { + "text": "There is limited understanding of stakeholders and their requirements for data collection, use or sharing, leading to potential gaps in addressing their needs.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "There is some understanding of stakeholders and their requirements for data collection, use or sharing, but it is incomplete and inconsistent.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "A general understanding of stakeholders and their requirements for data collection, use or sharing is established, with documented processes, though the depth of understanding and coverage may vary.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Well-defined processes ensure a thorough understanding of all stakeholders and their requirements for data collection, use or sharing, with clear documentation and regular updates to address evolving needs.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Advanced processes are in place to maintain an extensive and continuously updated understanding of all stakeholders and their requirements for data collection, use or sharing. There is proactive engagement and alignment with strategic goals, ensuring comprehensive and effective stakeholder management.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Does the organisation have a process for engaging with stakeholders?", + "context": "Data stakeholders may be internal or external and understanding their requirements can help with developing approaches to collecting, using and sharing data.", + "statements": [ + { + "text": "There are no formal processes for engaging with stakeholders, leading to potential inconsistencies and gaps in communication and collaboration.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some informal methods for engaging with stakeholders exist, but these are inconsistent and lacking systematic application.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Formal processes are established for engaging with stakeholders, with documented procedures for communication and interaction, though effectiveness and consistency may vary.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "There are communication channels in place for stakeholders to submit data requests and compliants, and where relevant updates can be shared.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Advanced, continuously refined processes ensure proactive and strategic engagement with stakeholders. There is comprehensive documentation, regular feedback loops, and alignment with organisational goals to foster strong relationships and effective collaboration.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Are there are tools or tech to support two-way communication, in place so stakeholders can lodge requests for data, lodge compliants and where relevant updates can be shared with Stakeholders?", + "context": "When data is being shared it is important to have tools available for stakeholders to make requests, complaints and for relevant information sharing and for that request to recorded.", + "statements": [ + { + "text": "There are no tools or tech to support two-way communication for stakeholders to lodge data requests, complaints, or receive updates, leading to potential gaps in stakeholder engagement.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some informal or ad-hoc tools or tech supports communication channels for stakeholders to lodge requests or complaints and receive updates, but there is no consistent or formally defined system for managing these interactions.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Formal tools or tech are in place to support two-way communication channels for stakeholders to lodge data requests, complaints, and receive updates, with documented procedures, though the effectiveness and coverage of these channels may vary.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Well-defined and robust tools or tech is applied to two-way communication channels for stakeholders to lodge data requests, complaints, and receive updates, with clear documentation, regular reviews, and effective management.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Advanced, continuously upgraded tools or tech support two-way communication channels to ensure proactive and effective engagement with stakeholders, allowing for seamless lodging of requests, complaints, and updates, with detailed documentation, proactive management, and alignment with best practices.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] } ] } @@ -2138,256 +2189,262 @@ "activities": [ { "title": "People", - "statements": [ - { - "text": "There is no named person accountable for data ethics, leading to potential gaps in ethical oversight and decision-making.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some individuals may informally address data ethics, but there is no clearly designated person with accountability for overseeing data ethics within the organisation.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "A named person is assigned accountability for data ethics, with documented responsibilities, though the extent of their influence and authority may vary.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "A dedicated individual is clearly accountable for data ethics, with well-defined responsibilities and effective oversight, ensuring ethical considerations are integrated into data practices.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "A senior individual is accountable for data ethics, with comprehensive authority and responsibility. They drive continuous improvement in ethical practices, provide proactive management, and align with best practices and regulatory standards.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "There is no formal training provided on the ethical use of data, leading to potential gaps in understanding and adherence to ethical standards.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some individuals receive informal or ad-hoc training on the ethical use of data, but it is inconsistent within the organisation.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "Formal training on the ethical use of data is provided to most individuals, though the depth and frequency of training may vary.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "All employees receive timely, formal training on the ethical use of data,which is documented and regularly reviewed for updates.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Advanced training programs on the ethical use of data are updated at least annually and are tailored to different roles within the organisation.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true + "questions": [ + { + "text": "Does your organisation have a named person accountable for data ethics?", + "context": "Being clear on who is accountable for data ethics in the organisation means decisions will be made by the right people.", + "statements": [ + { + "text": "There is no named person accountable for data ethics, leading to potential gaps in ethical oversight and decision-making.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some individuals may informally address data ethics, but there is no clearly designated person with accountability for overseeing data ethics within the organisation.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "A named person is assigned accountability for data ethics, with documented responsibilities, though the extent of their influence and authority may vary.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "A dedicated individual is clearly accountable for data ethics, with well-defined responsibilities and effective oversight, ensuring ethical considerations are integrated into data practices.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "A senior individual is accountable for data ethics, with comprehensive authority and responsibility. They drive continuous improvement in ethical practices, provide proactive management, and align with best practices and regulatory standards.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Have all individuals received appropriate training on the ethical use of data?", + "context": "Everyone needs to have the requisite level of training for the role they are in, as everyone will come into contact with data.", + "statements": [ + { + "text": "There is no formal training provided on the ethical use of data, leading to potential gaps in understanding and adherence to ethical standards.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some individuals receive informal or ad-hoc training on the ethical use of data, but it is inconsistent within the organisation.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Formal training on the ethical use of data is provided to most individuals, though the depth and frequency of training may vary.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "All employees receive timely, formal training on the ethical use of data,which is documented and regularly reviewed for updates.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Advanced training programs on the ethical use of data are updated at least annually and are tailored to different roles within the organisation.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] } ] }, { "title": "Process", - "statements": [ - { - "text": "There is no escalation process for resolving difficult ethical data use challenges, leading to inconsistent handling and potential unresolved issues.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some methods exist for addressing ethical data use challenges, but there is no consistent escalation process for handling more complex issues.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "A formal escalation process is in place for resolving difficult ethical data use challenges, though the effectiveness and application of the process may vary.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Well-defined and consistently applied escalation processes are in place for addressing complex ethical data use challenges. There is clear documentation, regular reviews, and effective management to ensure timely and appropriate resolution.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Advanced, continuously refined escalation processes are established for resolving difficult ethical data use challenges. There is proactive management, comprehensive documentation, and integration of best practices to ensure effective and transparent resolution of complex issues.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "There is no defined ethical statement regarding the collection, use and sharing of data, leading to potential gaps in ethical guidelines and practices.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some informal or partial ethical guidelines exist for data collection, use and sharing.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "There is a formal ethical statement with documented principles and guidelines for the collection, use and sharing of data, though its implementation and communication may vary.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "A well-defined ethical statement is in place, clearly addressing the collection, use and sharing of data, with effective communication and integration into organisational practices.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "An advanced, continuously updated ethical statement governs the collection, use and sharing of data. There is a set of comprehensive principles, proactive management, and integration into all relevant processes to ensure alignment with best practices and ethical standards.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "There are no clear processes for assessing and managing the ethical implications of collecting, using and sharing data, leading to potential ethical oversights and inconsistent practices.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some informal methods are used to assess and manage the ethical implications of data collection, use and sharing.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "Formal processes are established for assessing and managing the ethical implications of data collection, use and sharing, with documented procedures, though the depth and consistency of these processes may vary.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Well-defined and consistently applied processes are in place to assess and manage the ethical implications of data collection, use and sharing, with clear documentation, regular reviews, and effective management.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Advanced, continuously refined processes ensure comprehensive assessment and management of the ethical implications of data collection, use, and sharing. There is proactive oversight, thorough documentation, and alignment with best practices.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true + "questions": [ + { + "text": "Does your organisation have an escalation process for resolving more difficult ethical data use challenges?", + "context": "Being able to escalate specific needs to the appropriate decision-maker, and having a process of decision-making documented, enables all involved to understand how to deal with issues.", + "statements": [ + { + "text": "There is no escalation process for resolving difficult ethical data use challenges, leading to inconsistent handling and potential unresolved issues.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some methods exist for addressing ethical data use challenges, but there is no consistent escalation process for handling more complex issues.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "A formal escalation process is in place for resolving difficult ethical data use challenges, though the effectiveness and application of the process may vary.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Well-defined and consistently applied escalation processes are in place for addressing complex ethical data use challenges. There is clear documentation, regular reviews, and effective management to ensure timely and appropriate resolution.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Advanced, continuously refined escalation processes are established for resolving difficult ethical data use challenges. There is proactive management, comprehensive documentation, and integration of best practices to ensure effective and transparent resolution of complex issues.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Does your organisation have a defined ethical statement relating to its collection, use and sharing of data?", + "context": "Being open and transparent about your organisation's ethical considerations will allow others to understand how you treat data. It will also allow others to have a dialogue with you if they have any thoughts or concerns.", + "statements": [ + { + "text": "There is no defined ethical statement regarding the collection, use and sharing of data, leading to potential gaps in ethical guidelines and practices.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some informal or partial ethical guidelines exist for data collection, use and sharing.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "There is a formal ethical statement with documented principles and guidelines for the collection, use and sharing of data, though its implementation and communication may vary.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "A well-defined ethical statement is in place, clearly addressing the collection, use and sharing of data, with effective communication and integration into organisational practices.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "An advanced, continuously updated ethical statement governs the collection, use and sharing of data. There is a set of comprehensive principles, proactive management, and integration into all relevant processes to ensure alignment with best practices and ethical standards.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Does your organisation have clear processes for assessing and managing the ethical implications that arise from collecting, using and sharing data?", + "context": "Once you have stated how you will be collecting, using and sharing data ethically, you should ensure your organisational processes are in line with these requirements where they apply.", + "statements": [ + { + "text": "There are no clear processes for assessing and managing the ethical implications of collecting, using and sharing data, leading to potential ethical oversights and inconsistent practices.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some informal methods are used to assess and manage the ethical implications of data collection, use and sharing.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Formal processes are established for assessing and managing the ethical implications of data collection, use and sharing, with documented procedures, though the depth and consistency of these processes may vary.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Well-defined and consistently applied processes are in place to assess and manage the ethical implications of data collection, use and sharing, with clear documentation, regular reviews, and effective management.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Advanced, continuously refined processes ensure comprehensive assessment and management of the ethical implications of data collection, use, and sharing. There is proactive oversight, thorough documentation, and alignment with best practices.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] } ] }, { "title": "Technology", - "statements": [ - { - "text": "There are no tools available to assist with the application of data ethics for projects or operations, leading to potential gaps in ethical oversight and decision-making.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some informal tools or resources are used to address data ethics in projects or operations, but these may be inconsistently applied or lack integration into business workflows.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "Formal tools are available to assist with the application of data ethics in projects or operations, though their effectiveness and integration may vary.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Well-defined and consistently applied tools are in place to support the application of data ethics in projects or operations, with clear documentation, regular updates, and effective integration into project and operational workflows.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Advanced, continuously updated tools are actively used to ensure robust application of data ethics in projects and operations. There is a set of comprehensive features, proactive management, and alignment with best practices to ensure thorough ethical oversight and support.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true + "questions": [ + { + "text": "Does your organisation have tools to help with the application of data ethics for projects or operations?", + "context": "Tools, such as the ODI's Data Ethics Canvas or Ethics Maturity Model, may help to embed and share processes and speed up data ethics decision-making.", + "statements": [ + { + "text": "There are no tools available to assist with the application of data ethics for projects or operations, leading to potential gaps in ethical oversight and decision-making.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some informal tools or resources are used to address data ethics in projects or operations, but these may be inconsistently applied or lack integration into business workflows.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Formal tools are available to assist with the application of data ethics in projects or operations, though their effectiveness and integration may vary.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Well-defined and consistently applied tools are in place to support the application of data ethics in projects or operations, with clear documentation, regular updates, and effective integration into project and operational workflows.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Advanced, continuously updated tools are actively used to ensure robust application of data ethics in projects and operations. There is a set of comprehensive features, proactive management, and alignment with best practices to ensure thorough ethical oversight and support.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] } ] } @@ -2398,251 +2455,257 @@ "activities": [ { "title": "People", - "statements": [ - { - "text": "There is no named person accountable for data sharing agreements, leading to potential gaps in oversight and consistency in managing data sharing practices.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "There is no clearly designated person with formal accountability for overseeing these agreements, which are instead handled in ad-hoc fashion.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "A named person is assigned responsibility for managing data sharing agreements, with documented responsibilities, though their authority and scope of oversight may vary.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "A dedicated individual is clearly accountable for data sharing agreements, with well-defined responsibilities and effective oversight, ensuring consistent and compliant management of these agreements.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "A senior individual is accountable for data sharing agreements, with comprehensive authority and responsibility. There is a drive for continuous improvement in data sharing practices, proactive management, and alignment with best practices and regulatory requirements.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "There is no formal training provided on data permissions and their application, leading to the potential for misunderstandings and inconsistent handling of data permissions.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some individuals receive informal or ad-hoc training on data permissions, but it is inconsistent and lacks proper content and structure.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "Most individuals receive regular formal training on data permissions and their application, with adequate content.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "All individuals receive appropriate training on data permissions and how they apply. There is clear documentation, consistent application, and periodic updates to ensure ongoing relevance and effectiveness.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Advanced, continuously updated training programs on data permissions are in place. There is tailored content for different roles, proactive management, and integration of best practices to ensure comprehensive understanding and adherence across the organisation.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "There is no formal escalation process for resolving difficult data sharing agreement issues, leading to potential delays and inconsistent resolution.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some informal methods are used to address basic issues with data sharing agreements, but there is no consistent or well defined escalation process for handling complex or challenging situations.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "A formal escalation process is in place for resolving difficult issues related to data sharing agreements, with documented procedures, though the effectiveness and application of the process may vary.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Well-defined and consistently applied escalation processes are established to address complex issues with data sharing agreements, with clear documentation, regular reviews, and effective management to ensure timely and appropriate resolution.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Advanced, continuously refined escalation processes are in place for resolving difficult data sharing agreement issues. There is proactive management, comprehensive documentation, and integration of best practices to ensure effective and transparent resolution of complex problems.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "There is no access to specialised legal support for dealing with complex intellectual property rights (IPR) and licensing issues, leading to potential challenges in addressing these matters effectively.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some legal support is available for IPR and licensing issues, but it may be informal and not specifically tailored to handling more complicated or nuanced cases.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "Formal access to legal support is established for handling IPR and licensing issues, with documented procedures for seeking assistance, though the availability and specialisation of the support may vary.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Well-defined and consistently applied access to specialised legal support is in place for dealing with complicated IPR and licensing issues, with clear documentation, regular engagement, and effective management to ensure thorough and informed handling of complex cases.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Advanced, continuously refined access to highly specialised legal support is available for managing intricate IPR and licensing issues. There is proactive management, comprehensive documentation, and alignment with best practices to ensure expert and efficient resolution of complex legal challenges.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true + "questions": [ + { + "text": "Does your organisation have a named person accountable for data sharing agreements?", + "context": "Clarity of accountability for data sharing and permissions in the organisation ensures that decisions are made by the right people.", + "statements": [ + { + "text": "There is no named person accountable for data sharing agreements, leading to potential gaps in oversight and consistency in managing data sharing practices.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "There is no clearly designated person with formal accountability for overseeing these agreements, which are instead handled in ad-hoc fashion.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "A named person is assigned responsibility for managing data sharing agreements, with documented responsibilities, though their authority and scope of oversight may vary.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "A dedicated individual is clearly accountable for data sharing agreements, with well-defined responsibilities and effective oversight, ensuring consistent and compliant management of these agreements.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "A senior individual is accountable for data sharing agreements, with comprehensive authority and responsibility. There is a drive for continuous improvement in data sharing practices, proactive management, and alignment with best practices and regulatory requirements.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Have all individuals received appropriate training on data permissions and how they apply?", + "context": "Because everyone will come into contact with data in their work, everyone will have a role in complying with processes.", + "statements": [ + { + "text": "There is no formal training provided on data permissions and their application, leading to the potential for misunderstandings and inconsistent handling of data permissions.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some individuals receive informal or ad-hoc training on data permissions, but it is inconsistent and lacks proper content and structure.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Most individuals receive regular formal training on data permissions and their application, with adequate content.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "All individuals receive appropriate training on data permissions and how they apply. There is clear documentation, consistent application, and periodic updates to ensure ongoing relevance and effectiveness.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Advanced, continuously updated training programs on data permissions are in place. There is tailored content for different roles, proactive management, and integration of best practices to ensure comprehensive understanding and adherence across the organisation.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Does your organisation have an escalation process for resolving more difficult data sharing agreements issues?", + "context": "Being able to escalate specific needs to the appropriate decision-maker, and having a process of decision-making documented, allows all involved to understand how to deal with issues.", + "statements": [ + { + "text": "There is no formal escalation process for resolving difficult data sharing agreement issues, leading to potential delays and inconsistent resolution.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some informal methods are used to address basic issues with data sharing agreements, but there is no consistent or well defined escalation process for handling complex or challenging situations.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "A formal escalation process is in place for resolving difficult issues related to data sharing agreements, with documented procedures, though the effectiveness and application of the process may vary.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Well-defined and consistently applied escalation processes are established to address complex issues with data sharing agreements, with clear documentation, regular reviews, and effective management to ensure timely and appropriate resolution.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Advanced, continuously refined escalation processes are in place for resolving difficult data sharing agreement issues. There is proactive management, comprehensive documentation, and integration of best practices to ensure effective and transparent resolution of complex problems.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Does your organisation have access to appropriate legal support for dealing with more complicated intellectual property rights (IPR) and licensing issues?", + "context": "Licensing is an interaction between business processes, business requirements and the need to legally manage the relationship with third parties. In some circumstances, it will be necessary to have access to IPR and contracting expertise.", + "statements": [ + { + "text": "There is no access to specialised legal support for dealing with complex intellectual property rights (IPR) and licensing issues, leading to potential challenges in addressing these matters effectively.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some legal support is available for IPR and licensing issues, but it may be informal and not specifically tailored to handling more complicated or nuanced cases.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "Formal access to legal support is established for handling IPR and licensing issues, with documented procedures for seeking assistance, though the availability and specialisation of the support may vary.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Well-defined and consistently applied access to specialised legal support is in place for dealing with complicated IPR and licensing issues, with clear documentation, regular engagement, and effective management to ensure thorough and informed handling of complex cases.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Advanced, continuously refined access to highly specialised legal support is available for managing intricate IPR and licensing issues. There is proactive management, comprehensive documentation, and alignment with best practices to ensure expert and efficient resolution of complex legal challenges.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] } ] }, { "title": "Process", - "statements": [ - { - "text": "There is no process for deciding on appropriate data sharing agreementa, leading to potential inconsistencies and risks in data sharing practices.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some informal methods are used to determine appropriate data sharing agreements, but there is no consistent defined process in place for making these decisions.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "A formal process is established for deciding on appropriate data sharing agreements, with documented procedures and criteria, though implementation and adherence may vary.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Well-defined and consistently applied processes are in place for determining appropriate data sharing agreements, with clear documentation, regular reviews, and effective management.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Advanced, continuously refined processes ensure a strategic and thorough approach to deciding on appropriate data sharing agreements. There is comprehensive documentation, proactive management, and integration of best practices.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "There is no process for assessing, recording, or managing the permissions of acquired data, leading to potential issues with compliance and oversight.", - "tags": [ - null - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some informal methods are used to assess and manage permissions of acquired data, but there is no consistent defined process for recording and overseeing these permissions.", - "tags": [ - null - ], - "associatedLevel": 2, - "positive": false - }, - { - "text": "A formal process is in place for assessing, recording, and managing permissions of acquired data, with documented procedures, though the effectiveness and consistency of these practices may vary.", - "tags": [ - null - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Well-defined and consistently applied processes are established for assessing, recording, and managing permissions of acquired data, with clear documentation, regular reviews, and effective management.", - "tags": [ - null - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Advanced, continuously refined processes ensure a comprehensive approach to assessing, recording, and managing permissions of acquired data. There is proactive oversight, detailed documentation, and alignment with best practices.", - "tags": [ - null - ], - "associatedLevel": 5, - "positive": true + "questions": [ + { + "text": "Does your organisation have a process for deciding on the appropriate data sharing agreement for data being shared?", + "context": "Deciding where you want data to sit on the data spectrum is an important step in understanding the necessary licencing requirements. For Open Data, using creative commons might be appropriate. If sharing needs to be more controlled, bespoke data sharing agreements are likely to be needed.", + "statements": [ + { + "text": "There is no process for deciding on appropriate data sharing agreementa, leading to potential inconsistencies and risks in data sharing practices.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some informal methods are used to determine appropriate data sharing agreements, but there is no consistent defined process in place for making these decisions.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "A formal process is established for deciding on appropriate data sharing agreements, with documented procedures and criteria, though implementation and adherence may vary.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Well-defined and consistently applied processes are in place for determining appropriate data sharing agreements, with clear documentation, regular reviews, and effective management.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Advanced, continuously refined processes ensure a strategic and thorough approach to deciding on appropriate data sharing agreements. There is comprehensive documentation, proactive management, and integration of best practices.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] + }, + { + "text": "Does your organisation have a process for assessing, recording and managing the permissions that you have been granted on the data that you have acquired?", + "context": "When you collect data, you will need to ensure you have the permissions you need to do what you want to do.", + "statements": [ + { + "text": "There is no process for assessing, recording, or managing the permissions of acquired data, leading to potential issues with compliance and oversight.", + "tags": [ + null + ], + "associatedLevel": 1 + }, + { + "text": "Some informal methods are used to assess and manage permissions of acquired data, but there is no consistent defined process for recording and overseeing these permissions.", + "tags": [ + null + ], + "associatedLevel": 2 + }, + { + "text": "A formal process is in place for assessing, recording, and managing permissions of acquired data, with documented procedures, though the effectiveness and consistency of these practices may vary.", + "tags": [ + null + ], + "associatedLevel": 3 + }, + { + "text": "Well-defined and consistently applied processes are established for assessing, recording, and managing permissions of acquired data, with clear documentation, regular reviews, and effective management.", + "tags": [ + null + ], + "associatedLevel": 4 + }, + { + "text": "Advanced, continuously refined processes ensure a comprehensive approach to assessing, recording, and managing permissions of acquired data. There is proactive oversight, detailed documentation, and alignment with best practices.", + "tags": [ + null + ], + "associatedLevel": 5 + } + ] } ] } diff --git a/private/assessments/ODM2024.json b/private/assessments/ODM2024.json index 11cf30a..ecf3f47 100644 --- a/private/assessments/ODM2024.json +++ b/private/assessments/ODM2024.json @@ -1,2051 +1,1319 @@ { - "title": "Open Data Maturity Model (2024)", - "description": "

The open data maturity model is a way to assess how well an organisation publishes and consumes open data, and identifies actions for improvement.

The model is based around five themes and five progress levels. Each theme represents a broad area of operations within an organisation. Each theme is then broken into areas of activity, which can then be used to assess progress.

", - "owner": "info@theodi.org", - "organisation": { - "name": "The Open Data Institute", - "homePage": "https://theodi.org", - "country": { - "name": "United Kingdom", - "code": "GB" - } - }, - "public": true, - "dimensions": [ - { - "name": "Data publication processes", - "activities": [ - { - "title": "Data release process", - "statements": [ - { - "text": "There is little or no published open data.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Datasets that are published are done so using ad hoc and possibly manual processes, and are only available on the organisation's own regular website.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Released datasets are rarely, if ever, updated.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Licensing is not be explicitly addressed, meaning that published data is open to view but not open to use.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Specific teams or projects have defined a repeatable data publishing process.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 2, - "positive": true - }, - { - "text": "Some data URLs are standardised and persistent and directly link to data.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 2, - "positive": true - }, - { - "text": "Some datasets are released and updated according to a regular schedule.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 2, - "positive": true - }, - { - "text": "Datasets are published under an open data licence, making them not just open to view but also open to use.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 2, - "positive": true - }, - { - "text": "There is a repeatable organisation-wide release process for publishing datasets, with a defined cadence of data release.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "The release process has been adopted for some published datasets.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Datasets are published on a dedicated open data portal under a conformant open data licence.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "There is a central catalogue of published datasets, which is at least moderately complete.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "All published datasets are released according to the standard organisational process.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Datasets are published using an open source data portal, which has robust data management features.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "All datasets have unique and persistent identifiers and direct URLs.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Archived versions of key datasets are provided to support historical analysis.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Updates to datasets are released to a scheduled, published timetable.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "The dataset catalogue is mostly complete regarding old datasets, and is always written to in full for new datasets as part of the release and update process, which is likely to be automatic. This is externally available.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Internal reports are available to highlight stale datasets.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "The organisation collects and monitors metrics on its release process, e.g. time taken to release and refresh datasets.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "The organisation acts to optimise the release process to reduce time between changes and releases.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "Datasets are also made available through open data aggregation and indexing platforms.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "The data release process includes steps to consider how open data may be used to support Artificial Intelligence / Machine Learning (AI/ML) use cases", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 5, - "positive": true - } - ] - }, - { - "title": "Standards development and adoption", - "statements": [ - { - "text": "Datasets are not released using common standards.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Data is in a variety of formats, with no official quality control.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some teams or projects have agreed on specific technical standards for formatting certain types of data.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 2, - "positive": true - }, - { - "text": "Standards are driven by internal priorities and needs, with limited consideration for data re-users.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 2, - "positive": true - }, - { - "text": "Data is made available in structured formats (e.g. tabular form), which are easy for a human to reuse (e.g. XLS, XLSX).", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 2, - "positive": true - }, - { - "text": "Some metadata is gathered and published alongside the data.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 2, - "positive": true - }, - { - "text": "The organisation has defined a set of key technical data publishing standards which is internally available and frequently used. These standards address data formats (e.g. they demand non-proprietary, machine readabled structured formats such as CSV or JSON) and metadata needs, including the use of schemas.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Metadata is fairly complete and well structured, adhering to the same quality standards applied to the data itself.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Most data sets are machine readable. Column headings and data are all standardised and clear for primary datasets, with separate lookup tables often used to explain codes and terms.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "All datasets are released in conformance with the organisation's technical standards.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Datasets across the organisation are using standard code lists and identifiers. Relevant datasets are using open options.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Metadata is always considered alongside the primary data, with distinct descriptive and structural aspects. Standard open formats such as DCAT are beginning to be adopted.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "The organisation has defined a strategic approach for managing its data standards going forwards.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "The organisation monitors technology trends to ensure that its datasets are released according to evolving standards and best practices.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "The organisation is routinely using open standards, including code lists and identifiers, to help align its datasets with other sources. The same can be said of metadata too.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "The organisation is using specific standards with the explicit intention of making data AI/ML-ready.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 5, - "positive": true - } - ] - }, - { - "title": "Data management and governance", - "statements": [ - { - "text": "Datasets are not managed in any consistent way.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "There is no clear ownership around internal datasets.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Data ethics is not actively considered.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Specific teams or products have begun defining their own lightweight data governance processes, which are used ad hoc.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 2, - "positive": true - }, - { - "text": "Specific individuals are aware of data ethics.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 2, - "positive": true - }, - { - "text": "The organisation has defined a standard data governance process that has been applied to high value datasets.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "The process addresses key organisational issues and considers the complete dataset lifecycle.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Datasets have a well-defined owner through their lifecycle.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "The standard data governance process is applied to all datasets. The process may be tailored to the needs of specific projects.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "The organisation routinely monitors data quality for its high-value datasets.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Feedback from re-users is used to help drive improvements in data quality where appropriate.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "The organisation is working to improve its data governance processes, e.g. by monitoring the process to address circumstances where data governance may lapse.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "The organisation is working in partnership with re-users to help improve & maintain data quality. This may include accepting external contributions.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 5, - "positive": true - } - ] - }, - { - "title": "Assessing and mitigating risk", - "statements": [ - { - "text": "The organisation recognises that there may be risks associated with data, but has not yet defined any processes for assessing and mitigating them.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "The organisation regularly evaluates the benefits and risks of releasing (all or part of) data that contains personal or sensitive data as open data. ", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 2, - "positive": true - }, - { - "text": "Processes for assessing and mitigating risks are defined.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 2, - "positive": true - }, - { - "text": "Some datasets based on sensitive information are released, following efforts made to remove or aggregate data. Where personal information is released, appropriate consent or other lewful basis is established", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 2, - "positive": true - }, - { - "text": "Standard processes for assessing and mitigating risks are defined, such as anonymisation and aggregation, and they are routinely applied to new datasets as deemed necessary.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Risk management is an explicit component of the data governance process.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Standard risk assessments and mitigations are applied to all datasets prior to publication. The organisation may also apply a standardised open data triage process.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Advanced Privacy Enhancing Technologies (PETs) (or alternative techniques) are employed to open data.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "The organisation seeks independent validation prior to release of high risk datasets.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "The organisation routinely assesses all datasets during their life-cycle in order to highlight sensitive information. An open data triage process is in place that is also published or linked to.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "The organisation monitors the changing data landscape to address emerging issues, including those poised by AI. This may involve changing the approach to risk assessment and mitigation, or even stopping a data release.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 5, - "positive": true - } - ] - } - ] + "title": "Open Data Maturity Model (2024)", + "description": "

The open data maturity model is a way to assess how well an organisation publishes and consumes open data, and identifies actions for improvement.

The model is based around five themes and five progress levels. Each theme represents a broad area of operations within an organisation. Each theme is then broken into areas of activity, which can then be used to assess progress.

", + "owner": "info@theodi.org", + "organisation": { + "name": "The Open Data Institute", + "homePage": "https://theodi.org", + "country": { + "name": "United Kingdom", + "code": "GB" + } }, - { - "name": "Data literacy and skills", - "activities": [ + "public": true, + "levels": ["Initial", "Repeatable", "Defined", "Managed", "Optimising"], + "dimensions": [ { - "title": "Open data expertise", - "statements": [ - { - "text": "Current open data activities rely on existing knowledge and skills of a small number of stakeholders and/or self-taught evangelists.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Expertise across the roles is undefined. Utilisation and resourcing is managed on an ad-hoc basis, with no/limited documented evidence of existing knowledge and skills in relation to open data.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "There is limited understanding of which roles are directly linked to open data practices, and there is no/limited detail of open data activities in job descriptions of key roles.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "The organisation has data professionals embedded. These may be organised as a single team, or dispersed across teams.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 2, - "positive": true - }, - { - "text": "Training and support around open data is driven by the needs of specific projects as they arise.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 2, - "positive": true - }, - { - "text": "In situations where internal expertise is limited, the organisation ensures access to key open data skills by partnering with external specialists.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 2, - "positive": true - }, - { - "text": "The organisation has identified internal open data experts that help support and mentor others.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "There is a data focused working group of interested parties working on data related projects.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "The organisation has several staff members with the necessary skills to implement data initiatives. These roles are typically centrally organised and focus on organisational projects.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "The organisation is actively building a shared understanding of open data practices. This covers common knowledge, operational requirements and strategic insight.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Open data awareness and training is a standard part of staff induction and/or development.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Staff are clear on how open data guides and informs organisational strategy.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "There are individuals responsible for managing open data. This includes reviewing processes and/or maintaining data sets. These individuals are champions for open data and build connections between open data and other data domains.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Teams across the organisation have a data champion who advocates on behalf of the team regarding strategic goals managed locally.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Knowledge and understanding of open data exists at all levels in the organisation.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "Staff understand the impact of their own roles and responsibilities regarding open data.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "The organisation acts to build and foster networks of open data expertise both within the organisation and the wider community.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "The organisation is formally exploring the ethical impacts of open data and examining how ethical data practices can support open data.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "The organisation is looking to advance its open data practices by examining its maturity in other areas of data.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "Non-data professionals are included in key committees and stakeholder groups to discuss impact of projects and outcomes across the organisation.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 5, - "positive": true - } - ] + "name": "Data Publication Processes", + "activities": [ + { + "title": "Data Release Process", + "questions": [ + { + "text": "How are datasets published and made accessible to the public?", + "statements": [ + { + "text": "There is little or no open data available for public access.", + "associatedLevel": 1 + }, + { + "text": "Data is published on an ad-hoc basis across multiple platforms or websites.", + "associatedLevel": 2 + }, + { + "text": "A set of defined datasets is published on a regular schedule.", + "associatedLevel": 3 + }, + { + "text": "Datasets are hosted on a managed platform with robust data management capabilities.", + "associatedLevel": 4 + }, + { + "text": "Datasets are automatically indexed in external data aggregation portals, ensuring seamless updates.", + "associatedLevel": 5 + } + ] + }, + { + "text": "Is there a clear and repeatable process for releasing data?", + "statements": [ + { + "text": "Data is published using ad-hoc, often manual processes.", + "associatedLevel": 1 + }, + { + "text": "Certain teams or projects follow a defined, repeatable process for publishing data.", + "associatedLevel": 2 + }, + { + "text": "There is a consistent, organisation-wide data release process, with a regular release cadence.", + "associatedLevel": 3 + }, + { + "text": "All published datasets follow a standard organisational process for release.", + "associatedLevel": 4 + }, + { + "text": "The organisation tracks and measures metrics related to the release process, such as the time between updates.", + "associatedLevel": 5 + } + ] + }, + { + "text": "How is the licensing of datasets managed?", + "statements": [ + { + "text": "Licensing is not addressed, leaving data open to viewing but not for reuse.", + "associatedLevel": 1 + }, + { + "text": "Datasets are published under an open data licence, enabling both access and reuse.", + "associatedLevel": 2 + }, + { + "text": "Licenses include clear attribution statements, making it easy for others to reuse the data.", + "associatedLevel": 3 + }, + { + "text": "Licenses are accompanied by detailed documentation explaining what aspects of the dataset are covered, such as structure, format, or third-party content.", + "associatedLevel": 4 + }, + { + "text": "New technologies, such as AI, are assessed for their impact on licensing, ensuring compatibility and evaluating emerging risks.", + "associatedLevel": 5 + } + ] + }, + { + "text": "How are dataset updates managed?", + "statements": [ + { + "text": "Datasets are rarely, if ever, updated once published.", + "associatedLevel": 1 + }, + { + "text": "Some datasets are updated according to a predefined schedule.", + "associatedLevel": 2 + }, + { + "text": "Datasets are updated regularly, with updates following a published timetable.", + "associatedLevel": 3 + }, + { + "text": "Archived versions of key datasets are maintained to support historical analysis and comparisons.", + "associatedLevel": 4 + }, + { + "text": "Reports provide insights into dataset sustainability, highlighting stale datasets and emerging risks.", + "associatedLevel": 5 + } + ] + } + ] + }, + { + "title": "Standards Development and Adoption", + "questions": [ + { + "text": "Are datasets published using common standards?", + "statements": [ + { + "text": "Datasets are not released using common standards.", + "associatedLevel": 1 + }, + { + "text": "Some teams or projects have agreed on specific technical standards for formatting certain types of data.", + "associatedLevel": 2 + }, + { + "text": "The organisation has defined a set of key technical data publishing standards, which include data formats and metadata schemas.", + "associatedLevel": 3 + }, + { + "text": "All datasets are released in full conformance with the organisation's technical standards.", + "associatedLevel": 4 + }, + { + "text": "The organisation monitors technology trends to ensure datasets are released according to evolving standards and best practices.", + "associatedLevel": 5 + } + ] + }, + { + "text": "How are data formats and accessibility managed?", + "statements": [ + { + "text": "Data is available in various formats with no standardisation or quality control.", + "associatedLevel": 1 + }, + { + "text": "Data is made available in structured formats that are easy for humans to reuse (e.g., XLS, CSV).", + "associatedLevel": 2 + }, + { + "text": "Most datasets are machine-readable and use standardised column headings and lookup tables for clarity.", + "associatedLevel": 3 + }, + { + "text": "Datasets are released in open, non-proprietary formats (e.g., CSV, JSON) and include well-structured metadata.", + "associatedLevel": 4 + }, + { + "text": "Datasets are formatted to be AI/ML-ready, following advanced standards for machine readability.", + "associatedLevel": 5 + } + ] + }, + { + "text": "Is metadata consistently applied to datasets?", + "statements": [ + { + "text": "Metadata is not gathered or published alongside datasets.", + "associatedLevel": 1 + }, + { + "text": "Some metadata is gathered and published, but the quality and completeness are inconsistent.", + "associatedLevel": 2 + }, + { + "text": "Metadata is well-structured and adheres to the same quality standards as the data itself.", + "associatedLevel": 3 + }, + { + "text": "Metadata follows open standards such as DCAT, ensuring consistency with other datasets.", + "associatedLevel": 4 + }, + { + "text": "The organisation uses open standards for both data and metadata, ensuring alignment with other sources.", + "associatedLevel": 5 + } + ] + }, + { + "text": "How is the process of standards management handled within the organisation?", + "statements": [ + { + "text": "There is no defined process for managing data standards.", + "associatedLevel": 1 + }, + { + "text": "Standards are driven by internal priorities with limited consideration for external data re-users.", + "associatedLevel": 2 + }, + { + "text": "A formal process for data standards management has been defined and is consistently followed across the organisation.", + "associatedLevel": 3 + }, + { + "text": "The organisation has a strategic approach for managing data standards and is beginning to adopt open standards.", + "associatedLevel": 4 + }, + { + "text": "The organisation optimises its data standards management process by monitoring new technologies and ensuring compatibility with emerging use cases such as AI/ML.", + "associatedLevel": 5 + } + ] + } + ] + }, + { + "title": "Data Management and Governance", + "questions": [ + { + "text": "How consistently are datasets managed?", + "statements": [ + { + "text": "Datasets are not managed in any consistent way.", + "associatedLevel": 1 + }, + { + "text": "Specific teams or projects have begun defining their own lightweight data management processes, used ad hoc.", + "associatedLevel": 2 + }, + { + "text": "The organisation has defined standard data management processes, applied to high-value datasets.", + "associatedLevel": 3 + }, + { + "text": "Standard data management processes are applied to all datasets, with the flexibility to tailor processes for specific projects.", + "associatedLevel": 4 + }, + { + "text": "The organisation continually monitors and improves its data management processes, ensuring they are optimised for changing needs.", + "associatedLevel": 5 + } + ] + }, + { + "text": "Is ownership of datasets clearly defined?", + "statements": [ + { + "text": "There is no clear ownership around internal datasets.", + "associatedLevel": 1 + }, + { + "text": "Specific individuals or teams are informally responsible for certain datasets, but this is not clearly documented.", + "associatedLevel": 2 + }, + { + "text": "Each dataset has a well-defined owner, responsible for managing the data throughout its lifecycle.", + "associatedLevel": 3 + }, + { + "text": "Ownership is clearly documented for all datasets and regularly reviewed to ensure accountability throughout the data lifecycle.", + "associatedLevel": 4 + }, + { + "text": "Ownership structures are fully integrated into the organisation's data governance framework, ensuring that changes in ownership or responsibility are automatically tracked and updated.", + "associatedLevel": 5 + } + ] + }, + { + "text": "How is data quality monitored and maintained?", + "statements": [ + { + "text": "Data quality is not actively monitored, and no formal process exists for ensuring data accuracy or completeness.", + "associatedLevel": 1 + }, + { + "text": "Some datasets are reviewed for quality, but processes are inconsistent and reactive.", + "associatedLevel": 2 + }, + { + "text": "High-value datasets are regularly monitored for quality, and issues are addressed as they arise.", + "associatedLevel": 3 + }, + { + "text": "Data quality for all datasets is actively monitored with clear guidelines for addressing quality issues, based on feedback from both internal and external users.", + "associatedLevel": 4 + }, + { + "text": "Data quality is proactively improved, with regular assessments and collaboration with external re-users to ensure datasets meet evolving needs and standards.", + "associatedLevel": 5 + } + ] + }, + { + "text": "How is open data governance integrated into the organisation’s processes?", + "statements": [ + { + "text": "There is no formal governance process for managing open data.", + "associatedLevel": 1 + }, + { + "text": "Specific teams have informal governance processes for releasing open data, but these are inconsistent across the organisation.", + "associatedLevel": 2 + }, + { + "text": "The organisation has established a governance framework for managing open data releases, applied to key datasets.", + "associatedLevel": 3 + }, + { + "text": "The open data governance framework is applied to all datasets, ensuring consistent practices and monitoring.", + "associatedLevel": 4 + }, + { + "text": "The organisation continuously improves its open data governance, incorporating feedback from re-users and monitoring the impact of its data releases.", + "associatedLevel": 5 + } + ] + }, + { + "text": "How is data cataloguing and accessibility managed?", + "statements": [ + { + "text": "There is no central catalogue of datasets, and accessibility is inconsistent.", + "associatedLevel": 1 + }, + { + "text": "Some datasets are catalogued, but the catalogue is incomplete, and accessibility is inconsistent.", + "associatedLevel": 2 + }, + { + "text": "A central dataset catalogue exists, with the majority of datasets included and accessible.", + "associatedLevel": 3 + }, + { + "text": "The dataset catalogue is complete, well-maintained, and accessible both internally and externally.", + "associatedLevel": 4 + }, + { + "text": "The dataset catalogue is optimised for accessibility and continuously updated, with external re-users contributing to improvements and updates.", + "associatedLevel": 5 + } + ] + } + ] + }, + { + "title": "Compliance and Risk", + "questions": [ + { + "text": "How does the organisation manage risks associated with data publication?", + "statements": [ + { + "text": "The organisation recognises that there may be risks associated with data, but has not yet defined any processes for assessing and mitigating them.", + "associatedLevel": 1 + }, + { + "text": "The organisation has begun assessing risks associated with some datasets, but the process is informal and not yet documented across the board.", + "associatedLevel": 2 + }, + { + "text": "Processes for assessing and mitigating risks are defined and documented. These processes are applied routinely to high-value datasets.", + "associatedLevel": 3 + }, + { + "text": "Risk management is fully integrated into the data governance process. All datasets undergo a risk assessment before publication, and mitigation strategies such as anonymisation and aggregation are employed where needed.", + "associatedLevel": 4 + }, + { + "text": "The organisation has a comprehensive risk management framework in place, including advanced Privacy Enhancing Technologies (PETs) and external validation for high-risk datasets. The process is transparent and linked to published risk registers.", + "associatedLevel": 5 + } + ] + }, + { + "text": "How are datasets containing personal or sensitive information handled?", + "statements": [ + { + "text": "There is no formal process in place for handling datasets containing personal or sensitive information, and no risk assessment is conducted before data release.", + "associatedLevel": 1 + }, + { + "text": "The organisation regularly evaluates the risks and benefits of releasing datasets containing personal or sensitive information, with informal methods for anonymisation or aggregation.", + "associatedLevel": 2 + }, + { + "text": "Standard processes for anonymising or aggregating personal or sensitive information are defined and applied to most datasets. Consent or lawful basis for releasing personal data is obtained where necessary.", + "associatedLevel": 3 + }, + { + "text": "All datasets containing personal or sensitive information are subject to strict anonymisation or aggregation processes, with advanced techniques used for de-identification. Personal data is released only when fully compliant with legal frameworks.", + "associatedLevel": 4 + }, + { + "text": "The organisation employs cutting-edge techniques for safeguarding personal data, including the use of Privacy Enhancing Technologies (PETs) and routinely monitors new privacy risks. A published open data triage process is in place and includes full transparency on how personal data is handled.", + "associatedLevel": 5 + } + ] + }, + { + "text": "How does the organisation address ethical considerations in its data practices?", + "statements": [ + { + "text": "Ethics is not formally considered in the organisation's data practices or publication processes.", + "associatedLevel": 1 + }, + { + "text": "Specific teams or individuals within the organisation are aware of ethical concerns but there is no standardised process for addressing them.", + "associatedLevel": 2 + }, + { + "text": "The organisation has developed a standard process for addressing ethical considerations in its data practices, which includes evaluating the potential consequences of data publication.", + "associatedLevel": 3 + }, + { + "text": "Ethics is embedded into the data governance process, with routine evaluations of the ethical implications of data releases. Feedback loops are established to address any ethical concerns raised by stakeholders or re-users.", + "associatedLevel": 4 + }, + { + "text": "The organisation takes a proactive approach to ethics, regularly reviewing and updating its ethical guidelines. Ethics is treated on par with legal compliance, and the organisation considers the long-term societal impact of its data releases, including the ethical implications of AI/ML use cases.", + "associatedLevel": 5 + } + ] + }, + { + "text": "How does the organisation ensure compliance with international data standards and legal frameworks?", + "statements": [ + { + "text": "The organisation has little awareness or knowledge of relevant international standards or legal frameworks relating to data publication.", + "associatedLevel": 1 + }, + { + "text": "The organisation has begun assessing its compliance with some international standards and legal frameworks, but the process is informal.", + "associatedLevel": 2 + }, + { + "text": "The organisation has developed processes to ensure compliance with key international standards and legal frameworks. These processes are applied to high-value datasets.", + "associatedLevel": 3 + }, + { + "text": "The organisation routinely monitors compliance with international standards and legal frameworks, and has processes in place to ensure compliance across all datasets.", + "associatedLevel": 4 + }, + { + "text": "The organisation actively monitors the changing regulatory landscape and ensures that all datasets comply with the most up-to-date standards and legal requirements. Compliance is externally validated where necessary.", + "associatedLevel": 5 + } + ] + }, + { + "text": "How transparent is the organisation's risk management process?", + "statements": [ + { + "text": "There is no transparency around the organisation's risk management process, and the public has no insight into the risks associated with published datasets.", + "associatedLevel": 1 + }, + { + "text": "Some information about the risks associated with data publication is available internally, but this information is not made public.", + "associatedLevel": 2 + }, + { + "text": "The organisation publishes a risk register for key datasets, outlining potential risks and mitigation strategies. However, this register is incomplete.", + "associatedLevel": 3 + }, + { + "text": "A comprehensive risk register is published and regularly updated, with detailed mitigation strategies for each dataset. The organisation is transparent about how risks are assessed and managed.", + "associatedLevel": 4 + }, + { + "text": "The organisation's risk management process is fully transparent, with regular updates to the risk register and the inclusion of feedback from external stakeholders. The risk register is linked to the organisation's open data triage process and is accessible to the public.", + "associatedLevel": 5 + } + ] + } + ] + } + ] }, { - "title": "Understanding the learning needs", - "statements": [ - { - "text": "When reviewing individuals' learning and development, competencies or performance, the process does not include any focus on data literacy and skills.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "There is no standard learning needs analysis for data literacy and skills.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "There are limited opportunities/resources for individuals to learn more about data.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "A shared understanding of data is beginning to develop within the organization, with certain areas already showing growing expertise.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 2, - "positive": true - }, - { - "text": "Recognition of data expertise is primarily focused on direct data roles, with growing awareness needed for data skills within operational and strategic roles.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 2, - "positive": true - }, - { - "text": "There are processes that support individuals in undertaking learning, empowering them to identify their own learning needs and find appropriate resources.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 2, - "positive": true - }, - { - "text": "Professionals are encouraged to identify learning needs in relation to data during their competency/performance review processes.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 2, - "positive": true - }, - { - "text": "The organisation has undertaken a learning needs analysis, and has identified key data skills for development.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "The organisation has a broad understanding of data learning needs, with an opportunity to refine focus in areas such as open data, ethics, and strategy. ", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "The organisation has evaluated which teams or individuals require data upskilling.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "The organisation has a repeatable process for conducting learning needs analysis that includes data as a theme, and manages this on an annual/bi-annual basis.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "The organisation has KPIs for data upskilling, and measures engagement with learning opportunities across the workforce. This may still focus on baseline skills rather than advancing expertise. However, there is likely some provision for advancing key skills aligned to business needs and strategy.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Data skills development is an area of development for all colleagues, identified as part of their performance or competency review.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Training provision is adapted based on outcomes of the regular learning needs analysis.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "KPIs are defined and understood. They measure learning beyond engagement, and emphasise the application of skills within work.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "Learning strategy is closely aligned to organisational strategy, and the organisation is able to identify capability risks, and sustainably manage adaptability across the workforce.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "There are KPIs that align learning impact to business impact, such as growth, transformation, productivity and profitability.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 5, - "positive": true - } - ] + "name": "Data Literacy and Skills", + "activities": [ + { + "title": "Open Data Expertise", + "questions": [ + { + "text": "How does the organisation assess and support open data expertise?", + "statements": [ + { + "text": "Current open data activities rely on the knowledge of a small number of stakeholders, with no formal strategy for expanding this expertise.", + "associatedLevel": 1 + }, + { + "text": "Data professionals are embedded in teams, but there is no centralised strategy to develop open data expertise across the organisation.", + "associatedLevel": 2 + }, + { + "text": "Open data expertise is centralised in a few key individuals or teams, and the organisation partners with external specialists when required.", + "associatedLevel": 3 + }, + { + "text": "There is a centralised open data team or network of experts, with clear roles and responsibilities defined across teams to support open data initiatives.", + "associatedLevel": 4 + }, + { + "text": "The organisation fosters open data expertise across all levels, including external networks and partnerships that advance open data practices globally.", + "associatedLevel": 5 + } + ] + }, + { + "text": "How does the organisation encourage the growth of open data skills?", + "statements": [ + { + "text": "There are no formal training or mentoring programmes related to open data.", + "associatedLevel": 1 + }, + { + "text": "Training around open data is provided on an ad-hoc basis, driven by the needs of specific projects.", + "associatedLevel": 2 + }, + { + "text": "Internal open data experts mentor and support others, and there are growing training opportunities for staff.", + "associatedLevel": 3 + }, + { + "text": "Open data awareness and training are a standard part of staff development, and mentorship programmes are well established.", + "associatedLevel": 4 + }, + { + "text": "Open data training is embedded across all roles and is tailored to individual needs, with an active internal and external mentoring network.", + "associatedLevel": 5 + } + ] + } + ] + }, + { + "title": "Understanding Learning Needs", + "questions": [ + { + "text": "How does the organisation identify its data literacy and skills needs?", + "statements": [ + { + "text": "There is no formal process for identifying data literacy and skills needs within the organisation.", + "associatedLevel": 1 + }, + { + "text": "Some teams and individuals have identified their learning needs, but there is no organisation-wide analysis or process.", + "associatedLevel": 2 + }, + { + "text": "The organisation has undertaken a learning needs analysis and has identified key areas where data literacy and skills need improvement.", + "associatedLevel": 3 + }, + { + "text": "The organisation conducts a structured learning needs analysis on a regular basis, identifying gaps in data literacy and aligning them with strategic objectives.", + "associatedLevel": 4 + }, + { + "text": "The organisation continuously evaluates data literacy needs, aligning them with future business needs, and tracks how learning impacts organisational performance.", + "associatedLevel": 5 + } + ] + }, + { + "text": "How are opportunities for learning and development provided?", + "statements": [ + { + "text": "There are limited or no opportunities for learning about data skills and literacy within the organisation.", + "associatedLevel": 1 + }, + { + "text": "Learning resources are available, but they are often ad-hoc and focus on specific projects rather than broader organisational needs.", + "associatedLevel": 2 + }, + { + "text": "The organisation provides some structured learning opportunities, focusing on developing core data skills across teams.", + "associatedLevel": 3 + }, + { + "text": "The organisation has well-defined learning programmes, and staff are actively encouraged to take part in data literacy training aligned with strategic goals.", + "associatedLevel": 4 + }, + { + "text": "Learning and development programmes are fully embedded, with tailored opportunities available for all staff to continuously improve their data literacy and skills.", + "associatedLevel": 5 + } + ] + } + ] + }, + { + "title": "Strategic Data Skills and Literacy", + "questions": [ + { + "text": "How are data literacy and skills driven strategically across the organisation?", + "statements": [ + { + "text": "There is no strategic ownership of data literacy and skills development within the organisation.", + "associatedLevel": 1 + }, + { + "text": "The organisation has appointed a strategic owner for data literacy, but efforts are limited to tool-specific training (e.g. Excel).", + "associatedLevel": 2 + }, + { + "text": "The organisation provides internal training for data literacy, though it is still generic and not linked to specific job roles or strategic goals.", + "associatedLevel": 3 + }, + { + "text": "Data literacy and skills are embedded into performance reviews, and the organisation actively drives data literacy as a key strategic focus.", + "associatedLevel": 4 + }, + { + "text": "The organisation continuously aligns its data literacy and skills development with broader strategic objectives, tracking KPIs and regularly adjusting its approach to meet future business needs.", + "associatedLevel": 5 + } + ] + }, + { + "text": "How does the organisation support teams with limited data expertise?", + "statements": [ + { + "text": "Teams with limited data expertise have no formal support for building skills or accessing data literacy resources.", + "associatedLevel": 1 + }, + { + "text": "Some teams with limited data expertise are supported by ad-hoc resources, such as project-based training or external consultants.", + "associatedLevel": 2 + }, + { + "text": "Teams with limited data expertise are supported by centrally managed resources, such as data champions or dedicated data professionals.", + "associatedLevel": 3 + }, + { + "text": "There is a clear support structure in place for teams with limited data expertise, including access to mentors, training programmes, and centrally managed data teams.", + "associatedLevel": 4 + }, + { + "text": "The organisation provides tailored, continuous support to teams with limited data expertise, ensuring they are fully integrated into data-driven projects and have access to the necessary skills and resources.", + "associatedLevel": 5 + } + ] + } + ] + } + ] }, { - "title": "Strategic data skills and literacy", - "statements": [ - { - "text": "There is no strategic ownership of data within the organisation.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "The organisation provides tool specific training (e.g. Excel), but does not provide any direct training for open data.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Provision is typically focused on access to knowledge rather than learning (i.e. how-to content repositories, rather than application of skills).", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "The organisation has appointed a strategic owner for data.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 2, - "positive": true - }, - { - "text": "Data literacy and skills courses are available internally. These are typically generic and non-specific to job role or purpose.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 2, - "positive": true - }, - { - "text": "Strategic ownership includes learning as a key focus area.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Training and support around open data is offered to some teams as standard.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Learning resources are appropriately categorised to support individuals in identifying the most appropriate learning for their need.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Identified data literacy and skills courses are actively suggested to individuals across the organisation.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Staff across the organisation are clear on the need for developing data skills, and the impact this has on their role and responsibilities, as well as the broader organisational goals.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "The organisation has implemented programmes of learning in relation to data. Teams and departments have loosely documented responsibilities for individuals in their areas and advise/feedback on the availability and suitability of learning provision.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Where there is limited data expertise in a team, the organisation manages support through dedicated resources in centrally managed teams.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Staff across the organisation are aware of the training provision available, and have identified their specific needs for development, and understand where to receive additional guidance on developing in additional areas.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "There are individuals who actively engage in piloting new learning opportunities to meet future business needs and anticipated changes in strategic direction.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "Learning provision is nuanced, and provides introductory, intermediate and advanced literacy and skills. This goes beyond generic offerings and focuses directly on specific areas of expertise. It includes learning related to data governance, infrastructure and operations, as well as data ethics and its application to open data.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 5, - "positive": true - } - ] - } - ] - }, - { - "name": "Customer support and engagement", - "activities": [ - { - "title": "Engagement and community building", - "statements": [ - { - "text": "Little or no attempt is made to identify potential re-users for released open data.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Information about stakeholders is held by individuals, siloed within the organisation.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Data releases are reactively driven by short-term internal priorities, or based on ad hoc demands from re-users.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "The organisation's motivations for data releases are not communicated clearly to stakeholders.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "The organisation has little or no engagement with other organisations in its sector.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "No attempt is made to measure levels of engagement.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Some teams attempt to identify and engage with potential re-users of the datasets they are publishing.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 2, - "positive": true - }, - { - "text": "Some information about stakeholders is shared and co-ordinated between teams or departments.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 2, - "positive": true - }, - { - "text": "The organisation has established a means by which potential re-users can request data.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 2, - "positive": true - }, - { - "text": "Some ad hoc attempts are made to assess the impact of data publishing efforts.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 2, - "positive": true - }, - { - "text": "There is some ad hoc engagement with individual organisations in the same sector to share knowledge", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 2, - "positive": true - }, - { - "text": "Key stakeholders are identified and mapped, with a system in place for storing and co-ordinating information centrally.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "The organisation has established a repeatable approach for engaging with external users which is tailored, as appropriate, to support individual data releases.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "The engagement process includes outreach to the community both before and after the release of data.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "The organisation is actively seeking user demand for data in order to guide its engagement strategy and inform data releases.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "The organisation engages with groups or organisations in its sector and plays a reactive role in supporting the improvement of open data practices.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Stakeholder analysis is regularly conducted to inform strategic thinking about the management of stakeholder engagement, with clear links between engagement strategies and the overarching aims and objectives of the organisation and its stakeholders.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "The organisation is tracking some the effectiveness of its interventions as an open data publisher, identifying standard ways to measure and monitor the impact of key data releases.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "The organisation plays an active role in supporting open data initiatives in its sector.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "The organisation is working to increase engagement within identified, high-value stakeholder communities and for high-value datasets.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "The organisation is routinely tracking metrics relating to all its open data publishing efforts.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "The organisation proactively engages with its sector and takes a leading role in the improvement of open data practices and the promotion of further open data activities. This may include innovation challenges and dedicated community engagement groups.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "The organisation has clear processes for collaborating with peers on establishing best practice.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 5, - "positive": true - } - ] - }, - { - "title": "Open data documentation", - "statements": [ - { - "text": "Datasets are released with little or no documentation.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "The level of documentation released with datasets is based on the enthusiasm/drive of individuals involved in the release process.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Individual teams create the essential documentation required to support some of the data they are releasing.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 2, - "positive": true - }, - { - "text": "Some common templates or approaches are defined for creating and managing documentation.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 2, - "positive": true - }, - { - "text": "The organisation has identified a standard set of documentation and metadata that should be released with each dataset.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Only some, e.g. high-value datasets, are released with this standard set of documentation and metadata.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "All datasets are released with supporting documentation and metadata using a standard template.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Creation and maintenance of supporting documentation is part of the data publishing process.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "The organisation invests in additional documentation and supporting materials to help re-users.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "The organisation routinely releases high quality metadata and documentation as appropriate for all of its datasets.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "Externally published documentation is reviewed by key internal stakeholders before release.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "Re-users are invited to provide feedback and contribute improvements to published resources. The organisation promotes the availability of third-party learning resources and tools.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 5, - "positive": true - } - ] - }, - { - "title": "Re-user support processes", - "statements": [ - { - "text": "No user support process.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Re-users need to seek out and engage with individuals in the organisation in order to ask for support.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "There is no distinct monitoring or improvement of data use or issues.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Individual teams promote and provide ad hoc support for re-users of their data.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 2, - "positive": true - }, - { - "text": "Some data releases provide contact points for re-users to ask for support.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 2, - "positive": true - }, - { - "text": "A few monitoring metrics have been defined, but are sporadically checked on a limited number of datasets. Issues are likewise handled inconsistently.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 2, - "positive": true - }, - { - "text": "The organisation creates user forums as a means to enable discussion and collect feedback around datasets, and to communicate with its users.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Some metrics are routinely captured, and possibly automated.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "The organisation has a central support team that helps re-users. This team is the primary means for re-users to seek help.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "The organisation promotes the level of support available to re-users for all datasets, such as expected response times.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "The organisation engages with re-users via multiple channels, e.g. social media, discussion forums.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "A mutually supportive set of metrics has been decided on, following a focused iterative process. A number of these are automated. A feedback process is in place for data users, with issues frequently handled.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "The organisation acts to measure the cost and efficiency of its support operations, and actively creates additional learning materials and community support groups as necessary.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "The organisation ensures that it is delivering on its support arrangement for all datasets. For example, response times are within goals. The backlog of issues is relatively small, with no issue waiting for an extensive period of time. Difficult issues are used to improve the overall process rather than simply being handled on a case by case basis.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "Metrics are automated as much as possible, and are frequently reviewed and used for reporting and deciding on actions.", - "context": "", - "tags": [ - "Publication" - ], - "associatedLevel": 5, - "positive": true - } - ] - } - ] - }, - { - "name": "Investment and financial performance", - "activities": [ - { - "title": "Financial oversight and procurement", - "statements": [ - { - "text": "Data releases are unfunded and done as exceptional expenditure.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Procurement processes and contracts do not address data supply or re-use.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "The organisation is unaware of its rights to release any data that results from, or is derived from, existing contracts.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Individual projects include open data publication costs as part of their budget, rather than addressing them separately.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 2, - "positive": true - }, - { - "text": "The organisation activly seeks retrospective clarity around data rights regarding procurement in order to drive more open data adoption.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 2, - "positive": true - }, - { - "text": "Project funding and operational costs routinely include long term costs for open data publication. Responsibility for open data is explicitly part of specific roles.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "The organisation tailors some individual contracts and procurement activities to address data licensing, as required by the needs of specific projects/products", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "The organisation actively monitors the financial costs and benefits of open data publication and re-use.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "The organisation has clarity around costs and benefits of open data as part of ongoing data governance.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "The organisation has standard clauses in contracts and ITTs to ensure clarity around data rights and re-use.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "The organisation actively seeks efficiency savings around open data publication and re-use, such as by reducing data management and licensing overheads where possible.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "All ITTs and tenders from the organisation include reference to open data where appropriate for the contract", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 5, - "positive": true - } - ] - }, - { - "title": "Understanding the value of open data", - "statements": [ - { - "text": "No attempt is made to quantify the value of either published or re-used datasets.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "The organisation carries out some reporting on the value of some datasets, e.g. to a specific community. The valuation is not quantified and is largely described in terms of general benefits.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 2, - "positive": true - }, - { - "text": "Valuation of data is done retrospectively to justify ongoing release of a dataset.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 2, - "positive": true - }, - { - "text": "The organisation uses richly described, qualitative ways of demonstrating the value of publishing data across economic, social and environmental themes.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Where appropriate, the organisation has defined quantitative ways to measure the value and ROI.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Valuation decisions inform the development of business cases in support of specific data releases.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "The organisation adopts one or more standard approaches for describing, and quantifying where relevant, the value of its data assets.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Known re-uses and case studies are published alongside datasets.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "The organisation ensures that all key datasets, whether internally generated or sourced from third parties, are consistently described, quantified in value, and accompanied by published case studies and known re-uses.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "The organisation routinely values all data assets. The valuation is used to drive all investment decisions relating to both data releases and use of external data.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "The metrics and approaches to measuring value are regularly assessed to ensure they align with organisational goals. This information is openly published for transparency.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 5, - "positive": true - } - ] - } - ] - }, - { - "name": "Strategic oversight", - "activities": [ - { - "title": "Open data strategy", - "statements": [ - { - "text": "The organisation has no strategy or policy with regards to open data.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Initial data releases are seen as R&D exercises or are driven by external influence", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Individual business units identify benefits of open data for their individual activities.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 2, - "positive": true - }, - { - "text": "Some parts of the organisation, such as project teams or specific departments, have their own open data strategy.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 2, - "positive": true - }, - { - "text": "The organisation has an open data strategy. This includes elements addressed in other activities, including data valuation, governance, standards, etc.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "There is clear responsibility and financial support for delivery of the open data strategy, at a senior management level. Ownership for key processes, such as data governance, is also well understood.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "The organisation has aligned delivery of open data policy and strategy with organisational objectives, and this clearly supports the wider digital/data/AI strategy as well.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "The organisation has set measurable targets for implementation of the strategy.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "Performance assessment of key executives is tied to delivery of the objectives laid out in the strategy.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "The organisation is using open data as a critical element of its overall organisational strategy.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "Metrics and goals are reviewed and adjusted over time, to continue to stretch the organisation and to ensure that open data goals are consistent with other goals.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 5, - "positive": true - } - ] + "name": "Customer Support and Engagement", + "activities": [ + { + "title": "Engagement and community building", + "questions": [ + { + "text": "How does the organisation engage with stakeholders and build a community around open data?", + "statements": [ + { + "text": "There is no systematic attempt to identify potential re-users, and communication with stakeholders is informal or absent.", + "associatedLevel": 1 + }, + { + "text": "Some teams engage with stakeholders on an ad-hoc basis, but information about re-users and stakeholders is siloed.", + "associatedLevel": 2 + }, + { + "text": "Stakeholders are regularly identified and mapped, and there is a process for engaging them across different data releases.", + "associatedLevel": 3 + }, + { + "text": "The organisation proactively seeks to engage stakeholders before and after data releases, using feedback to improve future publications.", + "associatedLevel": 4 + }, + { + "text": "There is a comprehensive stakeholder engagement strategy linked to organisational goals, and the organisation actively builds and nurtures an external community of re-users.", + "associatedLevel": 5 + } + ] + }, + { + "text": "How does the organisation prioritise and communicate its data releases?", + "statements": [ + { + "text": "Data releases are driven by short-term internal priorities with little communication to external stakeholders.", + "associatedLevel": 1 + }, + { + "text": "Some data releases are based on external demands, but there is no clear, coordinated process for prioritising publications.", + "associatedLevel": 2 + }, + { + "text": "Data releases are driven by re-user demand, with a process in place for stakeholders to request datasets.", + "associatedLevel": 3 + }, + { + "text": "The organisation's data release strategy is communicated clearly to stakeholders, with a repeatable process to guide engagement and publication.", + "associatedLevel": 4 + }, + { + "text": "Data release priorities are informed by continuous dialogue with the community, and the organisation monitors and adjusts its strategy based on feedback and impact assessments.", + "associatedLevel": 5 + } + ] + }, + { + "text": "How does the organisation collaborate with others to improve open data practices?", + "statements": [ + { + "text": "The organisation has little or no collaboration with other organisations regarding open data.", + "associatedLevel": 1 + }, + { + "text": "There is some ad-hoc collaboration with peer organisations within the same sector to share knowledge about open data.", + "associatedLevel": 2 + }, + { + "text": "The organisation is engaged in sector-wide efforts to improve open data practices and supports external initiatives reactively.", + "associatedLevel": 3 + }, + { + "text": "The organisation plays an active role in sector-level collaborations to advance open data practices, contributing proactively to cross-organisational efforts.", + "associatedLevel": 4 + }, + { + "text": "The organisation leads sector-level initiatives to advance open data, establishing best practices and fostering innovation through challenges, partnerships, and dedicated engagement groups.", + "associatedLevel": 5 + } + ] + } + ] + }, + { + "title": "Re-user support processes", + "questions": [ + { + "text": "How does the organisation support re-users of its data?", + "statements": [ + { + "text": "There is no formal support for re-users, and individuals must find their own ways to access help.", + "associatedLevel": 1 + }, + { + "text": "Some re-users can access ad-hoc support, but there are no centralised processes for providing help.", + "associatedLevel": 2 + }, + { + "text": "A central support team exists, and re-users are provided with clear contact points to seek help regarding datasets.", + "associatedLevel": 3 + }, + { + "text": "The organisation actively promotes its support offerings, providing clear expectations (e.g., response times) and fostering open communication through multiple channels (e.g., forums, social media).", + "associatedLevel": 4 + }, + { + "text": "The organisation measures the effectiveness of its support operations, ensuring re-users receive prompt responses and issues are addressed swiftly, using feedback to improve support processes.", + "associatedLevel": 5 + } + ] + }, + { + "text": "How does the organisation obtain feedback from re-users?", + "statements": [ + { + "text": "There is no systematic way to collect feedback from re-users, and issues are not actively monitored or addressed.", + "associatedLevel": 1 + }, + { + "text": "Individual teams collect feedback on an ad-hoc basis, but this is not shared or coordinated across the organisation.", + "associatedLevel": 2 + }, + { + "text": "Feedback is collected through formal channels, such as user forums, and there is a process for addressing issues that arise.", + "associatedLevel": 3 + }, + { + "text": "Re-users' feedback is routinely captured, analysed, and used to drive improvements in datasets and support processes.", + "associatedLevel": 4 + }, + { + "text": "Feedback collection is embedded into the organisation's processes, and the organisation routinely collaborates with re-users to enhance the quality and usefulness of its datasets and support services.", + "associatedLevel": 5 + } + ] + }, + { + "text": "How are re-user metrics monitored and used to improve data and support?", + "statements": [ + { + "text": "There is no monitoring of how re-users interact with datasets or the support process.", + "associatedLevel": 1 + }, + { + "text": "Some metrics are collected, but these are sporadic and focus on a limited number of datasets.", + "associatedLevel": 2 + }, + { + "text": "Metrics on re-user interactions are collected routinely, and they are analysed to inform improvements in data publication and user support.", + "associatedLevel": 3 + }, + { + "text": "Metrics are captured in an automated and structured way, providing insights into the impact of datasets and the efficiency of support operations.", + "associatedLevel": 4 + }, + { + "text": "Re-user metrics are continuously monitored, with insights driving strategic improvements in both data quality and user support services. Feedback loops ensure ongoing optimisation of the process.", + "associatedLevel": 5 + } + ] + } + ] + }, + { + "title": "Open data documentation", + "questions": [ + { + "text": "What level of documentation is provided with published datasets?", + "statements": [ + { + "text": "Datasets are released with little or no supporting documentation.", + "associatedLevel": 1 + }, + { + "text": "The level of documentation provided is inconsistent and depends on individual efforts.", + "associatedLevel": 2 + }, + { + "text": "A standard set of documentation and metadata is defined, but it is only applied to some datasets, typically high-value ones.", + "associatedLevel": 3 + }, + { + "text": "All datasets are released with a standard set of supporting documentation and metadata using established templates.", + "associatedLevel": 4 + }, + { + "text": "The organisation routinely provides comprehensive documentation and high-quality metadata for all datasets.", + "associatedLevel": 5 + } + ] + }, + { + "text": "How does the organisation ensure the quality and consistency of documentation?", + "statements": + [ + { + "text": "There are no established processes to ensure the quality or consistency of documentation across datasets.", + "associatedLevel": 1 + }, + { + "text": "Some teams have started using templates or guidelines to create documentation, but these are applied inconsistently.", + "associatedLevel": 2 + }, + { + "text": "The organisation has developed a standard approach for documentation, but not all datasets conform to these standards.", + "associatedLevel": 3 + }, + { + "text": "All datasets conform to an established documentation process, and this process is integrated into the data publishing workflow.", + "associatedLevel": 4 + }, + { + "text": "Supporting documentation and metadata creation are fully integrated into the publishing process and regularly reviewed for consistency.", + "associatedLevel": 5 + } + ] + }, + { + "text": "How does the organisation gather feedback on documentation from re-users?", + "statements": + [ + { + "text": "There is no formal process for gathering feedback on documentation from re-users.", + "associatedLevel": 1 + }, + { + "text": "Some re-users provide feedback informally, but there is no systematic approach to gathering or addressing their input.", + "associatedLevel": 2 + }, + { + "text": "A formal process is in place for re-users to provide feedback on documentation, and this is occasionally used to make improvements.", + "associatedLevel": 3 + }, + { + "text": "The organisation actively seeks feedback from re-users on documentation, and improvements are regularly made based on their input.", + "associatedLevel": 4 + }, + { + "text": "Re-users are encouraged to contribute to the improvement of documentation, and the organisation promotes the use of third-party resources and tools to supplement its documentation.", + "associatedLevel": 5 + } + ] + } + ] + } + ] }, { - "title": "Asset catalogue", - "statements": [ - { - "text": "There is no methodical approach to managing data sources as assets.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "Individual teams or projects maintain separate directories of data assets and data resources that they use.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 2, - "positive": true - }, - { - "text": "An organisation wide data asset catalogue has been developed to identify key datasets being published and used.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "All of the organisation's high-value datasets are in the catalogue.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Elements of the catalogue are publicly availble as open data and include unreleased datasets. ", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "All datasets published or used by the organisation are entered into the asset catalogue, not just those deemed to be of high value.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "New projects/products attempt to re-use datasets referenced in the catalogue, rather than creating new assets.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "The organisation strives for cost and efficiency savings by identifying overlaps and commonalities between datasets, and either aligning or replacing them as necessary.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 5, - "positive": true - } - ] + "name": "Investment and Financial Performance", + "activities": [ + { + "title": "Financial oversight and procurement", + "questions": [ + { + "text": "How is funding managed for open data publication and its lifecycle?", + "statements": [ + { + "text": "Data releases are unfunded and handled as exceptional, unplanned expenditure.", + "associatedLevel": 1 + }, + { + "text": "Individual projects include open data publication costs as part of their specific project budget, without considering longer-term costs.", + "associatedLevel": 2 + }, + { + "text": "Project funding includes long-term costs for open data publication, and responsibility for these costs is explicitly assigned to roles within the organisation.", + "associatedLevel": 3 + }, + { + "text": "The organisation actively monitors the financial costs and benefits of open data publication as part of ongoing data governance processes.", + "associatedLevel": 4 + }, + { + "text": "The organisation seeks efficiency savings and sustainability strategies in open data publication, optimising data management and reducing licensing overheads where possible.", + "associatedLevel": 5 + } + ] + }, + { + "text": "How does the organisation ensure long-term sustainability in open data publication and management?", + "statements": [ + { + "text": "There is no long-term sustainability plan for the ongoing management of published open data.", + "associatedLevel": 1 + }, + { + "text": "Open data is managed through short-term project funding without considering its long-term lifecycle.", + "associatedLevel": 2 + }, + { + "text": "The organisation has a sustainability plan that includes budgeting for ongoing updates and management of key datasets.", + "associatedLevel": 3 + }, + { + "text": "Sustainability planning is integrated into the organisation's data governance, ensuring consistent funding and updates for high-value datasets.", + "associatedLevel": 4 + }, + { + "text": "The organisation actively seeks external partnerships or additional funding streams to ensure the long-term sustainability of open data.", + "associatedLevel": 5 + } + ] + }, + { + "text": "How does the organisation address open data in procurement processes and contracts?", + "statements": [ + { + "text": "Procurement processes and contracts do not address data supply, licensing, or re-use.", + "associatedLevel": 1 + }, + { + "text": "The organisation seeks clarity around data rights retrospectively when it comes to procurement, in order to drive more open data adoption.", + "associatedLevel": 2 + }, + { + "text": "Some procurement activities and contracts are tailored to address open data licensing and re-use, depending on project needs.", + "associatedLevel": 3 + }, + { + "text": "The organisation includes standard clauses in contracts and procurement activities to ensure clarity around data rights and re-use.", + "associatedLevel": 4 + }, + { + "text": "All procurement processes and contracts include explicit reference to open data rights and re-use where applicable, and these are standard across all projects.", + "associatedLevel": 5 + } + ] + }, + { + "text": "How does the organisation manage its rights to release and re-use data from contracts or partnerships?", + "statements": [ + { + "text": "The organisation is unaware of its rights to release or re-use data resulting from contracts or partnerships.", + "associatedLevel": 1 + }, + { + "text": "The organisation is beginning to clarify its rights to release data retrospectively, but this is done on a project-by-project basis.", + "associatedLevel": 2 + }, + { + "text": "Clear processes are in place to ensure the organisation understands its rights to release and re-use data from contracts and partnerships.", + "associatedLevel": 3 + }, + { + "text": "The organisation has an established process for ensuring that rights to release and re-use data are clear in all contracts and partnerships.", + "associatedLevel": 4 + }, + { + "text": "Rights management for open data is fully integrated into all procurement and partnership processes, ensuring clarity from the outset for all contracts.", + "associatedLevel": 5 + } + ] + } + ] + }, + { + "title": "Understanding the value of open data", + "questions": [ + { + "text": "How does the organisation quantify the value of its open data?", + "statements": [ + { + "text": "No attempt is made to quantify the value of published or re-used datasets.", + "associatedLevel": 1 + }, + { + "text": "The organisation carries out some qualitative reporting on the value of datasets, but it is largely described in general terms without standardisation.", + "associatedLevel": 2 + }, + { + "text": "Valuation of datasets is done retrospectively, and the organisation uses qualitative methods across themes such as economic, social, and environmental benefits.", + "associatedLevel": 3 + }, + { + "text": "The organisation has adopted a standardised approach for describing the value of its datasets, including quantitative methods for measuring ROI.", + "associatedLevel": 4 + }, + { + "text": "All datasets are consistently valued using standard methods, with the valuation used to guide strategic investment decisions.", + "associatedLevel": 5 + } + ] + }, + { + "text": "How is the value of open data communicated to stakeholders and re-users?", + "statements": [ + { + "text": "There is no communication or reporting on the value of open data to internal or external stakeholders.", + "associatedLevel": 1 + }, + { + "text": "Some general benefits of open data are communicated through qualitative reports, but there are no clear actionable insights.", + "associatedLevel": 2 + }, + { + "text": "Periodic reports are shared on the value of open data, often with specific use cases or examples of re-use, demonstrating the value retrospectively.", + "associatedLevel": 3 + }, + { + "text": "The organisation regularly publishes detailed reports on the value of its open data, including case studies, known re-uses, and stakeholder feedback.", + "associatedLevel": 4 + }, + { + "text": "Reports are strategic and transparent, guiding future data releases and aligning with stakeholder needs. Feedback loops are established for ongoing improvement.", + "associatedLevel": 5 + } + ] + } + ] + } + ] }, { - "title": "Responsible data stewardship approach", - "statements": [ - { - "text": "There is little to no understanding of the concept of data stewardship.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 1, - "positive": false - }, - { - "text": "There are defined responsibilities in the organisation around data stewardship, including collecting, using and sharing data. There may also be a specific job role for these tasks.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 2, - "positive": true - }, - { - "text": "The organisation has a clear, public identity as a steward of data, with committed actions and responsibilities as to how that manifests in reality.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "Actions and responsibilities include publishing open data, securely sharing sensitive data and building and maintaining data infrastructure.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 3, - "positive": true - }, - { - "text": "There is a stated approach to data stewardship that includes an iterative, systemic process of ensuring that data is collected, used and shared for public benefit, while mitigating the ways that data can produce harm, and addressing how it can redress structural inequalities.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 4, - "positive": true - }, - { - "text": "The organisation demonstrates clear leadership in responsible data stewardship, with a proven, public track record.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "There are case studies with verified impact reports that demonstrate responsible data stewardship.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 5, - "positive": true - }, - { - "text": "The organisation continues to drive and improve definitions of responsible data stewardship, and supports other organisations in their journey.", - "context": "", - "tags": [ - "Publication & re-use" - ], - "associatedLevel": 5, - "positive": true - } - ] + "name": "Strategic oversight", + "activities": [ + { + "title": "Open data strategy", + "questions": [ + { + "text": "Does the organisation have a defined open data strategy?", + "statements": [ + { + "text": "The organisation has no strategy or policy with regards to open data.", + "associatedLevel": 1 + }, + { + "text": "Open data initiatives are viewed as experimental or driven by external factors, without a formal strategy.", + "associatedLevel": 2 + }, + { + "text": "The organisation has a documented open data strategy that addresses key areas such as governance, data management, and open data publishing.", + "associatedLevel": 3 + }, + { + "text": "The organisation has an open data strategy that is aligned with wider organisational goals and is supported by measurable targets for implementation.", + "associatedLevel": 4 + }, + { + "text": "Open data is a critical component of the organisation’s overall strategy, and it is continuously reviewed to ensure alignment with evolving goals.", + "associatedLevel": 5 + } + ] + }, + { + "text": "Who is responsible for delivering the open data strategy?", + "statements": [ + { + "text": "There is no clear ownership or accountability for open data within the organisation.", + "associatedLevel": 1 + }, + { + "text": "Some parts of the organisation, such as project teams or departments, have developed their own strategies for open data.", + "associatedLevel": 2 + }, + { + "text": "Responsibility for the open data strategy is assigned at the senior management level, and ownership for data processes is well-defined.", + "associatedLevel": 3 + }, + { + "text": "Senior management is fully engaged, and performance assessment of key executives is tied to the delivery of the open data strategy.", + "associatedLevel": 4 + }, + { + "text": "There is broad organisational ownership of the open data strategy, with clear roles and responsibilities for its ongoing evolution and delivery.", + "associatedLevel": 5 + } + ] + }, + { + "text": "How does the organisation measure the impact and alignment of the open data strategy?", + "statements": [ + { + "text": "There are no formal metrics or goals associated with the open data strategy.", + "associatedLevel": 1 + }, + { + "text": "Some benefits of open data are identified, but there are no clear metrics for measuring its impact.", + "associatedLevel": 2 + }, + { + "text": "Measurable targets are set for the implementation of the open data strategy, with regular reviews of progress.", + "associatedLevel": 3 + }, + { + "text": "The organisation tracks the performance of the open data strategy through defined metrics that are aligned with organisational objectives.", + "associatedLevel": 4 + }, + { + "text": "Metrics and goals are regularly reviewed and updated, ensuring alignment with organisational priorities and driving continuous improvement.", + "associatedLevel": 5 + } + ] + } + ] + }, + { + "title": "Asset catalogue", + "questions": [ + { + "text": "How is the organisation's asset catalogue created and maintained?", + "statements": [ + { + "text": "There is no systematic approach to managing data sources as assets, and no asset catalogue exists.", + "associatedLevel": 1 + }, + { + "text": "Individual teams or projects maintain separate directories of the data assets they use, but there is no central coordination.", + "associatedLevel": 2 + }, + { + "text": "An organisation-wide data asset catalogue has been developed to identify key datasets being published and used.", + "associatedLevel": 3 + }, + { + "text": "The catalogue is kept up to date and includes all high-value datasets across the organisation.", + "associatedLevel": 4 + }, + { + "text": "The organisation has an exhaustive asset catalogue that includes all datasets, not just high-value ones, and it is routinely maintained.", + "associatedLevel": 5 + } + ] + }, + { + "text": "How comprehensive is the asset catalogue and how is it managed?", + "statements": [ + { + "text": "There is no formal method for managing or updating the catalogue.", + "associatedLevel": 1 + }, + { + "text": "Some teams or departments manage their own catalogues, but there is limited coordination or formal process for updating them.", + "associatedLevel": 2 + }, + { + "text": "The organisation's high-value datasets are included in the catalogue, but there are gaps in comprehensiveness or coordination across departments.", + "associatedLevel": 3 + }, + { + "text": "The catalogue includes all datasets that are used or published by the organisation, and there is a formal process in place for ensuring it is regularly updated.", + "associatedLevel": 4 + }, + { + "text": "The asset catalogue is managed comprehensively, and its upkeep is fully integrated into the organisation's data management strategy, with clear accountability.", + "associatedLevel": 5 + } + ] + }, + { + "text": "How is the asset catalogue used and applied within the organisation?", + "statements": [ + { + "text": "The asset catalogue, if it exists, is not used to inform decision-making or project planning.", + "associatedLevel": 1 + }, + { + "text": "Some teams make use of the asset catalogue to avoid duplicating datasets, but its application is inconsistent across the organisation.", + "associatedLevel": 2 + }, + { + "text": "New projects and products attempt to reuse datasets referenced in the catalogue to prevent unnecessary duplication.", + "associatedLevel": 3 + }, + { + "text": "The catalogue is a critical resource for project planning, and the organisation strives for efficiency by reusing existing datasets whenever possible.", + "associatedLevel": 4 + }, + { + "text": "The organisation actively identifies overlaps and commonalities between datasets in the catalogue, achieving cost and efficiency savings by aligning or consolidating datasets.", + "associatedLevel": 5 + } + ] + }, + { + "text": "Is the asset catalogue shared externally, and how is it used to improve transparency?", + "statements": [ + { + "text": "There is no publicly available asset catalogue, and no external transparency around the organisation’s data holdings.", + "associatedLevel": 1 + }, + { + "text": "Some information about data assets is shared externally, but it is sporadic and incomplete.", + "associatedLevel": 2 + }, + { + "text": "Elements of the organisation's asset catalogue are publicly available as open data, providing transparency into key datasets.", + "associatedLevel": 3 + }, + { + "text": "The asset catalogue is regularly published and includes details about datasets that have not yet been released to help external users understand upcoming resources.", + "associatedLevel": 4 + }, + { + "text": "The organisation publishes its entire asset catalogue, including metadata and descriptions, and actively engages with external stakeholders to improve the quality and relevance of the datasets it holds.", + "associatedLevel": 5 + } + ] + } + ] + }, + { + "title": "Responsible data stewardship", + "questions": [ + { + "text": "How well does the organisation understand and assign responsibilities for data stewardship?", + "statements": [ + { + "text": "There is little to no understanding of the concept of data stewardship, and responsibilities are undefined.", + "associatedLevel": 1 + }, + { + "text": "There are defined responsibilities around data stewardship, including collecting, using, and sharing data. A specific job role may exist for these tasks.", + "associatedLevel": 2 + }, + { + "text": "The organisation has a clear, public identity as a steward of data, with committed responsibilities for data collection, sharing, and use.", + "associatedLevel": 3 + }, + { + "text": "Data stewardship responsibilities include publishing open data, securely sharing sensitive data, and building and maintaining data infrastructure.", + "associatedLevel": 4 + }, + { + "text": "The organisation has a system in place for continually assessing data stewardship responsibilities, ensuring data is used for public benefit and mitigating harm.", + "associatedLevel": 5 + } + ] + }, + { + "text": "How does the organisation demonstrate and improve its commitment to responsible data stewardship?", + "statements": [ + { + "text": "There is no public commitment or action plan regarding responsible data stewardship.", + "associatedLevel": 1 + }, + { + "text": "Some public actions are taken to demonstrate responsible data stewardship, but these are limited to basic compliance with regulations.", + "associatedLevel": 2 + }, + { + "text": "The organisation demonstrates a clear, public commitment to responsible data stewardship, with ongoing actions and responsibilities.", + "associatedLevel": 3 + }, + { + "text": "The organisation adopts a systemic, iterative process to ensure data is used ethically, addressing public benefit and structural inequalities.", + "associatedLevel": 4 + }, + { + "text": "The organisation shows leadership in responsible data stewardship, with a proven public track record, and actively helps other organisations on their stewardship journey.", + "associatedLevel": 5 + } + ] + } + ] + } + ] } - ] - } - ] + ] } \ No newline at end of file diff --git a/private/css/project.css b/private/css/project.css index 136b976..06d6598 100644 --- a/private/css/project.css +++ b/private/css/project.css @@ -209,12 +209,15 @@ div.level-5, padding-top: 1em; } .question-container textarea { - width: 100%; + width: 95%; border: 1px solid var(--grey); font-family: inherit; font-size: inherit; background-color: white !important; color: inherit !important; + margin: 1em; + min-height: 20px; + height: 60px; } .question-container button.selected:hover { color: white !important; @@ -345,35 +348,13 @@ div.level-5, .statement-container { position: relative; margin: 10px; -} -.statement-bubble { - padding: 10px 15px; - background-color: #f0f0f0; - display: inline-block; cursor: pointer; - transition: background-color 0.3s; } -.statement-bubble.positive-true.true-selected { +.statement-container.selected { background-color: #ceeed5; } -.statement-bubble.positive-false.true-selected { - background-color: #facdd1; -} -.statement-bubble.positive-true.false-selected { - background-color: #facdd1; -} -.statement-bubble.positive-false.false-selected { - background-color: #ceeed5; -} -.statement-bubble.true-selected .true-button{ - background-color: var(--blue) !important; - color: white; -} -.statement-bubble.false-selected .false-button { - background-color: var(--blue) !important; - color: white; -} + /* Modal styles */ .modal { @@ -575,6 +556,11 @@ section.dimension-details { .project-report table .dimension-row .dimension-name span { font-size: 1.3em; } +.project-report .question-notes { + text-align: center; + margin: 1em; + +} .dimension-heatmap, .activity-heatmap { width: 80%; margin-left: auto; @@ -593,7 +579,8 @@ span.level { margin-top: 2em; } .project-report .questions-table { - width: 80%; + width: 98%; + margin-top: 2em; margin-left: auto; margin-right: auto; border-collapse: collapse; /* Ensures borders don't double up */ diff --git a/private/js/edit-project.js b/private/js/edit-project.js index 0de48af..2196f97 100644 --- a/private/js/edit-project.js +++ b/private/js/edit-project.js @@ -67,95 +67,91 @@ function createAssessmentTable(dimension, levelKeys) { activityHeading.innerHTML = dimension.name + " / " + activity.title || "Dimension > Activity"; activityContainer.appendChild(activityHeading); - const table = document.createElement('table'); - const header = table.insertRow(); - - levelKeys.forEach((level, index) => { - const th = document.createElement('th'); - const levelIndex = index + 1; - th.textContent = levelIndex + ": " + level; - th.className = "level-" + (index + 1); - header.appendChild(th); - }); + // Iterate over questions in each activity + activity.questions.forEach(question => { + const questionContainer = document.createElement('div'); + questionContainer.className = 'question-container'; + questionContainer.setAttribute('data-question', question.text); // Add unique identifier + + // Display the question text and context above the table + const questionTitle = document.createElement('h3'); + questionTitle.textContent = question.text; + questionContainer.appendChild(questionTitle); + + if (question.context) { + const questionContext = document.createElement('p'); + questionContext.textContent = question.context; + questionContainer.appendChild(questionContext); + } - const row = table.insertRow(); + // Create table for each question + const table = document.createElement('table'); + const header = table.insertRow(); - // Initialize cells for each level - const levelCells = {}; - levelKeys.forEach((level, index) => { - levelCells[index + 1] = row.insertCell(); - }); + // Add levels as headers + levelKeys.forEach((level, index) => { + const th = document.createElement('th'); + th.textContent = (index + 1) + ": " + level; + th.className = "level-" + (index + 1); + header.appendChild(th); + }); - activity.statements.forEach(statement => { - const cell = levelCells[statement.associatedLevel]; - - const statementContainer = document.createElement('div'); - statementContainer.className = 'statement-container'; - statementContainer.classList.add("level-" + statement.associatedLevel); - - const bubble = document.createElement('div'); - bubble.className = 'statement-bubble positive-' + statement.positive; - - const statementSpan = document.createElement('span'); - statementSpan.className = 'statement'; - statementSpan.textContent = statement.text; - bubble.appendChild(statementSpan); - - const notesIcon = document.createElement('img'); - notesIcon.className = 'notes-icon'; - notesIcon.style.display = 'none'; - notesIcon.src = '/images/notes-icon.svg'; - notesIcon.alt = 'Notes Icon'; - bubble.appendChild(notesIcon); - - const buttonContainer = document.createElement('div'); - buttonContainer.className = 'button-container'; - bubble.appendChild(buttonContainer); - - // True/False buttons that appear on hover or tap - const trueButton = document.createElement('button'); - trueButton.textContent = 'True'; - trueButton.className = 'true-button'; - trueButton.onclick = (event) => { - event.stopPropagation(); - handleStatementSelection(statement, true, dimension, activity); // Pass dimension and activity - }; - - const falseButton = document.createElement('button'); - falseButton.textContent = 'False'; - falseButton.className = 'false-button'; - falseButton.onclick = (event) => { - event.stopPropagation(); - handleStatementSelection(statement, false, dimension, activity); // Pass dimension and activity - }; - - buttonContainer.appendChild(trueButton); - buttonContainer.appendChild(falseButton); - - bubble.addEventListener('click', () => openStatementModal(statement, notesIcon, dimension, activity)); - - // Restore user answer and notes if they exist - if (statement.userAnswer) { - if (statement.userAnswer.answer) { - bubble.classList.add('true-selected'); - } else { - bubble.classList.add('false-selected'); + const row = table.insertRow(); + + // Initialize cells for each level + const levelCells = {}; + levelKeys.forEach((level, index) => { + levelCells[index + 1] = row.insertCell(); + }); + + // Add statements directly to the and apply selection logic + question.statements.forEach(statement => { + const cell = levelCells[statement.associatedLevel]; + cell.className = 'statement-container level-' + statement.associatedLevel; + + const statementSpan = document.createElement('span'); + statementSpan.className = 'statement'; + statementSpan.textContent = statement.text; + cell.appendChild(statementSpan); + + const notesIcon = document.createElement('img'); + notesIcon.className = 'notes-icon'; + notesIcon.src = '/images/notes-icon.svg'; + notesIcon.alt = 'Notes Icon'; + notesIcon.style.display = statement.userAnswer && statement.userAnswer.notes ? 'inline' : 'none'; + cell.appendChild(notesIcon); + + // Restore user-selected level + if (question.userAnswer && question.userAnswer.level === statement.associatedLevel) { + cell.classList.add('selected'); } - if (statement.userAnswer.notes) { - notesIcon.style.display = 'inline'; + + // Apply cleared class to levels below the selected level + if (question.userAnswer && question.userAnswer.level > statement.associatedLevel) { + cell.classList.add('cleared'); } - } - statementContainer.appendChild(bubble); - cell.appendChild(statementContainer); + // Add click event to to select the statement + cell.addEventListener('click', () => handleStatementSelection(question, statement.associatedLevel, dimension, activity)); + }); + + // Append the table to the question container + questionContainer.appendChild(table); + + // Add textarea for notes + const notesTextarea = document.createElement('textarea'); + notesTextarea.className = 'notes-textarea'; + notesTextarea.placeholder = 'Add notes here...'; + notesTextarea.value = question.userAnswer && question.userAnswer.notes ? question.userAnswer.notes : ''; + notesTextarea.addEventListener('input', (event) => { + question.userAnswer.notes = event.target.value; + }); + questionContainer.appendChild(notesTextarea); + + activityContainer.appendChild(questionContainer); }); - activityContainer.appendChild(table); container.appendChild(activityContainer); - - if (defaultActivity === "") { - defaultActivity = activityId; - } }); } @@ -216,39 +212,55 @@ function openStatementModal(statement, notesIcon, dimension, activity) { modal.style.display = 'block'; } - -function handleStatementSelection(statement, isTrue, dimension, activity) { - - statement.userAnswer = { - answer: isTrue, - notes: statement.userNotes || "" +function handleStatementSelection(question, selectedLevel, dimension, activity) { + // Update the userAnswer for the question with the selected level + question.userAnswer = { + level: selectedLevel, + text: question.statements[selectedLevel-1].text, + notes: question.userAnswer ? question.userAnswer.notes : "" }; - const bubbles = document.querySelectorAll('.statement-bubble'); - bubbles.forEach(bubble => { - const statementSpan = bubble.querySelector('.statement'); - if (statementSpan.textContent === statement.text) { - bubble.classList.toggle('true-selected', isTrue); - bubble.classList.toggle('false-selected', !isTrue); - } - }); + // Select only the statement cells within the relevant question table + const questionContainer = document.querySelector(`[data-question="${question.text}"]`); // Assuming each question container has a unique data attribute like data-question + + if (questionContainer) { + // Deselect all statement cells within this question and apply 'cleared' for levels below the selected one + const statementCells = questionContainer.querySelectorAll('.statement-container'); + statementCells.forEach(cell => { + const levelClass = cell.className.match(/level-(\d+)/); + + if (levelClass) { + const level = parseInt(levelClass[1]); + + if (level === selectedLevel) { + // Mark the selected statement cell + cell.classList.add('selected'); + cell.classList.remove('cleared'); + } else if (level < selectedLevel) { + // Apply cleared to levels below the selected one + cell.classList.add('cleared'); + cell.classList.remove('selected'); + } else { + // Remove any selection/clear state for levels above the selected one + cell.classList.remove('selected', 'cleared'); + } + } + }); + } // Update projectData with the user's selection in the context of the dimension and activity - updateProjectData(statement, dimension, activity); + updateProjectData(question, dimension, activity); - // Recalculate the completion percentage for the activity and update the pie + // Recalculate the completion percentage for the activity and update the progress pie const activityCompletion = calculateActivityCompletion(activity); - const dimensionPrefix = dimension.name.toLowerCase().replace(/\s+/g, '-'); const activityId = dimensionPrefix + "-" + activity.title.toLowerCase().replace(/\s+/g, '-'); - updateProgressPie(activityId, activityCompletion); // Trigger debounced save debouncedSaveProgress(projectData); } - function submitProjectForm(errors, values) { if (errors) { const errorsObj = JSON.stringify(errors); diff --git a/private/js/project2.js b/private/js/project2.js index db5a9b8..611f5ea 100644 --- a/private/js/project2.js +++ b/private/js/project2.js @@ -1,35 +1,38 @@ let projectData = {}; // This will store the current state of the project -function updateProjectData(statement, dimension, activity) { - +function updateProjectData(question, dimension, activity) { // Find the correct dimension and activity by their names const projectDimension = projectData.assessmentData.dimensions.find(d => d.name === dimension.name); const projectActivity = projectDimension.activities.find(a => a.title === activity.title); - // Find the corresponding statement - const projectStatement = projectActivity.statements.find(s => s.text === statement.text); + // Find the corresponding question + const projectQuestion = projectActivity.questions.find(q => q.text === question.text); - // Update the user answer for the statement - projectStatement.userAnswer = { - answer: statement.userAnswer.answer, - notes: statement.userAnswer.notes + // Update the user answer for the question with the selected level + projectQuestion.userAnswer = { + level: question.userAnswer.level, // Store the selected level + text: question.statements[question.userAnswer.level-1].text, // Store the statement text + notes: question.userAnswer.notes // Store any notes added for the question }; - // Update activity completion + // Update activity completion based on the selected level projectActivity.completionPercentage = calculateActivityCompletion(projectActivity); updateActivityProgress(projectActivity); - // Update dimension progress + // Update dimension progress based on the updated activity updateDimensionProgress(projectDimension); - // Calculate overall achieved level for the whole assessment + // Calculate the overall achieved level for the entire assessment const overallAchievedLevel = calculateOverallAchievedLevel(projectData.assessmentData.dimensions); projectData.assessmentData.overallAchievedLevel = overallAchievedLevel; - // Update overall completion metrics - const { activityCompletionPercentage, statementCompletionPercentage } = calculateOverallCompletion(projectData.assessmentData.dimensions); + // Update overall completion metrics (replace statementCompletionPercentage with questionCompletionPercentage) + const { activityCompletionPercentage, questionCompletionPercentage } = calculateOverallCompletion(projectData.assessmentData.dimensions); projectData.assessmentData.activityCompletionPercentage = activityCompletionPercentage; - projectData.assessmentData.statementCompletionPercentage = statementCompletionPercentage; + projectData.assessmentData.questionCompletionPercentage = questionCompletionPercentage; // Store question completion percentage + + // Trigger debounced save + debouncedSaveProgress(projectData); } function updateActivityProgress(activity) { @@ -44,90 +47,106 @@ function updateActivityProgress(activity) { } function updateDimensionProgress(dimension) { - const levelTotals = {}; - let maxAchievedLevel = 0; + const levelTotals = {}; // To track totals for each level across the dimension + let minAchievedLevel = null; // Track the lowest common achieved level across all activities - // Initialize levelTotals with zeros for each level + // Iterate through activities to calculate level coverage dimension.activities.forEach(activity => { - activity.statements.forEach(statement => { - const level = statement.associatedLevel; + // Get the level coverage for this activity based on the user's selected answers + const levelCoverage = calculateLevelCoverage(activity); + const achievedLevel = calculateAchievedLevel(levelCoverage); + + // Track the minimum achieved level (the lowest common level across all activities) + if (minAchievedLevel === null) { + minAchievedLevel = achievedLevel; + } else if (achievedLevel < minAchievedLevel) { + minAchievedLevel = achievedLevel; + } + + // Update the levelTotals for all levels (from 1 to 5) + for (let level = 1; level <= 5; level++) { if (!levelTotals[level]) { - levelTotals[level] = { total: 0, positive: 0 }; + levelTotals[level] = { total: 0, completed: 0 }; } - levelTotals[level].total += 1; - if (statement.userAnswer && statement.userAnswer.answer === statement.positive) { - levelTotals[level].positive += 1; - } - }); - // Track the maximum achieved level across activities - if (activity.userProgress && activity.userProgress.achievedLevel > maxAchievedLevel) { - maxAchievedLevel = activity.userProgress.achievedLevel; - } - }); + // For each level, accumulate totals for the entire dimension + levelTotals[level].total += activity.questions.length; + + // For levels above the achieved level, count how many questions are answered at this level or above - // Calculate the percentage of each level achieved across the dimension - const levelCoveragePercent = Object.keys(levelTotals).map(level => { - const { total, positive } = levelTotals[level]; - return { [level]: Math.round((positive / total) * 100) }; + activity.questions.forEach(question => { + if (question.userAnswer && question.userAnswer.level >= level) { + levelTotals[level].completed += 1; + } + }); + } }); - // Determine the dimension's achieved level - let dimensionAchievedLevel = 0; - for (const level in levelTotals) { - if (levelTotals[level].positive === levelTotals[level].total) { - dimensionAchievedLevel = parseInt(level); + // Calculate the percentage of each level completed across the dimension + const levelCoveragePercent = {}; + for (let level = 1; level <= 5; level++) { + // For levels below or equal to the achieved level, set completion to 100% + if (level <= minAchievedLevel) { + levelCoveragePercent[level] = 100; } else { - break; + // For levels above the achieved level, calculate the actual percentage of questions completed + const { total, completed } = levelTotals[level]; + levelCoveragePercent[level] = Math.round((completed / total) * 100); } } - // Update the dimension's userProgress in projectData + // Update the dimension's userProgress with the lowest common achieved level and level coverage percent dimension.userProgress = { - achievedLevel: dimensionAchievedLevel, - levelCoveragePercent: levelCoveragePercent + achievedLevel: minAchievedLevel, + levelCoveragePercent: levelCoveragePercent // Store as an object for better lookups }; return dimension.userProgress; } function calculateLevelCoverage(activity) { - const levelCoverage = []; - const totalStatementsByLevel = {}; - - // Initialize counters - activity.statements.forEach(statement => { - const level = statement.associatedLevel; - if (!totalStatementsByLevel[level]) { - totalStatementsByLevel[level] = { total: 0, positive: 0 }; - } - totalStatementsByLevel[level].total += 1; - if (statement.userAnswer && statement.userAnswer.answer === statement.positive) { - totalStatementsByLevel[level].positive += 1; + const levelCoverage = {}; + const totalQuestions = activity.questions.length; + + // Initialize coverage object for each level + activity.questions.forEach(question => { + const level = question.userAnswer?.level; + + if (level !== undefined) { + // Mark all levels up to and including the selected level as complete + for (let i = 1; i <= level; i++) { + if (!levelCoverage[i]) { + levelCoverage[i] = { total: 0, completed: 0 }; + } + // For each question, mark it complete for this level + levelCoverage[i].total = totalQuestions; + levelCoverage[i].completed += 1; + } } }); // Calculate coverage percentage for each level - for (const level in totalStatementsByLevel) { - const { total, positive } = totalStatementsByLevel[level]; - const levelProgress = Math.round((positive / total) * 100); - levelCoverage.push({ [level]: levelProgress }); + for (const level in levelCoverage) { + const { total, completed } = levelCoverage[level]; + const levelProgress = Math.round((completed / total) * 100); + levelCoverage[level] = levelProgress; // Store percentage directly } - return levelCoverage; + return levelCoverage; // Return as an object } function calculateAchievedLevel(levelCoverage) { let achievedLevel = 0; - for (const levelObj of levelCoverage) { - const level = parseInt(Object.keys(levelObj)[0]); - const coverage = levelObj[level]; + // Iterate over each level in the levelCoverage object + for (const level in levelCoverage) { + const coverage = levelCoverage[level]; + // If the coverage for the level is 100%, set it as the achieved level if (coverage === 100) { - achievedLevel = level; + achievedLevel = parseInt(level, 10); // Convert the level to an integer } else { - break; + break; // If coverage is less than 100%, stop iterating } } @@ -156,18 +175,24 @@ function calculateOverallAchievedLevel(dimensions) { } function calculateActivityCompletion(activity) { - const totalStatements = activity.statements.length; - const completedStatements = activity.statements.filter(statement => statement.userAnswer && statement.userAnswer.answer !== undefined).length; - return Math.round((completedStatements / totalStatements) * 100); + // Total number of questions in the activity + const totalQuestions = activity.questions.length; + + // Number of completed questions where the user has selected a level + const completedQuestions = activity.questions.filter(question => question.userAnswer && question.userAnswer.level !== undefined).length; + + // Calculate and return the completion percentage + return totalQuestions > 0 ? Math.round((completedQuestions / totalQuestions) * 100) : 0; } function calculateOverallCompletion(dimensions) { let totalActivities = 0; let completedActivities = 0; - let totalStatements = 0; - let completedStatements = 0; + let totalQuestions = 0; + let completedQuestions = 0; + // Iterate over dimensions and their activities dimensions.forEach(dimension => { dimension.activities.forEach(activity => { totalActivities += 1; @@ -176,18 +201,18 @@ function calculateOverallCompletion(dimensions) { completedActivities += 1; } - // Accumulate statement completion - totalStatements += activity.statements.length; - completedStatements += activity.statements.filter(statement => statement.userAnswer && statement.userAnswer.answer !== undefined).length; + // Accumulate question completion + totalQuestions += activity.questions.length; + completedQuestions += activity.questions.filter(question => question.userAnswer && question.userAnswer.level !== undefined).length; }); }); - const activityCompletionPercentage = Math.round((completedActivities / totalActivities) * 100); - const statementCompletionPercentage = Math.round((completedStatements / totalStatements) * 100); + const activityCompletionPercentage = totalActivities > 0 ? Math.round((completedActivities / totalActivities) * 100) : 0; + const questionCompletionPercentage = totalQuestions > 0 ? Math.round((completedQuestions / totalQuestions) * 100) : 0; return { activityCompletionPercentage, - statementCompletionPercentage + questionCompletionPercentage }; } @@ -227,6 +252,7 @@ async function saveProgress(projectData) { }); if (!response.ok) { + console.log(response); throw new Error('Failed to save progress'); } diff --git a/private/js/report.js b/private/js/report.js index 651aee0..96a32c1 100644 --- a/private/js/report.js +++ b/private/js/report.js @@ -36,19 +36,25 @@ function createReportTableRows(assessmentData, levelKeys) { const dimensionNameSpan = document.createElement('span'); dimensionNameSpan.textContent = dimension.name; dimensionCell.appendChild(dimensionNameSpan); + console.log(dimension.userProgress); // Add the percentage complete for each level in subsequent cells levelKeys.forEach((level, index) => { const levelCell = row.insertCell(); + if (dimension.userProgress && dimension.userProgress.levelCoveragePercent) { - const levelProgress = dimension.userProgress.levelCoveragePercent.find(obj => obj[index + 1]); - const percentage = levelProgress ? levelProgress[index + 1] : 0; - if (percentage > 99) { + // Access levelCoveragePercent using the level key directly + const levelProgress = dimension.userProgress.levelCoveragePercent[index + 1]; + console.log(levelProgress); + const percentage = levelProgress ? levelProgress : 0; + + if (percentage >= 100) { levelCell.textContent = "✔"; levelCell.classList.add('level-complete'); } else { - levelCell.textContent = percentage ? `${percentage}%` : '-'; + levelCell.textContent = percentage > 0 ? `${percentage}%` : '-'; } + if (percentage > 0) { changeCellOpacity(levelCell, percentage, "rgb(13,188,55)"); levelCell.classList.add('level-progress'); @@ -56,6 +62,7 @@ function createReportTableRows(assessmentData, levelKeys) { } else { levelCell.textContent = '-'; } + levelCell.classList.add("level-" + (index + 1)); }); @@ -73,17 +80,22 @@ function createReportTableRows(assessmentData, levelKeys) { // Add the percentage complete for each level in the subsequent cells for this activity levelKeys.forEach((level, index) => { const levelCell = activityRow.insertCell(); + if (activity.userProgress && activity.userProgress.levelCoveragePercent) { - const levelProgress = activity.userProgress.levelCoveragePercent.find(obj => obj[index + 1]); - const percentage = levelProgress ? levelProgress[index + 1] : 0; - levelCell.textContent = percentage ? `${percentage}%` : '-'; + // Access levelCoveragePercent using the level key directly + const levelProgress = activity.userProgress.levelCoveragePercent[index + 1]; + const percentage = levelProgress ? levelProgress : 0; + + levelCell.textContent = percentage > 0 ? `${percentage}%` : '-'; changeCellOpacity(levelCell, percentage, "rgb(13,188,55)"); } else { levelCell.textContent = '-'; } - levelCell.className = "level-" + (index + 1); + + levelCell.classList.add("level-" + (index + 1)); }); }); + }); } @@ -149,6 +161,7 @@ function createDimensionDetails(dimension, levelKeys, dimensionIndex) { section.appendChild(AIResponseParagraph); // Handle AI summary asynchronously + getAIDimensionSummary(dimension) .then(summary => { AIResponseParagraph.innerHTML = summary; @@ -223,6 +236,7 @@ function createActivityDetails(activity, dimensionName, levelKeys, dimensionInde createActivityQuestions(section, activity, levelKeys); // Handle AI summary asynchronously + if (levelName) { // Start the async task without awaiting it getAIActivitySummary(activity, dimensionName, levelKeys) @@ -239,98 +253,53 @@ function createActivityDetails(activity, dimensionName, levelKeys, dimensionInde } function createActivityQuestions(section, activity, levelKeys) { - const currentLevelQuestions = document.createElement('div'); - currentLevelQuestions.className = 'current-level-questions'; - currentLevelQuestions.innerHTML = '

Current state at achieved level

'; - - const nextLevelQuestions = document.createElement('div'); - nextLevelQuestions.className = 'next-level-questions'; - nextLevelQuestions.innerHTML = '

Progress towards next level

'; - - const higherLevelQuestions = document.createElement('div'); - higherLevelQuestions.className = 'higher-level-questions'; - higherLevelQuestions.innerHTML = '

Answers/Notes from higher levels

'; - - const createQuestionsTable = (questionsDiv, statements, includeLevel = false) => { - const table = document.createElement('table'); - table.className = 'questions-table'; - - const headerRow = table.insertRow(); - - // Adjust headers depending on whether the level column is included - headerRow.innerHTML = ` - ${includeLevel ? 'Level' : ''} - Question - Achieved - Notes - `; - - // Sort statements first by level, then by correct/incorrect/unanswered - const sortedStatements = statements.sort((a, b) => { - // Sort by associated level first - if (a.associatedLevel !== b.associatedLevel) { - return a.associatedLevel - b.associatedLevel; - } - - // Sort by whether the question is answered - const aAnswered = a.userAnswer ? 1 : 0; - const bAnswered = b.userAnswer ? 1 : 0; - if (aAnswered !== bAnswered) return bAnswered - aAnswered; - - // Sort by whether the answer is correct - const aCorrect = a.userAnswer && a.userAnswer.answer === a.positive; - const bCorrect = b.userAnswer && b.userAnswer.answer === b.positive; - if (aCorrect !== bCorrect) return bCorrect - aCorrect; - - return 0; - }); - - // Create table rows for each statement - sortedStatements.forEach(statement => { - const row = table.insertRow(); + // Create the table for all questions + const table = document.createElement('table'); + table.className = 'questions-table'; - // Add level column if required - if (includeLevel) { - const levelCell = row.insertCell(); - const levelName = levelKeys[statement.associatedLevel - 1]; - levelCell.textContent = levelName; - levelCell.className = `level level-${statement.associatedLevel}`; - } + // Create the header row + const headerRow = table.insertRow(); + headerRow.innerHTML = ` + Question + Answer + Level + Notes + `; + + // Function to add a row for each question + const createQuestionRow = (question) => { + const row = table.insertRow(); - const questionCell = row.insertCell(); - questionCell.textContent = statement.text; + // Add question column + const questionCell = row.insertCell(); + questionCell.textContent = question.text; - const answerCell = row.insertCell(); - if (!statement.userAnswer) { - answerCell.textContent = '-'; - } else if (statement.userAnswer.answer === statement.positive) { - answerCell.innerHTML = `${statement.positive === false ? '
(FALSE)' : ''}`; - } else { - answerCell.innerHTML = ''; - } + // Add answer column + const answerCell = row.insertCell(); + if (!question.userAnswer || question.userAnswer.text === undefined) { + answerCell.textContent = 'No Answer'; + } else { + answerCell.textContent = question.userAnswer.text; + } - const notesCell = row.insertCell(); - notesCell.textContent = statement.userAnswer && statement.userAnswer.notes ? statement.userAnswer.notes : '-'; - }); + // Add level column + const levelCell = row.insertCell(); + const levelName = levelKeys[question.userAnswer?.level - 1] || 'No Level'; + levelCell.textContent = levelName; + levelCell.className = `level level-${question.userAnswer?.level || 'none'}`; - questionsDiv.appendChild(table); + // Add notes column + const notesCell = row.insertCell(); + notesCell.textContent = question.userAnswer?.notes || '-'; }; + // Iterate through the questions in the activity and add rows + activity.questions.forEach(question => { + createQuestionRow(question); + }); - const currentLevelStatements = activity.statements.filter(statement => statement.associatedLevel === activity.userProgress.achievedLevel); - const nextLevelStatements = activity.statements.filter(statement => statement.associatedLevel === activity.userProgress.achievedLevel + 1); - const higherLevelStatements = activity.statements.filter(statement => - statement.associatedLevel > (activity.userProgress.achievedLevel + 1) && - (statement.userAnswer && (statement.userAnswer.answer !== undefined || statement.userAnswer.notes)) - ); - - createQuestionsTable(currentLevelQuestions, currentLevelStatements, true); - createQuestionsTable(nextLevelQuestions, nextLevelStatements, true); - createQuestionsTable(higherLevelQuestions, higherLevelStatements, true); // Include level column - - section.appendChild(currentLevelQuestions); - section.appendChild(nextLevelQuestions); - section.appendChild(higherLevelQuestions); + // Append the questions container to the section + section.appendChild(table); } function createExecutiveSummary() { @@ -355,8 +324,10 @@ function createExecutiveSummary() { } function createHeatmap(container, data, levelKeys) { - // Implement the logic to create a heatmap for the dimension or activity + // Create the table element const table = document.createElement('table'); + + // Create the header row with level keys const headerRow = table.insertRow(); levelKeys.forEach((level, index) => { const th = document.createElement('th'); @@ -365,25 +336,31 @@ function createHeatmap(container, data, levelKeys) { headerRow.appendChild(th); }); - + // Create the data row to show the heatmap for the levels const dataRow = table.insertRow(); levelKeys.forEach((level, index) => { const td = dataRow.insertCell(); - const levelProgress = data.userProgress.levelCoveragePercent.find(obj => obj[index + 1]); - const percentage = levelProgress ? levelProgress[index + 1] : 0; - if (percentage > 99) { + + // Access levelCoveragePercent using the level key directly + const levelProgress = data.userProgress.levelCoveragePercent[index + 1]; + const percentage = levelProgress ? levelProgress : 0; + + // Display a checkmark if the percentage is 100% + if (percentage >= 100) { td.textContent = "✔"; td.classList.add('level-complete'); } else { - td.textContent = percentage ? `${percentage}%` : '-'; + td.textContent = percentage > 0 ? `${percentage}%` : '-'; } + + // Apply progress styling if percentage is greater than 0 if (percentage > 0) { td.classList.add('level-progress'); changeCellOpacity(td, percentage, "rgb(13,188,55)"); } - }); + // Append the table to the container container.appendChild(table); } @@ -413,15 +390,15 @@ function createOverallMaturitySection(assessmentData, levelKeys) { activityCompletion.textContent = `Activity Completion: ${assessmentData.activityCompletionPercentage}%`; activityCompletion.className = 'activity-completion'; - // Statement Completion Percentage - const statementCompletion = document.createElement('p'); - statementCompletion.textContent = `Statement Completion: ${assessmentData.statementCompletionPercentage}%`; - statementCompletion.className = 'statement-completion'; + // Question Completion Percentage (replacing Statement Completion) + const questionCompletion = document.createElement('p'); + questionCompletion.textContent = `Question Completion: ${assessmentData.questionCompletionPercentage}%`; + questionCompletion.className = 'question-completion'; // Append elements to the section overallSection.appendChild(overallLevelContainer); overallSection.appendChild(activityCompletion); - overallSection.appendChild(statementCompletion); + overallSection.appendChild(questionCompletion); } function createTableOfContents(assessmentData) { diff --git a/routes/assistant.js b/routes/assistant.js index 93c217b..9622380 100644 --- a/routes/assistant.js +++ b/routes/assistant.js @@ -37,7 +37,7 @@ async function getAIReponse(prompt, tokens = responseTokens) { async function getAIActivitySummary(activity, dimensionName, levelKeys, assessmentTitle) { // 1. Generate the prompt const prompt = ` - A user has completed part of a ${assessmentTitle} for the section "${activity.title}" under the "${dimensionName}" part of the assessment. You can find the maturity assessment for just this section in JSON form below with the user answers. + A user has completed part of a ${assessmentTitle} for the section "${activity.title}" under the "${dimensionName}" part of the assessment. You can find the maturity assessment for just this section in JSON form below. Each activity has a number of question and associated statements a user can choose. The userAnswer object contains the level of the statement they chose as well as the text. ${JSON.stringify(activity, null, 2)} @@ -61,8 +61,8 @@ async function getOrGenerateActivitySummary(activity, dimensionName, levelKeys, return `It is not possible to make any recommendations for ${activity.title} as no questions have been answered.`; } - // 2. Generate the hash of the current user answers - const currentHash = generateHash(activity.statements.map(s => s.userAnswer)); + // 2. Generate the hash of the current user answers for questions + const currentHash = generateHash(activity.questions.map(q => q.userAnswer)); // 3. Check if the hash has changed if (activity.aiResponse && activity.aiResponse.hash === currentHash) { @@ -73,6 +73,12 @@ async function getOrGenerateActivitySummary(activity, dimensionName, levelKeys, // 4. If the hash has changed or there's no summary, generate a new one const summary = await getAIActivitySummary(activity, dimensionName, levelKeys, assessmentTitle); + // 5. Save the new summary and hash in the activity (optional, if you want to cache it) + activity.aiResponse = { + summary, + hash: currentHash + }; + // 6. Return the new summary return summary; } @@ -126,18 +132,21 @@ router.get('/:id/assistant/getActivitySummary', ensureAuthenticated, checkProjec const activityCopy = JSON.parse(JSON.stringify(activity)); // 6. Remove notes from userAnswer in the activityCopy - activityCopy.statements.forEach(statement => { - if (statement.userAnswer && statement.userAnswer.notes) { - delete statement.userAnswer.notes; + activityCopy.questions.forEach(question => { + if (question.userAnswer && question.userAnswer.notes) { + delete question.userAnswer.notes; } }); // 7. Use the getOrGenerateActivitySummary function with the modified activityCopy - const levelKeys = ["Initial", "Repeatable", "Defined", "Managed", "Optimising"]; + let levelKeys = ["Initial", "Repeatable", "Defined", "Managed", "Optimising"]; + if (assessmentData.levels) { + levelKeys = assessmentData.levels; + } const summary = await getOrGenerateActivitySummary(activityCopy, dimension.name, levelKeys, assessmentTitle); // 8. Generate hash for the current activity state - const activityHash = generateHash(activity.statements.map(s => s.userAnswer)); + const activityHash = generateHash(activity.questions.map(q => q.userAnswer)); // 9. Update the specific activity's aiResponse in the dimension const updateQuery = { @@ -204,7 +213,10 @@ router.get('/:id/assistant/getDimensionSummary', ensureAuthenticated, checkProje } // 4. Prepare the level keys - const levelKeys = ["Initial", "Repeatable", "Defined", "Managed", "Optimising"]; + let levelKeys = ["Initial", "Repeatable", "Defined", "Managed", "Optimising"]; + if (assessmentData.levels) { + levelKeys = assessmentData.levels; + } // 5. Gather AI Summaries for each activity in the dimension const activitySummaries = [];