Управление информацией

Материал из PraxOS

Управление информацией -- практика, определяемая пунктом 6.3.6 Information Management Process из ISO 15288:2008.

Назначение практика управления информации -- обеспечить относящуюся к делу (relevant), своевременную, полную, правильную и, если требуется, конфиденциальную информацию назначенным сторонам в течении, и, если свойственно, то и после жизненного цикла системы.

Эта практика порождает, собирает, преобразует, удерживает, запрашивает, распространяет и уничтожает информацию. Она управляет назначенной информацие, включая техническую, проектную, организационную, контрактную и пользовательскую информацию.

Проверяемые в ISO 15288 результаты практик управления информацией

Как результат успешного использования практик управления информацией:

a) идентифицирована информация, которой нужно управлять

b) определены формы представления (representation) информации

c) информаия преобразуется и удаляется (disposed) по потребности

d) записывается статус информации

e) информация актуальна, полна и правильна

f) информация доступна назначенным сторонам

Что нужно делать

Требования для информационных единиц (information items, документации) суммированы в ISO/IEC 15289 Systems and software engineering — Content of systems and software life cycle process information products (Documentation) и там же приведено руководство по их разработке (Внимание! В версии ISO 15289:2006 адресуется версия ISO 15288:2002, поэтому требуется довольно много работы по их стыковке!).

a) Планирование управления информацией

1) Определить информационные объекты, которые будут управляться в течение жизненного цикла системы, и, согласно организационной политике, соглашениями или законодательству, поддерживаться в порядке (maintained) определенный период за его пределами.

2) Назначить уполномоченных и ответственности в отношении инициирования (origination), порождения (generation), съемки (capture), архивирования и удаления (disposal) информационных объектов (items of information).

3) Определить права, обязанности и обязательства (commitments) в отношении сохранения, передачи и доступа к информационным объектам.

<to be continued>

При этом должно уделяться внимание к законодательству по информации и данным, безопасности и приватности (privacy), например, собственности, контрактным ограничениям, правам доступа, интеллектуальной собственности и патентам. Где ограничения (restrictions) или ограничения (constraints) NOTE Due regard is paid to information and data legislation, security and privacy, e.g., ownership, agreement restrictions, rights of access, intellectual property and patents. Where restrictions or constraints apply, information is identified accordingly. Staff having knowledge of such items of information are informed of their obligations and responsibilities.

4) Define the content, semantics, formats and medium for the representation, retention, transmission and retrieval of information.

NOTE The information may originate and may terminate in any form (e.g., verbal, textual, graphical, numerical) and may be stored, processed, replicated and transmitted using any medium (e.g., electronic, printed, magnetic, optical). Pay due regard to organization constraints, e.g., infrastructure, inter-organizational communications, distributed project working. Relevant information storage, transformation, transmission and presentation standards and conventions are used according to policy, agreements and legislation constraints.

5) Define information maintenance actions.

NOTE This includes status reviews of stored information for integrity, validity and availability and any needs for replication or transformation to an alternative medium. Consider the need to either retain infrastructure as technology changes so that archived media can be read or the need to re-record archived media using newer technology.

b) Perform information management. This activity consists of the following tasks:

1) Obtain the identified items of information.

NOTE This may include generating the information or collecting it from appropriate sources.

2) Maintain information items and their storage records according to integrity, security and privacy requirements.

NOTE Record the status of information items, e.g., version description, record of distribution, security classification. Information should be legible and stored and retained in such a way that it is readily retrievable in facilities that provide a suitable environment, and that prevent damage, deterioration and loss.

3) Retrieve and distribute information to designated parties as required by agreed schedules or defined circumstances.

NOTE Information is provided to designated parties in an appropriate form.

4) Provide official documentation as required.

NOTE Examples of official documentation are certification, accreditation, license and assessment ratings.

5) Archive designated information, in accordance with the audit, knowledge retention, and project closure purposes.

NOTE Select the media, location and protection of the information in accordance with the specified storage and retrieval periods, and with organization policy, agreements and legislation. Ensure arrangements are in place to retain necessary documentation after project closure.

6) Dispose of unwanted, invalid or unverifiable information according to organization policy, and security and privacy requirements.

Фрагмент ISO/IEC 15288:2008

6.3.6 Information Management Process

6.3.6.1 Purpose

The purpose of the Information Management Process is to provide relevant, timely, complete, valid and, if required, confidential information to designated parties during and, as appropriate, after the system life cycle.

This process generates, collects, transforms, retains, retrieves, disseminates and disposes of information. It manages designated information, including technical, project, organizational, agreement and user information.

6.3.6.2 Outcomes

As a result of the successful implementation of the Information Management Process:

a) Information to be managed is identified.

b) The forms of the information representations are defined.

c) Information is transformed and disposed of as required.

d) The status of information is recorded.

e) Information is current, complete and valid.

f) Information is made available to designated parties.

6.3.6.3 Activities and tasks

The project shall implement the following activities and tasks in accordance with applicable organization policies and procedures with respect to the Information Management Process.

NOTE ISO/IEC 15289 summarizes requirements for information items (documentation) and provides guidance on their development.

a) Plan information management. This activity consists of the following tasks:

1) Define the items of information that will be managed during the system life cycle and, according to organizational policy, agreements, or legislation, maintained for a defined period beyond.

2) Designate authorities and responsibilities regarding the origination, generation, capture, archiving and disposal of items of information.

3) Define the rights, obligations and commitments regarding the retention of, transmission of and access to information items.

NOTE Due regard is paid to information and data legislation, security and privacy, e.g., ownership, agreement restrictions, rights of access, intellectual property and patents. Where restrictions or constraints apply, information is identified accordingly. Staff having knowledge of such items of information are informed of their obligations and responsibilities.

4) Define the content, semantics, formats and medium for the representation, retention, transmission and retrieval of information.

NOTE The information may originate and may terminate in any form (e.g., verbal, textual, graphical, numerical) and may be stored, processed, replicated and transmitted using any medium (e.g., electronic, printed, magnetic, optical). Pay due regard to organization constraints, e.g., infrastructure, inter-organizational communications, distributed project working. Relevant information storage, transformation, transmission and presentation standards and conventions are used according to policy, agreements and legislation constraints.

5) Define information maintenance actions.

NOTE This includes status reviews of stored information for integrity, validity and availability and any needs for replication or transformation to an alternative medium. Consider the need to either retain infrastructure as technology changes so that archived media can be read or the need to re-record archived media using newer technology.

b) Perform information management. This activity consists of the following tasks:

1) Obtain the identified items of information.

NOTE This may include generating the information or collecting it from appropriate sources.

2) Maintain information items and their storage records according to integrity, security and privacy requirements.

NOTE Record the status of information items, e.g., version description, record of distribution, security classification. Information should be legible and stored and retained in such a way that it is readily retrievable in facilities that provide a suitable environment, and that prevent damage, deterioration and loss.

3) Retrieve and distribute information to designated parties as required by agreed schedules or defined circumstances.

NOTE Information is provided to designated parties in an appropriate form.

4) Provide official documentation as required.

NOTE Examples of official documentation are certification, accreditation, license and assessment ratings.

5) Archive designated information, in accordance with the audit, knowledge retention, and project closure purposes.

NOTE Select the media, location and protection of the information in accordance with the specified storage and retrieval periods, and with organization policy, agreements and legislation. Ensure arrangements are in place to retain necessary documentation after project closure.

6) Dispose of unwanted, invalid or unverifiable information according to organization policy, and security and privacy requirements.