ROWAN UNIVERSITY POLICY
Title: Data Governance Policy
Subject: Information Resources and
...
Technology
...
Policy No: CIO: 2013:01
Applies: University-Wide
Issuing Authority: Vice President for Information Resources and Chief Information Officer
Responsible Officer: Vice President for Information Resources and Chief Information
...
Officer
...
Adopted: 09/01/2013|
Amended: 11/21/2013
Last Revision: 05/08/2015
I. PURPOSE
To set policy for assigning and detailing responsibilities for managing different classifications of university data and to set forth a standard for custodianship of university data. This policy establishes the framework for standards and guidelines to be followed in creation of data storage, destruction, and access mechanisms including data architectures.
...
E. Attachment 5, Data Custodians
...
__________________________________
...
Division of Information Resources and Technology
ATTACHMENT 1
DATA CLASSIFICATION MATRIX
...
Note that this table is an example and currently defines only a portion of the University Data. A data classification must always take into account the most sensitive data in the collection. Since the data is currently described in such broad groupings, the risk classification is usually the least common denominator of all data elements within a given Area. As the components of each sub area are further detailed, the classification of the data will be adjusted to reflect the appropriate sensitivity of the data subset.
Example Data Classification Matrix | ||||
Area | Classification | Steward | Custodian | |
Donations Clinical Student Employee Financial Curriculum |
Highly Sensitive Highly Sensitive Sensitive Sensitive Sensitive Public |
University Foundation Rowan/SOM Registrar HR Finance Academic Affairs |
IRT IRT IRT IRT IRT IRT |
ATTACHMENT 2
ROWAN UNIVERSITY DATA AND RECORDS
...
The CIO appoints Committee members. The Committee may include representatives from University Counsel, University Relations, Health Sciences, Strategic Enrollment, Facilities, Provost Office, Labor Relations, Government Relations, Student Life, University Advancement and Foundation, Finance, Information Resources and Technology, the Chief Director of Information Security Officer, and other relevant Senior University Management.
...
Data Stewards interpret policy, define procedures pertaining to the use and release of the data for which they are responsible, and ensure the feasibility of acting on those procedures. Data Stewards are responsible for defining procedures and policy interpretations for their business; any such business-unit specific items must, at minimum, meet University policy standards. They are responsible for coordinating their work with other University offices associated with management and security of data, such as University Counsel, the Chief Director of Information Security Officer, and the Division of Information Resources and Technology (IRT). Specific responsibilities include:
...