uc policy library
data management policy data management policy university of canterbury canterbury
university of
category: university management category: university management last modified: august 2005 last modified: august 2005 review date: august 2007 review date: august 2007 approved by: chief operating officer approved by: chief operating officer contact person: the registrar, extn 6854 contact person: the registrar, extn 6854
introduction: introduction:
the university of canterbury is currently in a data-oriented environment which promises to become the university of canterbury is currently in a data-oriented environment which promises to become more complex in the future and place greater demands on those who are responsible for collecting, more complex in the future and place greater demands on those who are responsible for collecting, managing and disseminating the data. in order to manage our operations and progress in this managing and disseminating the data. in order to manage our operations and progress in this challenging environment, this university data management policy has been adopted. challenging environment, this university data management policy has been adopted.
the data generated and held by the university is a key asset and must be managed correctly to the data generated and held by the university is a key asset and must be managed correctly to enable the university not only to function properly, but also to grow and gain a competitive enable the university not only to function properly, but also to grow and gain a competitive advantage. advantage.
this policy outlines: this policy outlines: a data management framework which covers the collection, storage, security, maintenance and a data management framework which covers the collection, storage, security, maintenance and dissemination of administrative data throughout the university. dissemination of administrative data throughout the university. roles responsible and accountable for data collection, storage, security, maintenance, roles responsible and accountable for data collection, storage, security, maintenance, dissemination and data quality dissemination and data quality
scope: scope:
this policy provides a comprehensive data management framework which is consistent across all of this policy provides a comprehensive data management framework which is consistent across all of the university’s major management information systems (ucfinance, ucstudent and ucpeople). the university’s major management information systems (ucfinance, ucstudent and ucpeople). ‘data management’ in this case refers to the management of administrative data i.e. data which is ‘data management’ in this case refers to the management of administrative data i.e. data which is required for the operation of the university. required for the operation of the university.
there are three key result areas of this data management policy: there are three key result areas of this data management policy: a clear framework which defines accountability and responsibility for data, security, and user a clear framework which defines accountability and responsibility for data, security, and user privilege/access. privilege/access. good data management resulting in high quality data, which in turn results in cost savings and good data management resulting in high quality data, which in turn results in cost savings and improvements in business agility. improvements in business agility.
increased value of data through widespread and appropriate use. widespread and appropriate use.
increased value of data through
definitions: administrative data: data relevant to the operation of the university (this is primarily data contained in hr, finance, and student administration systems i.e. excludes departmental specific and research data etc). custodian: a senior position within the university responsible for the collection and dissemination of data in a management information system. data: a general term meaning the facts, numbers, letters and symbols processed by a computer to produce information. data categories: 1. public data: available to public. no access control or identification is required. 2. general administrative data (proprietary data): data for general administration. primarily internal usage, not for external distribution e.g. student names, addresses etc. 3. protected data: data to be used only by individuals who require it for their jobs - efts, ftes, grades, salary bands. 4. restricted data: data containing sensitive personal or confidential information, commercially sensitive information or other information that would usually be regarded as sensitive information e.g. disabilities, aegrotats, disciplinary proceedings etc. data management framework: the organisational structure in place to manage the university data resource. data quality: the accuracy, completeness, and currency of data. expert: technical expert. information: data that has been processed into a meaningful form and content relevant to a particular situation. management information system: a system that gathers, condenses and filters data until they become information, then makes it available on time and in a useful form for use in decision making at various levels of management within an organisation. steward: the intermediary role between users and experts. users: those people who use administrative data in order to support the operation of the university. policy statement: those responsible for the university operations must also be responsible for the administrative data that concerns the university. maintaining the quality of this data is crucial to maximize the value of investments that the university has made in data collection and maintenance. the university of canterbury is committed to the following principles of data management and expects that these will be adhered to.
data management policy – university of canterbury
2
principles of data management the following principles of data management outline best practices at a high level within the university which every data custodian (below) must be aware of and adhere to; in order to ensure contributions to data quality are being made at all levels within the university. these principles must guide all data management procedures. 1. wherever possible, data must be simple to enter and must accurately reflect the situation; it must also be in a useful, usable form for both input and output. 2. data should only be collected if it has known and documented uses and value. 3. data must be readily available to those with a legitimate business need for it. 4. processes for data capture, validation, and processing should be automated wherever possible. 5. data must only be entered once. 6. processes that update a given data element must be standard across the management information system. 7. data must be recorded as accurately and completely as possible, by the most informed source, as close as possible to its point of creation, and in an electronic form at the earliest opportunity. 8. where practical, data should be recorded in an auditable and traceable manner. 9. the cost of data collection and sharing must be minimized. 10. the university, rather than any individual or business unit, owns all data. 11. every data source (eg finance, human resources, and student administration) must have a defined custodian (a business role) responsible for the accuracy, integrity, and security of that data. 12. data must be protected from unauthoriz e d access and modification. 13. data must not be duplicated unless duplication is essential for practical reasons. in such cases, one source must be clearly identified as the master, there must be a robust process to keep the copies in step, and copies must not be modified (i.e. ensuring that the data in the source system is the same as that in other databases). 14. data structures must be under strict change control, so that the various business and system implications of any change can be properly managed. 15. whenever possible, adopt international, national, or industry standards for common data models. when this is not possible, develop organisational standards instead. 16. data should be consistently defined across the university. 17. users must accurately present the data in any use.
data management roles and accountabilities in order to ensure that the data is consistent, correct, and available to those with legitimate requirements for it, the establishment of the following data management roles for each major information system is necessary. these will create a data management framework which is consistent across the university.
data management policy – university of canterbury
3
data framework: figure 1: data is owned by the university of canterbury the data custodian is a delegated authority responsible for the mis and all of the data associated with that mis. the data expert is primarily concerned with data and the technical aspects surrounding data management. the user works with information. the steward is the intermediary between experts and users.
data custodian the data custodian is a person responsible for the collection, dissemination and security of data in a major management information system. the data custodian does not ‘own’ the data. the data contained within each management information system is owned by the university of canterbury, rather than by any individual person or group of people. the establishment of the data custodian role is based on two key concepts: 1. data is critical to the university and must be shared across the university. 2. data assets must be coordinated across the university at the highest level to ensure maximum return on investment. the overriding philosophy of data custodianship should be one of a trustee acting in partnership for all participants. custodianship reinforces the concept of one individual being ultimately responsible and accountable for the information that others might use. the data custodian provides guidance, decision-making and leadership for the data stewards (below), so that university-wide information needs are met. the data custodian is defined at a senior level within the university. they are not expected to carry out the necessary work themselves, their role is to ensure that visibility and responsibility for their data is articulated from a senior level to ensure progression towards a common goal of high quality
data management policy – university of canterbury
4
and clearly defined data. actions should be guided by the principles of data management outlined above. responsibilities responsible for understanding legislation and university policies surrounding data e.g. privacy, protected disclosures, communications, official information, records management as well as consequences of misuse of data, the legal and administrative consequences of maintaining and disseminating data within their custody. responsible for corporate use of data, in both uploading and downloading data. responsible for data quality. responsible for security. responsibility for customized business interpretations (and negotiates with data steward for delivery of reporting functions). change management: provide advance notice of proposed business changes and corresponding impacts on data structures, and will negotiate resources necessary to implement the change (i.e. the data custodian is the one who decides the necessity for change, it is not determined by the data experts).
data steward the steward coordinates data experts (outlined below) and business users from across the university. by using their knowledge and collective views about the data and issues faced by the user community, issues can be addressed in a university-wide context. the data steward must understand the larger business context in which the data will be used and should be able to relate university user needs to specific technical capabilities and requirements.
responsibilities responsible for ensuring data in each system is complete, accurate and up-to-date. working with data experts to define appropriate nomenclature, data definitions, business rules governing derivation of data, data retention, security, data quality monitoring. responsible for maintaining data quality and security. tasks establishes procedures governing data elements establishes access authorization procedures determines and evaluates the most reliable source of data makes data dictionary understandable to users ensures that only needed versions of each element exist assigns responsibilities for data integrity resolves conflicts involving shareable data consults with users on use of electronic data analysing and improving data quality has direct expertise in the data set controls data entry into a system maintains data integrity standard entity definitions data management policy – university of canterbury
5
standard attribute definitions documenting data definitions, calculations, summarizations, etc. entity and attribute aliases (differing terms in separate places) reporting, customised reporting data security specification data retention criteria definition of common data and associated metadata
data experts these are staff with detailed technical knowledge and experience in their respective data processing and application areas. they understand the technical framework underlying the university’s data processing and management activities. what the data experts cannot do must also be clear. they cannot act as data stewards or data custodians because those responsible for the university operations are also responsible for the administrative data that concerns these operations. responsibilities deliver data and provide the infrastructure, security and data framework for delivering quality data in a timely fashion to university clients data quality analyses technical security deployment technology
end users everybody who touches data throughout the organisation must understand their role in data quality and be able to provide feedback that will help stop bad data habits from propagating throughout the university. it is important that users are aware of the many uses of data in order to understand how crucial high quality data is to the operation of the university.
security the university of canterbury acknowledges an obligation to ensure appropriate security for all administrative data in its domain of ownership and control. this obligation is shared, to varying degrees, by every member of the university. application level security at uc is generally well set up and managed. this data management policy ensures consistent application of the same security across all management information systems within the university. security must be directly related to the category in which the data is classified. these categories being: public data, general administrative data, protected data, and restricted data. there are two aspects surrounding the security of administrative data:
data management policy – university of canterbury
6
data security- refers to user access, and the amount of access each user is allowed. data security is administered by data custodian (or by delegation to data stewards). the technical security framework is the responsibility of data experts. physical security- data users throughout the university must understand that certain information is privileged and should be kept secure. physical security is important to ensure unauthorised access does not occur.
related policies, procedures and forms: computer use policy and procedures official information policy of the university of canterbury privacy policy of the university of canterbury privacy act 1993 protected disclosures act: internal procedures and code of conduct records management policy web policy
ゥ this policy is the property of the university of canterbury.
data management policy – university of canterbury
7