You’ve been tasked with putting together a Test Data Privacy plan for your company, and it kicks in with a lot of questions. Where do you begin? What resources will you need? What applications do you start with? Where is the data located, and better yet, who owns it? You need to have a plan in place and take a phased approach to ensure nothing gets overlooked. Let’s take a look at the five phases that go into a Test Data Privacy project.
- Assessment Phase: The Assessment phase is where consultant(s) verify where the client is at in their data privacy conceptual understanding, spreadsheet analysis, security preparation and budget considerations. The goal is to obtain enough information to estimate the effort and cost required in order to perform a detailed Analysis of the in-scope application(s). This phase involves meetings with stake holders and project managers at the client site. The following questions need to be answered during this phase:
- Environments (mainframe and distributed)
- Volume of data
- Sensitivity of data
- Security/access to data
- Analysis Phase: The Analysis phase is the most critical phase in implementing the data privacy solution. Due to the complexity and variety of business applications within the organization, the Analysis phase of a disguise project is frequently the most time-consuming of the four phases. Locating and getting the correct test data is often difficult for developers and testers. The intricacy of finding and understanding the private and personal content of test data that needs to be desensitized is even greater. Understanding the data’s relationship with other files and databases that must be synchronized presents an even greater challenge for most developers and testers. This phase involves the creation of a DMA (data model analysis) document, which is an Excel spreadsheet that lists the layouts/schema; the fields/columns; the sensitive data to be fictionalized; the contact information for key technical personnel; and the location/names of all entities within the Source Data Environment.
- Design Phase: In the Design phase, the consultant will work closely with the client to create and document the definition and specification of procedures that will be used to obtain the source data, desensitize, disguise, or generate replacement data, as well as the specific details for populating the target test environment with the cleansed data. The steps involved in the Design phase include defining and documenting the following:
- Names of I/O files/databases/tables
- Detailed layouts
- Data Privacy Rules for masking data
- Develop Phase: The Develop phase is the process of using the documented information from the Design phase to build, test, validate, and refine data privacy compliance processes to quickly produce results while meeting the needs of each specific data disguise rule. This phase involves the actual coding of Data Privacy rules and the creation of JCL (Mainframe) or procedures (Distributed Systems) to test the fictionalization process.
- Delivery Phase: The Delivery phase is the implementation and execution of the data privacy project within the organization’s test cycles. By this time, the Analysis phase has been completed, the extract, disguise, and load strategies have been designed, developed, tested, and validated; and now the process can be deployed across the different test environments. The testing environment is completed using repeatable procedures. This phase also requires the completion of all training and documentation so the client is able to proceed independently for future projects.
The benefits that follow are smooth-running, effective tests. Quality and efficiency are better. Goals are achieved, and the enterprise is poised for success.