The new version of MAC OS X, 10.10 (Yosemite) is expected to be released today, Thursday October 16th, and is currently incompatible with the ClearPass registration system and potentially other services at Rowan.

University Policies

Page tree

ROWAN UNIVERSITY POLICY


Policy Title: Rowan University Data Governance Policy
Applies To: University-wide
Issuing Authority: Chancellor
Date Adopted: 3/1/2026
Last Revision: 3/01/2026
Last Reviewed: 3/01/2026


I.    PURPOSE 

This policy establishes Rowan University's institutional data governance framework and defines the principles, roles, authorities, and accountability structures governing the management of University Data as a strategic institutional asset. The policy ensures that University Data is managed consistently, lawfully, ethically, and effectively in support of the University's mission and Approved Institutional Uses, including teaching, research, clinical care, student success, administration, compliance, and institutional decision-making. The policy further supports the responsible development and use of Artificial Intelligence (AI) and other technologies as enabling capabilities in support of these institutional missions and Approved Institutional Uses.

II.   ACCOUNTABILITY

Under the direction of the Chancellor, the Senior Vice Presidents, Vice Presidents, Senior Vice Chancellors, and Vice Chancellors shall ensure institutional compliance with this policy. Executive Data Owners shall implement this policy and associated Enterprise Data Standards within their respective areas.

III.  APPLICABILITY

This policy applies to all University Data created, collected, maintained, accessed, shared, or used in support of official Rowan University activities, regardless of system, format, or location. It applies to all faculty, staff, students, affiliates, and third parties with access to University Data. For purposes of governance scope:

  1. Administrative and operational data, including financial, human resources, student, financial aid, facilities, academic, information technology, advancement, and other institutional business data, are governed under this policy without special qualification.
  2. Clinical data is governed under this policy as University In addition to the enterprise governance requirements established herein, clinical data is subject to additional considerations arising from clinical practice standards, patient privacy, regulatory obligations, and Information Security requirements.
  3. Research data is governed under this policy as University Data. Research data governance constitutes a distinct domain with additional considerations arising from research protocols, sponsor requirements, and regulatory Those considerations apply in conjunction with, and not in lieu of, the enterprise data governance framework established by this policy.

IV.  DEFINITIONS

  1. University Data: All data created, collected, maintained, accessed, shared, or used in support of official Rowan University activities, regardless of system, format, or location.
  2. Data Governance Council (DGC): The institutional governing body responsible for establishing, approving, and enforcing enterprise data standards; overseeing data governance processes and participation; and exercising the decision rights expressly defined in this policy.
  3. Approved Institutional Use: A lawful, authorized University purpose for accessing, creating, maintaining, sharing, transforming, integrating, curating, analyzing, reporting on, or otherwise using University Data in support of the University's academic, research, clinical, and administrative missions. Approved Institutional Uses may include operational and administrative processes; institutional reporting; analytics and business intelligence; compliance, audit, investigations, and risk management activities; institutional planning and decision support; integration and data exchange among University-managed systems and approved third-party services; and other uses explicitly authorized by the University consistent with applicable law and University policy. 
    Artificial Intelligence (AI), automation, and other advanced technologies may be used to support approved institutional uses in accordance with current and applicable University policies, standards, and approved governance requirements.
  4. Data Governance Officer (DGO): The individual responsible for coordinating and operating the University’s data governance program, including facilitation of governance activities, maintenance of governance artifacts, and support for implementation, acting under the authority of the Data Governance Council.
  5. Executive Data Owner: A senior-most executive (Senior Vice President, Vice President, Senior Vice Chancellor, Vice Chancellor, or equivalent executive officer) designated as accountable for one or more Data Domains. Executive Data Owners are voting members of the Data Governance Council and retain ultimate accountability for compliance with this policy, enterprise data standards, applicable law, and University policy across all Data Domains within their scope of authority. Executive Data Owners may oversee multiple Data Owners and Data Domains, or in some cases may directly serve as the sole Data Owner for one or more Data Domains.
  6. Data Owner: An individual designated by an Executive Data Owner as accountable for the management and governance of one or more specific Data Domains. Data Owners exercise delegated decision authority for their assigned Data Domains and are responsible for data meaning and definitions, quality, access, lifecycle management, and compliance with approved enterprise data standards, applicable law, and University policy. They resolve escalations and ensure alignment with institutional priorities.
  7. Data Domain: A discrete, logical grouping of institutional data that supports a distinct academic, research, clinical, or administrative function. Each Data Domain is assigned to a Data Owner and exists within the accountability scope of an Executive Data Owner.
  8. Data Steward: A business representative designated by a Data Owner who is responsible for day-to-day stewardship of data within a Data Domain, including data definitions, data quality management, access approvals as delegated, metadata participation, and data lifecycle management in accordance with enterprise standards. In practice, this is typically a senior functional expert who understands what the data means, how it is used, and how business processes must align to ensure the data is accurate, consistent, and fit for institutional use.
  9. Data Custodian: An individual or organizational unit responsible for the technical management of systems that store or process University Data, including availability, storage, access control implementation, and protection of system components in alignment with Information Security requirements. In practice, this role is typically fulfilled by IT staff or technical teams who operate the applications, databases, infrastructure, and platforms that store and process data.
  10. Data Curator: An individual or organizational unit responsible for organizing, maintaining, and publishing curated, trusted data products and associated metadata to support Approved Institutional Uses in accordance with approved enterprise data standards and steward guidance. Data Curators may reside in central analytics or institutional research functions, in clinical or administrative analytics teams, or within functional units, depending on where governed data products are produced and maintained. In practice, this role is typically fulfilled by analysts or data professionals who prepare, validate, and maintain governed datasets for institutional use.
  11. Data Consumer: An authorized user of University Data who accesses and uses data for an Approved Institutional Use, without creating, modifying, or governing the canonical record. Data Consumers are responsible for ethical, lawful, and policy compliant use of data consistent with approved purposes and access grants.
  12. Data Producer: An individual contributor who creates, enters, or updates University Data as part of approved operational or business processes under the direction of Data Owners and Data Stewards. Data Producers execute defined procedures and controls but do not exercise governance decision authority. In practice, this includes staff members who enter or update records in enterprise systems as part of routine operations (e.g., HR staff recording employee actions, or Advancement staff updating donor records).
  13. Canonical System: A system or platform formally designated as the authoritative source for a specific Data Domain or data element through enterprise standards approved under this policy.
  14. Data Standard: A formally documented requirement governing the definition, quality, structure, access, retention, interoperability, or use of data within a specific Data Domain. Data Standards are approved and enforced by the Data Owner for the applicable Data Domain and apply only within that domain unless elevated. For example, a Data Standard may define required values, validation rules, or business definitions for data elements within a single Data Domain.
  15. Enterprise Data Standard: A Data Standard approved by the Data Governance Council that establishes binding requirements for institutional consistency, interoperability, risk management, or trust. Enterprise Data Standards apply across the University where relevant, regardless of whether they affect one or multiple Data Domains, and are subject to formal governance, enforcement, and exception processes defined under this policy. For example, an Enterprise Data Standard may require the use of a common identifier, definition, or Canonical System to ensure consistency, interoperability, or compliance across institutional functions.

V.   POLICY

  1. University Data shall be managed as an institutional asset for the collective benefit of the University and its stakeholders.
  2. Enterprise data standards and governance decision rights shall be established centrally and executed through a federated model across administrative, research, clinical, and academic domains.
  3. Accountability for data meaning, quality, access, and appropriate use shall be business-led and exercised through designated Executive Data Owners, Data Owners, and Data Stewards.
  4. All data handling activities shall comply with applicable laws, regulations, contractual obligations, ethical standards, and applicable University policies, including Information Security, Privacy, Records Management, and Risk Management policies. Data classification schemes, sensitivity levels, and associated security and privacy control requirements are governed by the University’s Information Security and related policies and are authoritative. Nothing in this policy or in any standard issued under it shall supersede, redefine, or waive those requirements.
  5. University Data shall be governed across its full lifecycle, including creation, use, sharing, retention, archiving, and authorized disposition.
  6. Data Governance Council
    1. The Data Governance Council (DGC) is established under the authority of the Chancellor and serves as Rowan University’s institutional body for data governance accountability and enterprise data decision-making.
    2. The DGC shall be permanently chaired by the Data Governance Officer (DGO). In this role, the DGO is responsible for convening meetings, developing and maintaining agendas in consultation with Executive Data Owners, facilitating deliberations, documenting decisions, and ensuring follow-through on approved actions.
    3. The DGO facilitates the governance process and execution and does not exercise independent decision authority beyond that expressly granted under this policy.
    4. The DGC is a decision-making body, not an advisory committee. Its actions shall align with institutional priorities, risk requirements, and applicable University policies.
    5. The DGC membership shall consist of any direct appointees of the Chancellor and all Executive Data Owners (Senior Vice Presidents, Vice Presidents, Senior Vice Chancellors, Vice Chancellors, or equivalent officers) who report to the President and Chancellor, and who are accountable for governance across one or more Data Domains within their respective areas of responsibility.
    6. Each Executive Data Owner shall hold one An Executive Data Owner may designate a representative to participate and vote on their behalf; however, each vote remains attributable to the Executive Data Owner’s seat.
    7. A quorum for the transaction of Council business shall consist of a simple majority of the voting membership. Actions of the Council shall require approval by a simple majority of votes cast by members present at a meeting where a quorum is established.
    8. The DGC is accountable for governance processes, participation, enforcement of agreed enterprise standards, and adherence to governance commitments established by the Council.
  7. Data Governance Officer
    1. The Data Governance Officer (DGO) is responsible for the day-to-day operation of the University’s data governance program and serves as the permanent Chair of the Data Governance Council.
    2. The DGO coordinates governance execution, facilitates Council operations, maintains governance artifacts, and supports implementation of approved decisions.
    3. The DGO is directly accountable to the Chancellor or their
    4. The DGO does not independently determine enterprise data policy or standards, but executes governance decisions in accordance with this policy and direction from the Data Governance Council.
  8. Procedures and Standards
    1. This policy establishes institutional requirements and expectations. Standards, procedures, and domain-specific addenda developed under this policy provide operational detail and implementation guidance.
    2. Standards issued pursuant to this policy shall, at a minimum, establish requirements for:
      1. Designation and maintenance of Canonical
      2. Enterprise data definitions, business glossaries, and metadata necessary to support consistent interpretation and use of University Data.
      3. Documentation of governed data assets, including ownership, purpose, refresh cadence, lineage, and quality expectations, as
      4. Use of curated and governed data assets as trusted institutional reference data to support Approved Institutional Uses, except where an approved exception applies.
    3. For clarity, the designation of a Canonical System is purpose-specific. Operational or transactional systems may remain systems of record for data capture and day-to-day business processes, while curated and governed data assets may be designated as the Canonical System for Approved Institutional Uses. Systems that consume, transform, or replicate data do not become Canonical Systems by virtue of use. Any deviation from designated Canonical Systems requires an approved exception in accordance with this policy.
    4. Such standards and procedures derive their authority from this policy and are developed, approved, maintained, and periodically reviewed under the oversight of the Data Governance Council.
    5. This policy shall be implemented in alignment with current applicable University policies and standards, including the University’s Information Security policies and standards, Records Retention and Records Management policies, and other applicable University policies governing privacy, risk, data confidentiality and integrity, compliance, and applicable laws and regulations.
  9. Authority
    1. The authority of the DGC is limited to:
      1. Approving and ensuring adherence to enterprise data
      2. Determining whether proposed actions or decisions are aligned with approved enterprise standards.
      3. Facilitating and resolving cross-domain data governance conflicts where possible.
      4. Initiating escalation when disagreements cannot be resolved through the Final decision authority for unresolved data governance conflicts rests with the Chancellor.
    2. The DGC shall not substitute its judgment for that of a Data Owner acting within their designated Data Domain, except as expressly provided in this policy, including, where necessary, to enforce compliance with approved Enterprise Data Standards or applicable policy.
  10. Responsibilities
    1. Executive Data Owners are responsible for ultimate accountability across all Data Domains within their scope, including the designation and oversight of Data Owners.
    2. Data Owners are responsible for decisions and outcomes within their assigned Data Domains and for ensuring compliance with enterprise data standards, applicable law, and University policy.
    3. Data Stewards are responsible for executing stewardship responsibilities in accordance with enterprise standards and approved governance
    4. Data Custodians are responsible for implementing technical controls and safeguards required by approved standards, Information Security, and other University policies.
    5. Data Curators are responsible for maintaining curated data products and metadata in accordance with approved standards.
    6. Data Consumers are responsible for compliant, ethical, and authorized use of University Data.
  11.  Compliance
    1. Compliance with this policy and the enterprise data standards approved under it is mandatory. Failure to comply may result in corrective action, including but not limited to required remediation plans, restriction or revocation of access to University Data or systems, and administrative action in accordance with applicable University policies, procedures, and contractual obligations.
    2. The DGC has the authority to initiate and direct enforcement actions necessary to ensure compliance with approved standards and governance decisions. Enforcement actions shall be executed through appropriate administrative, managerial, or technical channels, including Data Owners, Data Stewards, Data Custodians, Information Security, Human Resources, and other relevant University offices, consistent with their respective authorities.
  12. Exceptions and Temporary Non-Compliance
    1. Compliance with this policy and with enterprise data standards issued under it is However, the University recognizes that limited, temporary exceptions may be necessary due to technical constraints, operational feasibility, or transitional conditions.
    2. Any exception to an enterprise data standard or governance requirement must be:
      1. Formally documented
      2. Time-bound and approved for a defined duration
      3. Approved by the DGC
      4. Accompanied by any required mitigating or compensating controls
      5. Reviewed annually
    3. No exception may override applicable law, regulation, or authoritative University policies related to Information Security, Privacy, Records Management, or Risk Management. Standards and procedures issued under this policy shall define the processes for requesting, approving, tracking, reviewing, and retiring exceptions.
  13. Policy Oversight and Review
    1. This policy is issued under the authority of the
    2. The Data Governance Council is responsible for overseeing implementation of this policy, monitoring its effectiveness, and recommending revisions as necessary to address changes in law, institutional priorities, risk environment, audit findings, and material changes in the University’s data environment.
    3. Amendments to this policy require approval by the issuing authority in accordance with the University Policy on Policies.

POLICY COMPLIANCE

Compliance with this policy, and with all standards, procedures, and requirements issued pursuant to it, is required of all members of the University community and all third parties granted access to University Data. Violations of this policy may be addressed through appropriate administrative, managerial, academic, or contractual processes in accordance with applicable University policies and procedures.

Enforcement of this policy and of enterprise data standards approved under it shall occur through existing University mechanisms, including Human Resources processes, student conduct procedures, contractual remedies, and other administrative actions, consistent with collective bargaining agreements and applicable state or federal law. Such actions may include required remediation, limitation or revocation of access to University systems or data, disciplinary measures up to and including termination of employment or affiliation, termination of contracts, or other actions deemed appropriate by the University.

This schedule is provided for illustrative and reference purposes only. It does not establish, modify, or delegate authority, ownership, or decision rights beyond those defined in this policy and formally approved enterprise data standards.

Schedule I: Enterprise Data Domain Ownership & Stewardship

The mappings below demonstrate one possible way to document Data Domains, systems, and governance roles to support clarity, accountability, and operational consistency.

This reference is intentionally non-exhaustive and is expected to evolve as the University’s data environment, systems, and governance practices mature.

Domain

Owner

Custodian

Stewards

Curators

Admissions

SEM, SOM, CMSRU, SSVM

SEM, SOM, CMSRU, SSVM, IRT

SEM , SOM,

CMSRU, SSVM

IDA

Student

Academic Affairs, Rowan

Online Registrar

IRT, Rowan Online

Registrar, Rowan

Online SEM

IDA

Student LMS

Rowan Online

Rowan Online, IRT

SEM

IDA

Financial Aid

Financial Aid

IRT

Financial

Aid A,

IDA

Housing

Housing

Housing, IRT

Housing

IDA

Student Life

Student Life

Student Life, IRT

Student Life

IDA

Facilities

Facilities

Facilities, IRT

Facilities

IDA

Finance

Finance

IRT

Finance

IDA

HR

HR

IRT

HR

IDA

Student Success

Student Success

Student Success, IRT

Student

Success C

IDA

Student

Scheduling

Academic

Affairs

Academic Affairs,

IRT

AA

IDA

Advancement

Advancement

Advancement, IRT

UA

IDA

  • No labels