Data Governance Policy. Staff Only Students Only Staff and Students. Vice-Chancellor



Similar documents
ADMINISTRATIVE DATA MANAGEMENT AND ACCESS POLICY

Marist College. Information Security Policy

Rowan University Data Governance Policy

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

PROCEDURE. The permission rights assigned to allow data custodians to view, copy, enter, download, update or query data.

CORPORATE RECORDS MANAGEMENT POLICY

Institutional Data Governance Policy

INFORMATION TECHNOLOGY DATA MANAGEMENT PROCEDURES AND GOVERNANCE STRUCTURE BALL STATE UNIVERSITY OFFICE OF INFORMATION SECURITY SERVICES

Information Circular

Gatekeeper PKI Framework. February Registration Authority Operations Manual Review Criteria

Information Security Policy and Handbook Overview. ITSS Information Security June 2015

INFORMATION GOVERNANCE POLICY

Title: Data Security Policy Code: Date: rev Approved: WPL INTRODUCTION

Index .700 FORMS - SAMPLE INCIDENT RESPONSE FORM.995 HISTORY

An Approach to Records Management Audit

Records and Information Management. General Manager Corporate Services

Policy and Procedures Date: April 1, 2008

University of Liverpool

Information Security Policy

Third Party Security Requirements Policy

Information Privacy Policy

INFORMATION TECHNOLOGY Policy 8400 (Regulation 8400) Data Security

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction

Information Governance Strategy & Policy

Information Security Program Management Standard

CCG: IG06: Records Management Policy and Strategy

Data Protection Policy

RECORDS MANAGEMENT POLICY

Guideline for Roles & Responsibilities in Information Asset Management

4.10 Information Management Policy

Wright State University Information Security

Information Resources Security Guidelines

Institutional Data Governance Policy

Utica College. Information Security Plan

Records Management Policy

United States Citizenship and Immigration Services (USCIS) Enterprise Service Bus (ESB)

University of Hawai i Executive Policy on Data Governance (Draft 2/1/12)

Head of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2

University-wide. Staff Only Students Only Staff and Students. Vice-Chancellor. Director, Human Resources

ITEM NO: 4. Date: 23 March Pam Williams Borough Treasurer Wendy Poole Head of Risk Management Audit Services. Reporting Officers:

Public Records (Scotland) Act NHS Health Scotland Assessment Report. The Keeper of the Records of Scotland. 5 th August 2015

INFORMATION GOVERNANCE POLICY

Scotland s Commissioner for Children and Young People Records Management Policy

Information Governance Policy

Technical Competency Framework for Information Management (IM)

OFFICIAL. NCC Records Management and Disposal Policy

INFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c

Records Management Security of University Records Procedures

POLICY ON THE USE OF UNIVERSITY INFORMATION AND COMMUNICATION TECHNOLOGY RESOURCES (ICT RESOURCES)

Information Management Policy London Borough of Barnet

Issue 1.0. UoG/ILS/IS 001. Information Security and Assurance Policy. Information Security and Compliance Manager

Newcastle University Information Security Procedures Version 3

R345, Information Technology Resource Security 1

How To Protect School Data From Harm

Information Security Policies. Version 6.1

Governance Processes and Organizational Structures for Information Management

BOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February Title: Information Security Policy

Caedmon College Whitby

The University of Information Technology Management System

Guidelines for Best Practices in Data Management Roles and Responsibilities

Information Integrity & Data Management

Outline of a Research Data Management Policy for Australian Universities / Institutions

NOT PROTECTIVELY MARKED FORCE PROCEDURES. Retention, Archiving and Destruction Procedure v1.2. Records Manager

Information and records management. Purpose. Scope. Policy

Management of Research Data Procedure

Description of Policy. Revision. New Policy. Date of Original Approval 29 April 2008 Review Date April 2011 Approved By

INTERNATIONAL SOS. Data Protection Policy. Version 1.05

Highland Council Information Security Policy

5 FAM 630 DATA MANAGEMENT POLICY

INFORMATION TECHNOLOGY SECURITY STANDARDS

Protection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1

Strategy for Management in Canadian Jurisdictions

UTAH VALLEY UNIVERSITY Policies and Procedures

NSW Government Digital Information Security Policy

Lord Chancellor s Code of Practice on the management of records issued under section 46 of the Freedom of Information Act 2000

Data Management Standard

Information Security Policy. Information Security Policy. Working Together. May Borders College 19/10/12. Uncontrolled Copy

ADRI. Advice on managing the recordkeeping risks associated with cloud computing. ADRI v1.0

16 Electronic health information management systems

Cloud Computing and Records Management

Records Management plan

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)

Information Governance Policy

How To Protect Decd Information From Harm

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Management and Protection Policy

Passenger Protect Program Transport Canada

SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY. Report to the Trust Board 22 September Information Governance Manager

Privacy and Cloud Computing for Australian Government Agencies

Date of Last Review Senior Vice President for Academic. September 2015 Affairs INFORMAL REVIEW DRAFT

Management of Official Records in a Business System

New Employee Orientation

This interpretation of the revised Annex

The BEAR Management Group will report to the University Research Committee.

Merthyr Tydfil County Borough Council. Data Protection Policy

Integrated archiving: streamlining compliance and discovery through content and business process management

Information Management Advice 50 Developing a Records Management policy

What NHS staff need to know

MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY

Transcription:

Name of Policy Description of Policy Policy applies to Data Governance Policy To establish proper standards to assure the quality and integrity of University data. This policy also defines the roles and responsibilities of University staff and its agents in relation to data access, retrieval, storage, destruction, and backup to ensure proper management and protection of data is maintained. University-wide Specific (outline location, campus, organisational unit etc.) Staff Only Students Only Staff and Students Policy Status New Policy Revision of Existing Policy Description of Revision Approval Authority Governing Authority Responsible Officer Vice-Chancellor Information Communication Technology Advisory Committee (ICTAC) Director, Office of Planning and Strategic Management Approval Date 3 March 2014 Effective Date 3 March 2014 Date of Last Revision n/a Date of Policy Review* 3 March 2019 * Unless otherwise indicated, this policy will still apply beyond the review date. Related Policies, Procedures, Guidelines and Local Protocols Acceptable Use of IT Policy Code of Conduct for All Staff Communication Policy Computer Use Policy Copyright and Moral Rights Data Classification Policy and Procedure (to be developed) Data Governance Procedures (to be developed) Intellectual Property Policy Policy on Policy Development Records and Archives Policy Records Retention and Disposal Schedule Telecommunications Usage Policy Page 1 of 7

Table of Contents 1 BACKGROUND INFORMATION... 3 2 POLICY PURPOSE... 3 3 POLICY SCOPE... 3 4 DEFINITION AND TERMS... 3 5 POLICY PRINCIPLES... 5 6 POLICY REVIEW... 6 7 FURTHER ASSISTANCE... 6 8 APPENDIX 1 DATA MANAGEMENT LIFE CYCLE... 7 Data Governance Policy Page 2 of 7

1 BACKGROUND INFORMATION Institutional data is a strategic asset of Australian Catholic University (ACU) and the appropriate governance for management and use of data is critical to the University s operations. Inappropriate governance can result in inefficiencies and exposes the University to unwanted risk. A consistent, repeatable, and sustainable approach to data governance is therefore necessary in order to protect the security and integrity of the University s data assets. 2 POLICY PURPOSE The purpose of the Data Governance Policy is to: Define the roles and responsibilities for different data usage and establish clear lines of accountability; Develop best practices for effective data management and protection; Protect the University s data against internal and external threats (e.g. breach of privacy and confidentiality); Ensure that the University complies with applicable laws, regulations, and standards; and Ensure that a data trail is effectively documented within the processes associated with accessing, retrieving, reporting, managing and storing of data. 3 POLICY SCOPE This policy applies to all institutional data used in the administration of the University and all of its Organisational Units, except data used for the purpose of academic research. This policy covers, but is not limited to, institutional data in any form, including print, electronic, audiovisual, and backup and archived data. 4 DEFINITION AND TERMS To establish operational definitions and facilitate ease of reference, the following terms are defined: Access the right to read, copy, or query data. Data or Institutional Data a general term used to refer to University's information resources and administrative records which can generally be assigned to one of four categories: Public access data data that is openly available to all staff, students, and the general public. Internal general data data used for University administration activities and not for external distribution unless otherwise authorised. Internal protected data data that is only available to staff with the required access in order to perform their assigned duties. Internal restricted data data that is of a sensitive or confidential nature and is restricted from general distribution. Special authorisation must be approved before access or limited access is granted. Data Governance Policy Page 3 of 7

Data Governance Hierarchy outlines the access rights, roles and responsibilities of ACU staff in relation to the management and protection of data: Data Steering Group Data Trustees Data Stewards Data Managers Data Users Information Communication Technology Advisory Committee or ICTAC is a University wide committee, with members consisting of Data Trustees, Data Stewards and designated Data Users. ICTAC is responsible for approving the procedures related to the Data Governance Policy. ICTAC also assures appropriate data processes are used in all of the University s data-driven decisions. Data Trustee is a Member of the Senior Executive Group with planning and decision-making authorities for ACU s institutional data. The Data Trustees, as a group, are responsible for overseeing the continuous improvement of the University s data governance and management. Data Steward is a Member of the Executive who oversees the capture, maintenance and dissemination of data for a particular Organisational Unit. Data Stewards are responsible for assuring the requirements of the Data Governance Policy and the Data Governance Procedures are followed within their Organisational Unit. Data Manager has operational responsibilities in assisting Data Stewards with day-to-day data administration activities; including, but is not limited to: develop, maintain, distribute, and secure institutional data. Data Managers are expected to have high level knowledge and expertise in the content of data within their responsible area. Data User is any staff or authorised agent who accesses, inputs, amends, deletes, extracts, and analyses data in order to carry out their day-to-day duties. Data Users are not generally involved in the governance process, but are responsible for the quality assurance of data. Data Management Life Cycle refers to the process for planning, creating, managing, storing, implementing, protecting, improving and disposing of all institutional data of the University (see Appendix 1). Integrity or data integrity refers to the accuracy and consistency of data over its entire lifecycle. Member of the Executive is defined as the positions which normally report to either the Vice-Chancellor or a Member of the Senior Executive, and having staffing and supervisory responsibilities. Quality or data quality refers to the validity, relevancy and currency of data. Security refers to the safety of University data in relation to the following criteria: Access control; Authentication; Effective incident detection, reporting and solution; Physical and virtual security; and Change management and version control. Data Governance Policy Page 4 of 7

Senior Executive Group or SEG is the peak senior strategic forum of ACU. The SEG is chaired by the Vice-Chancellor with members consisting of the Provost/ Deputy Vice- Chancellor (Academic); Chief Operating Officer/ Deputy Vice-Chancellor; Deputy Vice- Chancellor (Research); and Deputy Vice-Chancellor (Students, Learning & Teaching). 5 POLICY PRINCIPLES The following principles outline the minimum standards that guide the University s data governance procedures and must be adhered to by all ACU staff: 5.1 ACU, rather than any individual or Organisational Unit, is the owner of all data. A Data Trustee has the responsibility for the management of data assigned within their portfolio. A Data Steering Group, in the form of the Information Communication Technology Advisory Committee is responsible for the overall management of the University s data governance. 5.2 Every data source must have a Data Steward who is responsible for the quality and integrity, implementation and enforcement of data management within their Organisational Unit. Data Managers are responsible for ensuring effective local protocols are in place to guide the appropriate use of data. 5.3 Access to, and use of, institutional data will generally be administered by the appropriate Data Manager. 5.4 The Data Steward, having determined the category of the institutional data as confidential, will approve access based on appropriateness of the User s role and the intended use. Where necessary, approval from the Data Trustee may be required prior to authorisation of access. 5.5 Data Manager must ensure the process for the administration of data is in accordance with the Data Management Life Cycle (See Appendix 1). 5.6 Data Users must ensure appropriate procedures are followed to uphold the quality and integrity of the data they access. 5.7 Data records must be kept up-to-date throughout every stage of the workflow and in an auditable and traceable manner. 5.8 Data should only be collected for legitimate uses and to add value to the University. 5.9 Extraction, manipulation and reporting of data must be done only to perform University business: a. Personal use of institutional data, including derived data, in any format and at any location, is prohibited. b. Where appropriate, before any data (other than publically available data) is used or shared outside the University, verification with the Data Steward is required to ensure the quality, integrity and security of data will not be compromised. 5.10 Data stored in an electronic format must be protected by appropriate electronic safeguards and/or physical access controls that restrict access only to authorised Data Governance Policy Page 5 of 7

user(s). Similarly, data in hard copy format must also be stored in a manner that will restrict access only to authorised user(s). 5.11 Appropriate data security measures (see Data Classification Policy and Procedure) must be adhered to at all times to assure the safety, quality and integrity of University data. 5.12 The definition and terms used to describe different types of data should be defined consistently across the University. 5.13 Data shall be retained and disposed of in an appropriate manner in accordance with the University s Records and Archives Policy and the Records Retention and Disposal Schedule. 6 POLICY REVIEW This Policy will be reviewed and updated every five (5) years from the approval date, or more frequently if appropriate. In this regard, any staff members who wish to make any comments about the Policy may forward their suggestions to the Responsible Officer. 7 FURTHER ASSISTANCE Any staff member who requires assistance in understanding this Policy should first consult their nominated supervisor who is responsible for the implementation and operation of these arrangements in their work area. Should further assistance be needed, the staff member should contact the Responsible Officer for clarification Data Governance Policy Page 6 of 7

8 APPENDIX 1 DATA MANAGEMENT LIFE CYCLE Data Governance Policy Page 7 of 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information