1 Prepared by the Office of the Executive Vice President for Academic Affairs/Provost This is a NEW Executive Policy UNIVERSITY OF HAWAI I EXECUTIVE POLICY ON INSTITUTIONAL DATA GOVERNANCE September 2012 E2.215 Institutional Data Governance Page 1 of 12 Data governance is the exercise of authority and control (planning, monitoring, and enforcement) over the management of data assets. I. VISION DAMA: Guide to the Data Management Body of Knowledge Data governance at the University of Hawai i fosters a culture of shared responsibility and active participation among members of the University community in the stewardship of data and information entrusted to the University. The University of Hawai i s institutional data governance philosophy is grounded in the University s core values of institutional integrity, service, collaboration, and respect, and its commitment to excellence and accountability. II. GOALS The goals of data governance at the University are to: A. Protect the privacy and security of data and information under the stewardship of the University; B. Support a culture of responsible data use for informed and actionable decision making; C. Establish systemwide standards that enable holistic understanding of data across institutional boundaries; D. Promote the efficient use of resources to meet the data and information needs of the University community; 1
2 E. Increase the University s transparency and accountability to external stakeholders and the public by promoting access to relevant information. III. DEFINITION OF INSTITUTIONAL DATA AND POLICY STATEMENT Institutional Data is defined as data elements that are created, received, maintained and/or transmitted by the University of Hawai i in the course of meeting its administrative and academic requirements. It is the policy of the University of Hawai i to hold itself accountable for the privacy and security of its Institutional Data while keeping that data accessible for appropriate use. IV. PURPOSE V. SCOPE The objectives of this policy are to: A. Establish fundamental principles governing the management and use of data and information at the University, including, but not limited to, the creation or acquisition, privacy and security, and integrity and quality of that data and information; B. Set forth best practices for effective data management with ongoing objectives of increasing efficiencies, managing and mitigating information privacy and security risks, and promoting data quality; C. Establish clear lines of accountability and decision rights through the definition of roles and responsibilities related to data management; D. Establish a set of standardized terms and definitions to promote consistent interpretations and implementations of policies, procedures, and practices related to data management. A. The scope of this institutional data governance policy applies to the following: 1. Users employed by the University or any affiliates (including external agencies such as RCUH, Sodexho, third 2
3 party vendors, etc.) with access to University-related data and information (i.e., Institutional Data); 2. All Institutional Data created, collected, analyzed, and reported on by UH units as part of their administrative and academic functions, regardless of where they are located and in what medium they are stored (e.g., physical or electronic), how they are accessed, and how they are transmitted; 3. Institutional Data, such as student demographics, used in surveys or studies; 4. Sensitive information which are subject to privacy considerations or have been classified as confidential and are therefore subject to protection from public access or inappropriate disclosure. Sensitive information, including personally identifiable information (PII), is defined in Executive Policy E2.214, Security and Protection of Sensitive Information. B. This policy recognizes the legal responsibilities of individual campuses to protect the privacy and security of their students data according to FERPA requirements. C. This policy does not apply to data created, collected, or analyzed for the purpose of research that does not require the use of Institutional Data. Although those data are beyond the scope of this policy, they are subject to the requirements of Executive Policy E2.214, Security and Protection of Sensitive Information, which apply to all University-related data. VI. PRINCIPLES The following principles are set forth as minimum standards to govern the appropriate use and management of Institutional Data. A. Institutional Data is the property of the University of Hawai i and shall be managed as a key asset. Institutional Data will be managed through defined governance standards, policies, and procedures. B. Institutional Data shall be protected. Institutional Data must be safeguarded and protected according to security, privacy, and compliance rules and regulations established by 3
4 the federal and state government, and University of Hawai i policies. Refer to the UH Data Governance website ( for a listing of applicable rules, regulations, and policies involving the proper handling of sensitive information. This policy is not intended to supercede federal and state rules and regulations, but to promote and reinforce them. C. Institutional Data shall be accessible according to defined needs and roles. Institutional Data shall be made accessible in accordance with the University s administrative policy on data sharing (forthcoming). Users deemed to have a legitimate educational interest shall be assigned appropriate access based on their roles. D. Institutional representatives will be held accountable to their roles and responsibilities. Roles and responsibilities involving the management and use of Institutional Data will be clearly defined, and individuals assigned to specific roles will be held accountable for their data management responsibilities. E. Resolution of issues related to Institutional Data shall follow consistent and public processes. The Data Governance Committee shall coordinate the resolution of issues related to risks, costs, access, management, and use of Institutional Data with the appropriate Data Stewards and with UH leadership. VII. BEST PRACTICES A. Unnecessary duplication of Institutional Data is discouraged. Data Stewards (defined in section VIII, Roles and Responsibilities) shall be responsible for minimizing redundant storage and processing of Institutional Data in multiple repositories where reasonable and appropriate. B. Quality standards for Institutional Data shall be defined. Data quality standards shall be defined, implemented, monitored, and communicated by System Executive Data Stewards of Institutional Data Systems (defined in section IX, Definitions). Examples of data quality standards include: data validation rules, timeliness of updates, defined error rates, etc. C. Training and education for Data Users and their supervisors shall be provided. Training and education on the 4
5 appropriate handling of sensitive information must be completed before Data Users (defined in section VIII, Roles and Responsibilities) are allowed access to sensitive information. Supervisors must also complete the same training and education as their employees. D. Guidelines and procedures for the effective management of Institutional Data throughout its lifecycle (from creation to destruction) shall be established. Guidelines and procedures involving the creation or acquisition, storage and maintenance, use, archival, and destruction of Institutional Data will be available to direct Data Users and Data Custodians in their data management practices. E. Activities that reduce the potential exposure of sensitive information shall be implemented through an information security program. The University will establish an information security program that addresses the following areas, including, but not limited to, governance structures, security audits, risk assessments, identity management, access controls, education and training, and network monitoring. The program will perform ongoing audits of high risk areas and enforce remediation measures, as necessary. F. Contingency plans for managing security breaches and disaster recovery shall be established. The process for managing security breaches and other inappropriate uses of Institutional Data will be addressed in University policy. Types of information included will be a definition of a security breach, guidelines on the timing, contents, and means of notice to affected parties, etc. Disaster recovery plans will include contingencies for the physical security of affected sites containing sensitive information. VIII. ROLES AND RESPONSIBILITIES The following roles and responsibilities are defined, for both individuals and groups, for the purpose of establishing clear governance and accountabilities over Institutional Data. The terms and conditions for appointments and assignments are outlined for each. Note that for University employees whose duties and responsibilities fall within a controlled access environment, this policy should not impact their daily activities, but rather, should clarify and formalize their roles and responsibilities. 5
6 A. Executive Vice President for Academic Affairs/Provost The Executive Vice President for Academic Affairs/Provost is the lead institutional officer responsible for developing and implementing the University s data governance program. Authority and responsibility resides with the Executive Vice President for Academic Affairs/Provost on policy and system (multi-campus) issues. B. Vice President for Information Technology and Chief Information Officer The Vice President for Information Technology and Chief Information Officer is responsible for setting and enforcing standards and guidelines for data management technologies and systems related to computing infrastructures, data processing performance, data delivery and integration, data architectures and structures, metadata repositories, and access control mechanisms. The Vice President for Information Technology and Chief Information Officer has custodial authority over centralized Institutional Data Systems, including the student, financial, and human resources databases. C. Chancellors and System Vice Presidents Chancellors and system vice presidents (collectively referred to as UH leadership) have authority and responsibility over policies and procedures regarding access and usage of data within their delegations of authority. The Data Governance Committee serves in an advisory capacity to UH leadership on strategic matters and conflict resolution issues. D. Data Governance Committee (DGC) The Data Governance Committee is a systemwide group dedicated to implementing a data governance program at the University. Committee members are appointed by the Executive Vice President for Academic Affairs/Provost. Membership is based on ex-officio roles for system-based personnel and two-year terms for campus-based personnel. Rotating memberships of campus-based personnel are intended to promote knowledge and awareness of data governance throughout the system. Refer to the UH Data Governance website for the membership roster. The DGC s charges are to: 1. revise, recommend, and develop policies and standards that govern the University s data and information management practices at the direction of UH leadership; 6
7 2. define clear and consistent structures, models, and processes that promote the efficient use of resources to meet the information needs of the University community; 3. provide guidance and recommendations concerning the University s Institutional Data, including expanding access, improving quality, assuring security, and improving performance; 4. provide recommendations to UH leadership as part of a formal appeal process involving disputes around Institutional Data and Institutional Data Systems. E. Institutional Research and Analysis Office (IRAO) Director A member of the DGC, the IRAO Director oversees the office that maintains the System of Record for student-related data and information and is the official reporting entity for student-related data and information for the University of Hawai i. The IRAO Director coordinates the cross-functional reporting and analysis of student, finance, and human resource data. The IRAO Director leads the University s efforts around data quality and works collaboratively with system and campus leadership to improve the consistency and accuracy of operational and policy research data within the University s Institutional Data Systems (see section IX, Definitions). The individual updates the DGC on data quality issues and is responsible for decisions around mediating and correcting inconsistencies in data definitions. F. UH System Information Security Officer A member of the DGC, the UH System Information Security Officer leads the University s Information Security Program. The individual works with system and campus leadership to improve the security posture of the University. The individual convenes the Data Security Leadership Council and the UH Information Technology (IT) Security Leads groups and updates the DGC on security and privacy issues. Refer to the UH Data Governance website for both membership lists. G. Data Stewards Data Stewards act in accordance and ensure compliance with applicable federal and state rules and regulations and University policies involving Institutional Data. Data Stewards are responsible for minimizing the use, storage, and exposure of sensitive information, particularly personally identifiable information. They have responsibility to restrict the use and exposure of such information to those specific situations where it is essential and appropriate. 7
8 There are two levels of Data Stewards at the University of Hawai i: executive and functional. 1. Executive Data Stewards are accountable for the use and management of Institutional Data at their respective campus or within the Institutional Data System under their purview. a. Campus Executive Data Stewards These Data Stewards are vice chancellors or appropriate administrators responsible for the major functional areas within a campus including, but not limited to, student affairs, academic affairs, and administration. They have the authority to govern the use of Institutional Data within their respective areas. Campus Executive Data Stewards for student data have the additional responsibility of reviewing and approving data sharing requests within their respective campuses. As part of the review process, a Campus Executive Data Steward will notify relevant parties of data sharing requests for student-related data through an inclusive and open communication process. Refer to the administrative procedure on data sharing (forthcoming) for details on the types of requests a Campus Executive Steward authorizes, the review process, and the appeal/exception process. Human resource and financial data sharing requests are managed centrally by the UH System Offices of Human Resources and Financial Management. b. System Executive Data Stewards These Data Stewards are primarily system level executives with functional responsibility for Institutional Data Systems (see section IX, Definitions). They have the authority to govern the use of Institutional Data within these Institutional Data Systems. System Executive Data Stewards review and approve data sharing requests. These requests involve multiple campuses, external parties, and/or electronic linkages to Institutional Data Systems. As part of the review process, the System Executive Data Steward will notify relevant parties of data sharing requests through an inclusive and open communication process. Refer to the 8
9 administrative policy on data sharing (forthcoming) for details on the types of requests a System Executive Data Steward authorizes, the review process, and the appeal/exception process. System Executive Data Stewards also have the authority to grant access to Institutional Data Systems for system and campus personnel. Refer to the listing of Institutional Data Systems and their associated System Executive Data Stewards and Vice Presidents who are accountable for those systems on the UH Data Governance website. If a request for access is denied, the requestor may appeal or request an exception from the Vice President. The DGC will provide a recommendation to the Vice President who will then decide on the matter. The Vice President s decision is final. For more detail, refer to the administrative procedure on access (forthcoming). System Executive Stewards have the additional responsibility of responding to the data and information needs of the University community through the Institutional Data Systems they oversee. They sponsor and promote a shared understanding of data through clear data element definitions, and oversee data quality and performance improvements within these systems. Refer to the UH Data Governance website for a listing of Institutional Data Systems and associated System Executive Data Stewards. 2. Functional Data Stewards are responsible for the day-today use and management of Institutional Data. Functional Data Stewards exist among all levels and across all units within the University. Registrars, financial aid officers, fiscal managers, human resources specialists, and institutional researchers are among those considered Data Stewards. Functional Data Stewards engage in the following types of data related activities: a. Ensure Institutional Data is managed appropriately, according to policies and procedures; 9
10 b. Recommend enhancements for their respective program areas to improve data quality, access, security, performance, and reporting; c. Serve as a conduit between functional and technical personnel to promote communication and a shared understanding of requirements; d. Fulfill data requests according to administrative procedures on data sharing. H. Data Custodians Data Custodians are the managers and/or administrators of systems or media on which sensitive information resides, including but not limited to personal computers, laptop computers, PDAs, smartphones, departmental servers, enterprise databases, storage systems, magnetic tapes, CDs/DVDs, USB drives, paper files, and any other removable or portable devices or off-site storage technologies such as, but not limited to, cloud storage or cloud services. Information technology personnel are commonly regarded as Data Custodians, however, any authorized individual who downloads or stores sensitive information onto a computer or other storage device becomes a Data Custodian through that act. Data Custodians are responsible for the technical safeguarding of sensitive information, including implementing and administering controls that ensure the transmission of sensitive information is secure and access controls to prevent inappropriate disclosure are in place. I. Data Users Data Users are individuals who, in order to fulfill their job duties and responsibilities, require access to sensitive information as defined in Executive Policy E2.214, Security and Protection of Sensitive Information, and are therefore granted access. Data Users are responsible for understanding and complying with all applicable University policies and procedures for dealing with sensitive information and its protection. Those who do not comply will be denied access. Specific questions about the appropriate handling or usage of Institutional Data should be directed to the Data Steward responsible for that area. IX. DEFINITIONS A. Institutional Data Institutional Data is defined as data elements which are created, received, maintained and/or 10
11 transmitted by the University of Hawai i in the course of meeting its administrative and academic requirements. B. Institutional Information Institutional Information is defined as a collection of Institutional Data which can be: 1. contained in any form, including but not limited to documents, databases, spreadsheets, , and websites; 2. represented in any form, including but not limited to letters, numbers, words, pictures, sounds, symbols, or any combination thereof; 3. communicated in any form, including but not limited to handwriting, printing, photocopying, photographing, and web publishing; and 4. recorded upon any form, including but not limited to papers, maps, films, prints, discs, drives, memory sticks, and other information systems. C. System of Record A System of Record is Institutional Information that is designated by a Data Steward as representing official values of the University. Official values are the data designated as the most accurate representation of the meaning and context of Institutional Data elements, which are recorded as facts. Official values are not necessarily the originally entered values, and as such, a System of Record may not necessarily be the system where values are originally entered. When questions arise over the meaning or interpretation of data elements or their values, the System of Record is used to resolve discrepancies. D. Institutional Data Systems Institutional Data Systems are systemwide data repositories that collect and store Institutional Data and Institutional Information. These repositories house both transactional (operational) and reporting types of Institutional Data and Institutional Information, including Systems of Record. In some cases, Institutional Data may be purged on a regular basis from an Institutional Data System. Institutional Data Systems are subject to the same policies and procedures that govern the use of Institutional Data. Refer to the UH Data Governance website for a listing of Institutional Data Systems and associated System Executive Data Stewards. Note the listing is not intended to be allinclusive of the University s Institutional Data Systems, but 11
12 rather, represents Institutional Data Systems that are most likely to contain sensitive information. E. Departmental/Unit/Local Data Repositories Various UH academic and administrative departments or units copy Institutional Data from Institutional Data Systems into their own departmental, unit, or local data repositories. Any Departmental/Unit/Local Data Repository that contains a copy of Institutional Data are subject to the same policies and procedures which govern the use of Institutional Data. This policy applies to all repositories of Institutional Data, irrespective of where the repository is maintained (for example, a department may contract for cloud storage services to maintain its data repository.) 12
University of Hawai i Executive Policy on Data Governance (Draft 2/1/12) I. Definition Data governance is the exercise of authority and control (planning, monitoring, and enforcement) over the management
Name of Policy: Southern University System Data Governance Policy Policy Number: Issuing Authority: SUS Office of the President Initial Effective Date: On Presidential Approval X New Policy Proposal Major
Rowan University Data Governance Policy Effective: January 2014 Table of Contents 1. Introduction... 3 2. Regulations, Statutes, and Policies... 4 3. Policy Scope... 4 4. Governance Roles... 6 4.1. Data
Data Governance Policy Table of Contents STATEMENT OF PURPOSE... 2 ENTITIES AFFECTED BY THIS POLICY... 3 WHO SHOULD READ THIS POLICY... 3 POLICY STRUCTURE... 3 POLICY... 3 1. Data Governance Structure...
University of Michigan Medical School Data Governance Council Charter 1 Table of Contents 1.0 SIGNATURE PAGE 2.0 REVISION HISTORY 3.0 PURPOSE OF DOCUMENT 4.0 DATA GOVERNANCE PROGRAM FOUNDATIONAL ELEMENTS
Institutional Data Governance Policy Vanderbilt University and Medical Center Effective Date: 07/09/2014 Revision Date: N/A DOCUMENT CONTROL Document Title Institutional Data Governance Policy Summary:
California State University, Sacramento INFORMATION SECURITY PROGRAM 1 I. Preamble... 3 II. Scope... 3 III. Definitions... 4 IV. Roles and Responsibilities... 5 A. Vice President for Academic Affairs...
Minnesota State University, Mankato University Policy Policy Name: University Data Effective Date of Last Revision Governance July 1, 2016 Custodian of Policy: Provost and Date of Last Review Senior Vice
Administrative Procedure Number: 707 Effective: 5/13/2011 Supersedes: INTERIM Page: 1 of 11 Subject: RECORDS RETENTION, MANAGEMENT, AND DISPOSITION PROGRAM 1.0. PURPOSE: 1.1. To establish and administer
Institutional Data Governance Policy Policy Statement Institutional Data is a strategic asset of the University. As such, it is important that it be managed according to sound data governance procedures.
Stephen F. Austin State University Information Security Program Revised: September 2014 2014 Table of Contents Overview... 1 Introduction... 1 Purpose... 1 Authority... 2 Scope... 2 Information Security
Minnesota State University, Mankato University Policy Policy Name: University Data Effective Date of Last Revision Governance July 1, 2016 Custodian of Policy: Provost and Date of Last Review Senior Vice
R345, Information Technology Resource Security 1 R345-1. Purpose: To provide policy to secure the private sensitive information of faculty, staff, patients, students, and others affiliated with USHE institutions,
PURPOSE The University of Rochester recognizes the vital role information technology plays in the University s missions and related administrative activities as well as the importance in an academic environment
Virginia Polytechnic Institute and State University No. 7100 Rev.: 4 Policy and Procedures Date: April 1, 2008 Subject: Administrative Data Management and Access Policy Contents 1. Premise and Purpose...
RUTGERS POLICY Section: 70.2.22 Section Title: Legacy UMDNJ policies associated with Information Technology Policy Name: Information Security: Electronic Information and Information Systems Access Control
, Access, and Security Policy Type: Administrative Responsible Office: VCU Office of Research and Innovation Initial Policy Approved: 05/15/09 Current Revision Approved: 11/05/2015 Policy Statement and
Overview The Provost s Office and the Office of Financial Affairs recognize the campus-wide need for broader and more robust access to institutional data to facilitate operations and inform strategic decision-making.
Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Data Handling and Storage Standard This standard is applicable to all VCU School of Medicine personnel. Approval
Records Management Policy Effective Date: This Policy takes effect on July 15, 2013 Purpose The purpose of this policy is to achieve efficient and effective management of CMHC information with business
Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Business Continuity Management Standard for IT Systems This standard is applicable to all VCU School of Medicine
U.S. Department of Education Office of the Chief Information Officer Investment Review Board (IRB) CHARTER January 23, 2013 I. ESTABLISHMENT The Investment Review Board (IRB) is the highest level IT investment
Ensuring the highest quality data is delivered throughout the university providing valuable information serving individual and organizational need October 8, 2014 Ronald Layne Manager, Data Quality and
E-1. Records Management I. Scope The Records Management Office maintains a comprehensive records management system meeting regulatory and contractual requirements ensuring documentation is readily accessible.
State of California California Information Security Office Information Security Program Management Standard SIMM 5305-A September 2013 REVISION HISTORY REVISION DATE OF RELEASE OWNER SUMMARY OF CHANGES
Virginia Commonwealth University Information Security Standard Title: Encryption Security Standard Scope: Approval February 22, 2012 This document provides the encryption requirements for all data generated,
Form 1221-2 (June 1969) Subject UNITED STATES DEPARTMENT OF THE INTERIOR BUREAU OF LAND MANAGEMENT MANUAL TRANSMITTAL SHEET 1283 Data Administration and Management (Public) Release 1-1742 Date 7/10/2012
Utica College Information Security Plan Author: James Farr (Information Security Officer) Version: 1.0 November 1 2012 Contents Introduction... 3 Scope... 3 Information Security Organization... 4 Roles
FAYETTEVILLE STATE UNIVERSITY POLICY ON INFORMATION SECURITY Authority: Category: Applies to: Chancellor, Fayetteville State University University-wide Faculty, Staff, and Students History: Approved on
for the Stakeholder Engagement Initiative: December 10, 2009 Contact Point Christine Campigotto Private Sector Office Policy 202-612-1623 Reviewing Official Mary Ellen Callahan Chief Privacy Officer Department
Information Resources Security Guidelines 1. General These guidelines, under the authority of South Texas College Policy #4712- Information Resources Security, set forth the framework for a comprehensive
Purpose a) The Audit Risk & Governance Committee (Committee) is a formally appointed Committee of the Board of Directors of the Australian Wine Consumers Co-operative Society Limited (the Co-operative)
CHAPTER 2016-138 Committee Substitute for Committee Substitute for Committee Substitute for House Bill No. 1033 An act relating to information technology security; amending s. 20.61, F.S.; revising the
INTRODUCTION Enbridge Energy Partners, L.P.(the Partnership ) is a Delaware limited partnership whose Class A Common Units are registered under Section 12 of the Securities and Exchange Act of 1934, as
UNIVERSITY OF NAMIBIA RECORDS MANAGEMENT POLICY 1. OBJECTIVE The objective of this policy is to ensure that (a) the records of the University of Namibia are created and maintained in a manner which (i)
Hawai i Data exchange Partnership Data Governance Policy March 4, 2014 Hawai i Data exchange Partnership Data Governance Policy Table of Contents Purpose... 3 Underlying Assumptions of the Three- and Five-Partner
An Overview of Data Management Recognition of Contribution The AICPA gratefully recognizes the invaluable contribution and involvement from the AICPA s IMTA Executive Committee Data Management Task Force
SAFEGUARDS FOR PROTECTING PRIVATE DATA - SERVICE PROVIDERS AND CONTRACTORS THE UNIVERSITY OF NEW MEXICO October 17, 2013 Audit Committee Members J.E. Gene Gallegos, Chair Lt. General Bradley Hosmer, Vice
Wright State University Information Security Controls Policy Title: Category: Audience: Reason for Revision: Information Security Framework Information Technology WSU Faculty and Staff N/A Created / Modified
Name of Policy Description of Policy Policy applies to Data Governance Policy To establish proper standards to assure the quality and integrity of University data. This policy also defines the roles and
DRAFT CODE OF GOVERNANCE PRINCIPLES FOR SOUTH AFRICA - 2009 KING COMMITTEE ON GOVERNANCE 2009 Institute of Directors in Southern Africa. All rights reserved Page 1 THE BUSINESS LEADERS Corporate governance
GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS December 2005 2 GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS I. OBJECTIVE... 1 II. SCOPE... 1 III. APPLICATION OF LOCAL LAWS...
HALOGEN SOFTWARE INC. AUDIT COMMITTEE CHARTER PURPOSE The Audit Committee is a standing committee appointed by the Board of Directors of Halogen Software Inc. The Committee is established to fulfill applicable
BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO. 05-050 Adopting Multnomah County HIPAA Security Policies and Directing the Appointment of Information System Security
Tsawwassen First Nation Policy for Records and Information Management September 28 2011 Tsawwassen First Nation Policy for Records and Information Management Table of Contents 1. RECORDS AND INFORMATION
CSU The California State University Office of Audit and Advisory Services INFORMATION SECURITY Humboldt State University Audit Report 14-50 October 30, 2014 EXECUTIVE SUMMARY OBJECTIVE The objectives of
POLICIES Campus Data Security Policy Issued: September, 2009 Responsible Official: Director of IT Responsible Office: IT Central Policy Statement Policy In the course of its operations, Minot State University
OFFICE OF THE PRESIDENT HIPAA Compliance Policy (effective April 14, 2003) Purpose It is the purpose of this Executive Memorandum to set forth the Board of Regents and the University Administration s Policy
MAYO CLINIC: GOVERNANCE AND MANAGEMENT STRUCTURE (Approved by Board of Trustees on August 14, 2015) CONTENTS I. Responsibilities, Accountability, and of Mayo Leadership Positions and Committees A. Board
PRIVACY AND INFORMATION SECURITY INCIDENT REPORTING PURPOSE The purpose of this policy is to describe the procedures by which Workforce members of UCLA Health System and David Geffen School of Medicine
Executive Summary Texas state law requires that each state agency, including Institutions of Higher Education, have in place an Program (ISP) that is approved by the head of the institution. 1 Governance
B O N N E V I L L E P O W E R A D M I N I S T R A T I O N BPA Policy 236-1 Table of Contents 236-1.1 Purpose & Background... 2 236-1.2 Policy Owner... 2 236-1.3 Applicability... 2 236-1.4 Terms & Definitions...
Information and records management NZQA Quality Management System Policy Purpose The purpose of this policy is to establish a framework for the management of information and records within NZQA and assign
Generally Accepted Recordkeeping Principles Information Governance Maturity Model Information is one of the most vital strategic assets any organization possesses. Organizations depend on information to
BUSINESS ASSOCIATE AGREEMENT HIPAA Protected Health Information I. PREAMBLE ( Covered Entity ) and ( Business Associate ) (jointly the Parties ) wish to enter into an Agreement to comply with the requirements
Information Security Plan May 24, 2011 REVISION CONTROL Document Title: Author: HSU Information Security Plan John McBrearty Revision History Revision Date Revised By Summary of Revisions Sections Revised
Information Security Section: General Operations Title: Information Security Number: 56.350 Index POLICY.100 POLICY STATEMENT.110 POLICY RATIONALE.120 AUTHORITY.130 APPROVAL AND EFFECTIVE DATE OF POLICY.140
REGENTS POLICY PART V FINANCE AND BUSINESS MANAGEMENT Chapter 05.08 - Business Practices P05.08.010. Printing Standards: General Statement. Publications produced by and for the university will be simple,
Sierra College ADMINISTRATIVE PROCEDURE No. AP 3721 Electronic Information Security and Data Backup Procedures Date Adopted: 4/13/2012 Date Revised: Date Reviewed: References: Health Insurance Portability
TABLE OF CONTENTS University of Northern Colorado HIPAA Policies and Procedures Page # Development and Maintenance of HIPAA Policies and Procedures... 1 Procedures for Updating HIPAA Policies and Procedures...
State of Florida ELECTRONIC RECORDKEEPING STRATEGIC PLAN January 2010 December 2012 DECEMBER 31, 2009 Florida Department of State State Library and Archives of Florida 850.245.6750 http://dlis.dos.state.fl.us/recordsmanagers
Filed: 0-- EB-0-0 Tab Page of HYDRO ONE GOVERNANCE AND CONTROL FRAMEWORK.0 OVERVIEW The Corporate Governance structure and Internal Control Framework of Hydro One Inc. provide assurance regarding Hydro
M E M O R A N D U M To: From: IT Steering Committee Brian Cohen Date: March 26, 2009 Subject: Revised Information Technology Security Procedures The following is a revised version of the Information Technology
UNH Policy on Compliance with the Health Insurance Portability and Accountability Act (HIPAA) 1 Preamble Approved August 5, 2014 1.1 The Health Insurance Portability and Accountability Act of 1996 (Public
BOARD MANDATE 1.0 Introduction The Board of Directors (the "Board") of Baja Mining Corp. (the "Company") is responsible for the stewardship of the Company and management of its business and affairs. The
Master Data Management Defining & Measuring MDM Maturity, A Continuous Improvement Approach DEFINE IMPROVE MEASURE Presentation by Mark Allen 1 About the Author Mark Allen has over 25 years of data management
Information & Technology Services Management & Security Principles & Procedures Executive Summary Contact: Henry Torres, (870) 972-3033 Background: The Security Task Force began a review of all procedures
CHARTER OF THE AUDIT AND RISK MANAGEMENT COMMITTEE OF THE BOARD OF DIRECTORS OF BLACKBERRY LIMITED AS ADOPTED BY THE BOARD ON MARCH 27, 2014 1. AUTHORITY The Audit and Risk Management Committee (the "Committee")
Policy History Date October 5, 2012 October 5, 2010 October 19, 2004 July 8, 2004 May 11, 2004 January May 2004 December 8, 2003 Action Modified Separation or Change of Employment section to address data
Management Standards for Information Security Measures for the Central Government Computer Systems April 21, 2011 Established by the Information Security Policy Council Table of Contents Chapter 1.1 General...
GUIDANCE FOR MANAGING THIRD-PARTY RISK Introduction An institution s board of directors and senior management are ultimately responsible for managing activities conducted through third-party relationships,
HIPAA Business Associate Agreement User of any Nemaris Inc. (Nemaris) products or services including but not limited to Surgimap Spine, Surgimap ISSG, Surgimap SRS, Surgimap Office, Surgimap Ortho, Surgimap
MIT s Information Security Program for Protecting Personal Information Requiring Notification (Revision date: 2/26/10) Table of Contents 1. Program Summary... 3 2. Definitions... 4 2.1 Identity Theft...
SUN LIFE FINANCIAL INC. CHARTER OF THE BOARD OF DIRECTORS This Charter sets out: 1. The duties and responsibilities of the Board of Directors (the Board ); 2. The position description for Directors; 3.
Model Business Associate Agreement Instructions: The Texas Health Services Authority (THSA) has developed a model BAA for use between providers (Covered Entities) and HIEs (Business Associates). The model
Policy History Date Action Approved by President Mohammed Qayoumi May 27, 2013 April 9, 2013 Reviews: IT Management Advisory Committee Draft Policy Released Table of Contents Introduction and Purpose...