Processes Link Identities

The first step in creating data architectures is to gather baseline information about identities in your organization. The baseline inventory identifies high-level data sources and documents pertinent information about them. To do that, we'll start with the processes that we identified in the process inventory and find the identity records that are critical to performing those processes. Let's run through an example to see how that might work.

Suppose you've identified "employee provisioning " as one of the processes important to your organization. That process starts when the decision is made to hire an applicant and includes steps such as the following:

When you look at the steps in this process, the employee is right up front. Consequently, it's easy to identify the employee record in the HR database as one of the identity records in this process, but there are others. Here are some of them:

As we consider a single business process, it's amazing to see how it can translate into multiple identity records. Process links these records even if the infrastructure does not.

Going through the process inventory to find identity records creates an initial identity data inventory . The data inventory is a listing of each identity data source and its contents and other important meta-information. The following attributes should be recorded as part of creating the inventory.

One approach to creating the data inventory is to have business units create inventories for identity data they own and then to aggregate the results. Be careful, however, to train the people performing the inventory so that you get consistent results. You will also have to take care to ensure you don't miss data sources that are jointly owned or owned at the enterprise level. As we've seen, business function and, hence, process do not always fall within neat organizational boundaries. You may find that it's more convenient to create the baseline data inventory in conjunction with the process evaluation that we discussed in the last chapter, instead of doing it as a separate step.