Procurement Data
Plan
Source
Manage & Maintain
Decommission
Top 5 questions to ask
Strategic alignment: What business objectives are we aiming to achieve with this data asset? Data requirements: What types of data do we need to achieve these objectives? Security & regulatory compliance: How will we handle data privacy and protection in compliance with regulations? Data handling: What internal data management policies and processes are in place in our organisation and how will the usage of the (new) data be tracked and monitored? Ethical concerns: What potential ethical issues should we consider when sourcing and using this data for the purposes we will be using it for (e.g. representativeness)?
Data quality: Which vendors provide the highest quality and most relevant data for our needs, and do they provide any warranties regarding quality, accuracy and provenance? Usage rights: Are there any restrictions on the use of the data (e.g. prohibitions on redistribution, modification or integration with other data sets) and does the licence define how the data can be used and shared, including any attribution requirements? Regulatory and ethical concerns: How does the vendor ensure ethical collection of data and compliance with regulatory requirements, in particular intellectual property rights? Internal Data Security: How will the vendor ensure the protection and confidentiality of any internal organisational data that may be uploaded? What are the vendors rights to retain this data? Contractual clauses: What are your contractual obligations , including any confidentiality of the data or securing the data against unauthorised access?
Data reliability: How will we monitor data quality and accuracy over time to ensure that the AI system is producing reliable and comprehensive data outputs? Ongoing data management: What processes are in place for regular data updates and maintenance? Security: How will we handle data breaches or security incidents? Monitoring: How will we track data usage and compliance with policies, and document changes? Stakeholder management: How will we engage stakeholders in data governance and management practices?
Change management: What are the impacts of data decommissioning on current operations and stakeholders? Data retention: What are the regulatory requirements for data retention and deletion by our organisation and by the vendor? What are the implications for internal organisational data? Post-termination use: What happens to the data upon termination of the licence (e.g. return, destruction, continued use)? Data disposal: What is the process for securely disposing of or archiving data? Communication: How will the data decommissioning process be documented and communicated?
RAI considerations & Mitigation of inherent risk
Key principles Transparency - Ensuring understanding of data sources, purpose, and usage. Accountability - Assigning responsibility for data handling and compliance.
Key Principles Fairness - Ensuring the data is unbiased and representative. Security - Ensuring data protection from breaches and misuse.
Key principles Sustainability - Ensuring long-term data management practices. Inclusiveness - Involving diverse stakeholders in data governance.
Key principles Transparency - Clear communication and documentation of the process. Security - Ensuring data is disposed of securely to prevent unauthorised access.
Mitigation of inherent risk Complexity: High as a thorough understanding of business needs, data types, regulatory compliance, and ethical considerations is required. Impact: High as decisions made here set the foundation for the entire procurement process, affecting all subsequent phases.
Mitigation of inherent risk Complexity: Medium as it involves evaluating multiple vendors, assessing data privacy and security, and ensuring compatibility with existing systems. Impact: Medium as it influences the quality and reliability of the procured data, impacting operational efficiency and risk.
Mitigation of inherent risk Complexity: High as it requires ongoing monitoring of data quality, security, compliance, and stakeholder engagement. Impact: High as continuous management is crucial for maintaining data integrity and operational performance.
Mitigation of inherent risk Complexity: Medium as it involves secure data disposal, compliance with regulations, and stakeholder communication. Impact: Medium as it ensures that decommissioned data does not pose future risks, protecting the organisation from legal and security issues.
Key mitigants Risk Assessment to identify potential data risks and establish data risk mitigation strategies early. Stakeholder Engagement: Involve all relevant stakeholders to gather diverse data perspectives, ensure alignment with business objectives and understanding of the regulatory and ethical issues concerning the data.
Key mitigants Vendor Due Diligence. Contractual Safeguards, including clauses for data protection, performance guarantees, and compliance requirements. Pilot Testing to evaluate data quality and integration capabilities before full-scale implementation.
Key mitigants Monitoring to ensure data quality and compliance. Incident Response Plan to address data breaches and security incidents. Training and Awareness on data management practices and security protocols.
Key mitigants Secure Data Disposal to prevent unauthorised access. Documentation of the data decommissioning process and reporting to stakeholders. Negotiate parameters around data retention and usage rights.