Utility Data Management BMPs v1.0
Here in California, the mention of BMPs (Best Management Practices) to any water utility practitioner brings a look of frustration, and perhaps fear. This may be due to the use of BMPs by the state to promote certain practices in water conservation, rate making, and more. This may explain why while attending a water utility data conference at Stanford a few weeks ago, a wholesale water engineer proposed the idea of Water Utility Data BMPs, and this got a chuckle from the audience.
This audience was filled with arguably the most progressive water utility operators in the state of California who clearly got the shivers when one attendee brought up BMPs. While BMPs that are attached to rewards or penalties may evoke skepticism, a set of working rules for how water utilities, or any utilities, should manage, handle, and govern data, is a good idea.
We can’t ignore the need to develop data management policies as the sheer volume of data at utilities is growing exponentially. New hardware such as as sensors and AMI, social media inputs, and more are creating tidal waves (let’s call it terabytes) of data! Moving to AMI alone creates 720 meter reads per customer, in 1 month! Data management governance exists within certain utilities, but there is no industry wide shared model here. With this, I decided to begin such as list, with the hopes that other water utility IT departments and managers will add or amend this list.
Here at Valor Water we integrate with dozens of utilities data systems, processing billions of meter reads a month for our clients. As such, we go to great lengths to ensure data privacy and data security protocols are adhered to at all times. Our business provides us a unique glimpse into the range of practices we see across various water utilities.
Here is a running start at Utility Data Management BMPs
Establish System of Record (S.O.R.) for your utility.
A system of record in the case of a utility is the authoritative data source for customer and billing data. It may be the Customer Information System (C.I.S.) or the Meter Data Management System (M.D.M.S.)
Stating it a bit differently, it is the data repository where the data objects (such as customer information) are maintained. This maintenance includes data creation, updating, modifying and deleting.
The S.O.R. is the data source that is used for audit or regulatory reporting purposes. Do you maintain 1 S.O.R. or are there multiple points of changing customer data?
Protect the S.O.R. for your utility.
Once you have a S.O.R., be sure it is highly secure and protected. This involves establishing authentication and access controls that only allow designated users to access the data, and creating a log tracking any modifications to the data, per authenticated user. It’s also a good practice to have a daily backup and to run virus and vulnerability scans on a regular basis
Maintain ownership and access rights to your utility’s data
This involves careful review of contracts with data-related vendors (such as MDMS and CIS providers) to guarantee that they archive all data for at least 3, and preferably 7 years, and also, that the utility owns its data and can access the data in a timely and cost-free manner.
During the current California drought water utilities were desperate for access to their historic customer data, and vendors provided quite poor service when it came to complying with these requests. We have seen very unfavorable contract terms time and time again around utility’s rights to their own data (meter or customer data). Consult your legal counsel to be sure that your utility retains access rights to your own data.
Develop a cloud security questionnaire and protocol for all host (cloud-based) services.
This BMP should be qualified with a statement that the cloud, done right, is a highly secure environment for data, that makes services and security of your utility’s data more cost-effective.
A recent report announced that federal government’s DOD and DOJ are both moving onto Amazon’s Cloud Services. In 2010, the CIO of the U.S. government, Vivek Kundra, famously declared that the federal government must move to a “cloud first” policy. The cloud is an important part of any utility’s I.T. development plan, and must be done right. The days of on premise only solutions are coming to an end, and a prudent utility will develop a data governance policy to help it modernize in a safe and cost-effective way.
Contact Valor Water to learn more about Hosted Solution Data Security protocols for your utility.
Control vulnerability and security risks
A few best practices to keep your data safe and secure include:
o Frequent password changes for system access and email;
o Planned vulnerability scans for your system and your technology partners’ systems;
o Data encryption for data shared over the web / or telecom;
o Required firewalls and SSL layers;
o Regularly scheduled data backup and archival processes.
This is an early and partial list of considerations for data governance BMPs. If you have more or want to share your utility’s IT success story, write me at christine (at) valorwater.com and we can keep growing this list so that our data, and our customer’s data remains safe and secure.