To meet regulatory deadlines, health insurer CZ needed to accelerate its software development cycles—but providing suitable datasets for its software testers was a time-consuming process.
CZ implemented an IBM solution that optimizes and automates the test data management process by subsetting and masking data to reduce data volumes and protect clients’ privacy.
Helpsensure data privacy and facilitate compliance with regulations such as the GDPR
50%faster creation of test datasets helps to accelerate development cycles
Cutsstorage costs by significantly reducing the size of test datasets
Business challenge story
Accelerating development while safeguarding privacy
For the Dutch health insurance company CZ, a fast time-to-market is crucial when testing and launching new software applications for use in its business—CZ not only needs to be able to respond to customer requirements swiftly, but must also meet regulatory deadlines.
For example, each year, insurance companies in the Netherlands need to update their systems to align with changes in the country’s healthcare system. The deadline for completing these changes is “Prinsjesdag”—the day when the reigning Dutch monarch announces the main features of government policy for the coming parliamentary session—and there are significant penalties for any insurer who fails to complete their changes on time.
“This means our testing environment must work as smoothly and automatically as possible to ensure we can launch applications on schedule. For instance, copying and loading data from our production environment into our testing environment needs to be quick and easy, and it’s also important that the test data is referentially intact, to ensure proper application testing.”
However, to comply with data protection regulations, CZ must also ensure that it protects clients’ privacy as it moves data between its production and non-production environments. These requirements will soon become even more strict, when the upcoming European General Data Protection Regulation (GDPR) comes into force.
Ed de Cock, Test Coordinator at CZ, takes up the story: “The pressure is high. Sometimes a new application has to be operational in just a month, while updates of existing applications need to be released every four weeks or even every other day.
Han van der Vinden, Test Manager at CZ, explains: “The regulations state that we must not use real customer data for development and testing purposes, to ensure that our clients’ privacy isn’t threatened in the case of lost or hacked data containing details such as addresses or bank details. It’s not just about complying with regulations—we also need to protect the company’s reputation and ensure that our customers trust us as stewards of their personal information.
“However, we still need to use realistic data to test our applications fully. A solution is to mask our production data—that is, replace any sensitive personal information in the dataset with ‘dummy’ information that isn’t related to any real customers—before we move it over to the test environment.”
CZ had previously developed its own tool for masking data, but this no longer met privacy legislation standards.
Ed de Cock adds: “Our homegrown tool didn’t anonymize data sufficiently to meet new regulations, and also left room for errors. For example, if you added a new table to your production database, you would also need to remember to add a new table to your testing environment—but because this wasn’t automated, there was a chance of it being forgotten. That could lead to errors and inconsistencies in the testing process.
“What’s more, indicating which dataset you wanted to load into the testing environment was very time-consuming. For instance, if you wanted to select people with certain characteristics, you first needed to run a query to extract that data from the production database, and then load it manually in the testing environment.”
CZ knew it was time to find a new automated approach to test data management that was secure, accurate, and would enable software engineering teams to work at a faster pace.
Automating the test data management process
CZ began looking for a streamlined test data management solution that would make it easier to comply with ever-more stringent privacy regulations, while also accelerating software development.
“We conducted proofs of concept with a number of vendors and software packages, including IBM InfoSphere Optim Test Data Management,” notes Han van der Vinden. “We were impressed by the reliability, speed and flexibility of the solution, as well as how it easily integrated with our IBM DB2 for z/OS and Microsoft SQL Server databases. The IBM team’s experience with DB2 was an added bonus.”
IBM helped CZ implement the solution, which optimizes and automates the test data management process. It first subsets data from CZ’s IBM® DB2® for z/OS® and Microsoft SQL Server databases, enabling the testing team to select a relatively small data sample that is still representative of the production dataset as a whole. The solution then masks the data before loading it into the test environment.
Ed de Cock comments: “IBM InfoSphere Optim Test Data Management comes with a range of built-in masking routines for items such as names and addresses. We were also able to use a lookup table to mask the Burgerservicenummer (BSN), which is the Dutch equivalent of a social security number. This is something that our previous home-grown masking solution hadn’t been able to do.”
The company also needed to be able to mask the Dutch version of the International Bank Account Number (IBAN), which proved to be a more complex challenge.
Ed de Cock states: “A big advantage of Optim is that it is very extensible, so IBM was able to tailor it to our needs. The team built a custom masking routine that enables us to generate valid Dutch IBAN account numbers that preserve the country code and bank code of the original transaction, and comply with the IBAN check digits, but don’t contain any real data that could be used to identify a customer.”
Han van der Vinden adds: “There was great cooperation and communication between CZ and IBM throughout the project. Together we made it a success.”
Protecting client data
With IBM InfoSphere® Optim™ Test Data Management in place, CZ can easily protect its clients’ data, comply with privacy regulations, and meet deadlines for changing regulations—while cutting costs and boosting efficiency.
“Optim’s subsetting feature is a huge advantage, because it allows us to reduce the amount of data that is copied to our test environments,” says Han van der Vinden. “This reduces the time taken to create copies by around 50 percent, which contributes to faster development cycles overall. It also makes it easier to spot changes in the database structure and keep the test database consistent with the development and production environments.”
Additionally, the solution’s automation features minimize errors and boost efficiency, as Ed de Cock describes: “Optim helps us select and load data more quickly, apply changes consistently across the testing environment, and ensure that all relevant items are copied when creating test datasets—so we can rely on our test results. The next step is to be able to perform automated tests quickly and accurately. We aim to achieve a 10 percent reduction in overall development cycle time within a year, helping us get new releases into production more quickly.
“By speeding up our software development processes, the solution makes it easier for us to respond swiftly to customer requirements, and meet regulatory deadlines for implementing changes in healthcare policy.”
At the same time as boosting efficiency and accelerating software development, the solution also cuts expenditure. Specifically, by enabling the use of smaller datasets in the test environment, Optim reduces total storage requirements and costs.
Flexibility is another key benefit: whenever new masking requirements arise, CZ can write the specific routines it needs and integrate them seamlessly into its testing processes. This may prove vital in helping CZ comply with new data privacy regulations such as the GDPR.
“The IBM solution empowers us to keep our clients’ personal data safe, protecting the company’s reputation and preserving our customers’ trust,” concludes Ed de Cock. “It also cuts costs and accelerates software development processes, boosting efficiency and enabling us to meet regulatory deadlines.”
With more than three million policyholders, CZ is one of the largest health insurers in the Netherlands. The company owns the CZ, Delta Lloyd and OHRA brands, and employs approximately 2,500 people. It has three main branches located in Tilburg, Goes and Sittard, along with 15 service offices spread over the provinces of Zeeland, South Holland, North Brabant and Limburg. CZ is also a leader in improving the quality and affordability of care, including care reform and healthcare purchasing.
- FSS: Insurance - Risk and Compliance
- FSS: Risk & Compliance
- InfoSphere Optim Test Data Management
- InfoSphere Optim Test Data Management Solution - Custom
Take the next step
IBM offers a comprehensive, scalable Unified Governance and Integration platform and solutions-- available on premises, on cloud and hybrid environments-- successfully delivering trusted data for insights and compliance to businesses, governments and individuals. Learn more about Unified Governance and Integration at ibm.com/unified-governance. Follow us on Twitter at @IBMAnalytics.