Scrutinizing Data Is The Key
Data has a chain of elements just as a product has a chain of materials. Both create value by combining their respective elements to benefit a person or institution. The end value of data is information; a manufactured product’s value tends to be more tangible, such as an engine, computer, or an automobile.
The information data produces are only as reliable as its elements. Similarly, a product is only as good as the skill with which it is designed and the materials and manufacturing processes used to create it.
Many manufacturers use robots programmed to perform tasks in a repetitive fashion with extreme accuracy. However, if the programming is wrong or a sensor is defective, the end quality of the product is likely to suffer—this is why quality control of the product is so important. For the same reason, we must have quality control of the data combined to enrich the data chain, so we can use the resulting information to make accurate decisions.
Consider the manufacture of an automobile, a device with three main parts—powertrain, body, and electronics. The body is powered by the powertrain and operated by electronics. The computer integrates telemetry from systems like Light Detection and Ranging (LiDAR) and other electronics, utilizing software to control the hardware and allow for wireless communications with manufacturers for updates/ autonomous driving and the internet for owner convenience. The body protects the occupants, provides steering, and suspends the automobile from the road via the tires. The powertrain propels the automobile while integrating it to all of the other systems via the computer. Information from the computer is then manually or automatically sent to the automobile manufacturer and reviewed to manage systems and ensure optimal performance.
There is no doubt that automobiles provide transportation and protect the lives of its occupants, but, what if the computer contains defective software or the wireless connectivity is not entirely secure? A bad actor could exploit these flaws to harm the occupants of the vehicle, pedestrians, or occupants of other vehicles. This is why end products like the automobile require all materials to be properly designed, manufactured, and tested to a level of quality that delivers repeatable operation. If, at any point in the supply chain, the assembly of the automobile involves defective materials and this is not caught in testing, the end product will be at risk for not performing its job and not deliver on its value proposition.
Just like the automobile, data has a supply chain of elements. When combined, these elements produce information that is valuable for decision-making. For example, an insurance record contains data elements that, when combined, support insurance carrier offerings to its policyholders and management of claims. The insurance record starts with personally identifiable information, such as full name, social security number, and driving history. Data, often from third- party aggregators and devices, is added to the data chain. For example, anon-board vehicle computer may measure speed, acceleration, and other vital information with non-connected devices. The drivercan then upload the data to the insurance carrier, which adds it to the driver’s record and can affect the insurance rates based on the risk profile.
Some autonomous driving providers support over the air updates which can communicate certain events that are meaningful to the risk profile of the driver, like an accident. These connected automobiles may also add data to the insurance record data chain. For example, connected devices can integrate the recording of driving habits between the driver and an insurance carrier; the connected device, which in some cases is a smartphone, gathers telemetry and additional phone history, which the insurance carrier system adds to the insured record. These additions to the chain enrich the information, but can also add risk if there are inaccuracies in the data chain. Thus, in many cases, having a review of the data enriching the chain of the insurance record is not only a good practice but should be required.
A risk-based assessment process for third parties providing parts and materials for the supply chain is also critically important, beginning with knowledge of every item’s source
The integrations and connectivity used to enrich a product and optimize its creation can also sabotage it. The data integrity in the data chain or the material quality in the supply chain can affect the performance of the end product. Whenever software is an element of a chain, the risk of sabotage can be unknown until years later, due to defects undiscovered until certain software features and functions are used.
Starting with the design process of the product, technology, security, and legal/compliance teams must scrutinize every part of the supply chain. By involving these teams upfront, security can be built into the product to mitigate likely risks. In particular, legal/compliance’s perspective on the ramifications of not moving forward with proposed changes can be very helpful in mitigating expensive and likely risks— helping protect the company’s financial stability. A risk-based assessment process for third parties providing parts and materials for the supply chain is also critically important, beginning with knowledge of every item’s source.
It is also important for the data chain to follow these similar concepts:
1.Include technology, security, and legal/compliance in the design process
2.Know where the data elements will originate so third-party service providers can be assessed using a risk-based approach
3.Require your third parties to perform assessments on their third parties to strengthen the data integrity of the data chain
4.Conduct periodic assessments of third parties
Thus, the elements that make up the data chain forinformationare very similar to the materials that make up the supply chain for a manufactured product, such as an automobile. Many of these elements and materials come from third parties. These third parties can affect the product’s end quality and the reputation of the manufacturer or the steward of the data. In summary, companies must take a risk-based approach to assessments, adapting methods to deal with risks that are continually changing. It is just as important to know the data elements in the data chain that make up an insurance record’s information as it is to know the materials and software in the supply chain for an automobile.