1. Affiliations
2. CIO Stakeholders
3. Governance
4. IT Strategic Plan
5. Initiatives
6. OSU Academic Directory
7. OSU Administration
8. OSU IT Resources
9. Additional Resources
10. Copyright Resources
11. Legislative Updates

Policy Development Process | Deployment and Use of Wireless Data Networks | Interim Policy on Disclosure or Exposure of Personal Information | Policy on Institutional Data | Payment for Employee Home and Off-Campus Internet Access | Responsible Use of University Computing and Network Resources | Retention of Electronic Records | Web Policy and Guidelines

Information Technology Policy and Services

Policy on Institutional Data | Roles and Responsibilities | Data Classification and Access

Institutional Data Procedures:
Roles and Responsibilities For Data Trustees, Data Stewards, Data Custodians, and Data Users

October 18, 2007

I.  Data Trustees

Data Trustees are senior university officials or their designees who have planning and policy-level responsibility for data within their functional areas and management responsibility for defined segments of institutional data.  Data Trustees work with the Chief Information Officer to ensure that the appropriate resources (staff, technical infrastructure, etc) are available to support the data needs of the entire university.

Data Trustee responsibilities include:

A.  Assigning and overseeing Data Stewards.

B.  Overseeing the establishment of data policies in their areas.

C.  Determining legal and regulatory requirements for data in their areas.

D.  Promoting appropriate data use and data quality.

Institutional Data covered by this policy include but are not limited to:
Institutional Data Segment Type	Data Trustee
Fund Raising and Alumni Relations	Vice President for Development
Budget and Planning Financial (General Ledger, Procurement, Accounts Payable) Student Billing and Accounts Receivable Facilities and Space Management Equipment and Asset Management Endowment	Senior Vice President for Business and Finance
Human Resources (Compensation, Benefits, Payroll)	Associate Vice President for Human Resources
Research Administration	Senior Vice President for Research

Student Records Student Admissions Student Financial Aid

Vice Provost for Enrollment Services and Dean of Undergraduate Education

Campus Life University Housing Student Health Disability Services BuckID Counseling	Vice President for Student Affairs
Graduate Student Registration and Graduation Services	Vice Provost and Dean of the Graduate School
Tenure	Vice Provost for Academic Policy and Faculty Resources
Learning Management Telecommunication and Networking	Chief Information Officer

Note: Instances of some data types, for example sensitive personal items such as Social Security Numbers, may be covered by multiple trustees depending on the context of collection and use.

 

II. Data Stewards

Data Stewards are university officials having direct operational-level responsibility for the management of one or more types of Institutional Data.

Data Steward responsibilities include:

A.  Developing and maintaining data classification policies.

B.  Developing, implementing, and managing data access policies.

C.  Ensuring that data quality and data definition standards are developed and implemented.

D.  Interpreting and assuring compliance with Federal, State and University policies and regulations regarding the release of, responsible use of, responsible use of, and access to institutional data.

E.  Coordinating and resolving stewardship issues and data definitions of data elements that cross multiple functional units.

F.  Developing, implementing, and maintaining a Business Continuity Plan for institutional data under their control.  Business Continuity is an ongoing process supported by senior management and funded to ensure that the necessary steps are taken to identify the impact of potential losses, maintain viable recovery strategies and plans, and ensure the continuity of operations through personnel training, plan testing, and maintenance.

G.  Providing communications and education to data users on appropriate use and protection of institutional data.

H.  Developing, implementing, and communicating record retention requirements to the university community in conjunction with University Archives.

If a Data Steward’s responsibility includes Restricted Data such as Social Security Numbers, the Data Steward must also work with other Data Stewards and Data Custodians with similar responsibilities to:

I.  Review and approve Restricted Data usage and use requests.

J.  Ensure that individuals with visibility to Social Security Numbers have completed required training and that agreed to confidentiality statements.

K.  Perform periodic reviews to ensure continued compliance with the Institutional Data Policy and this procedure.

A list of Data Stewards, including organizational areas and institutional data overseen is available at:
cio.osu.edu/policies/Data_Stewards010408.pdf

III. Data Custodians

Data Custodians are central or distributed university units or computer system administrators responsible for the operation and management of systems and servers which collect, manage, and provide access to institutional data. Data Custodians must be authorized by the appropriate Data Steward.

Data Custodian responsibilities include:

A.  Maintaining physical and system security and safeguards appropriate to the classification level of the data in their custody.

B.  Complying with applicable university computer security standards.

C.  Maintaining Disaster Recovery plans and facilities appropriate to business needs and adequate to maintain or restart operations in the event systems or facilities are impaired, inaccessible, or destroyed.

D.  Managing Data User access as prescribed and authorized by appropriate Data Stewards.

E.  Following data handling and protection policies and procedures established by appropriate Data Stewards.

F.  Complying with all federal and state laws, regulations, and policies applicable to the institutional data in their custody.

Note: University units that develop databases and\or systems from institutional data sources and then provide access to this data to other users are considered data custodians. These data custodians must be authorized by the appropriate data steward, approved to further redistribute institutional data, and must implement the minimum required safeguards for the source data as prescribed by the data steward.

IV. Data Users 
Data Users are university units or individual university community members who have been granted access to institutional data in order to perform assigned duties or in fulfillment of assigned roles or functions within the university.  This access is granted solely for the conduct of university business.

The Data User’s responsibilities include:

A.  Following the policies and procedures established by the appropriate Data Stewards.

B.  Complying with federal and state laws and regulations as well as university policies, procedures, and standards associated with the institutional data used.

C.  Using institutional data only as required for the conduct of university business within the scope employment.

D.  Implementing safeguards prescribed by appropriate data stewards for Limited Access and Restricted Data.

E.  Ensuring the appropriateness, accuracy, and timeliness of institutional data used for the conduct of university business.

F.  Reporting any unauthorized access, data misuse, or data quality issues to the appropriate data steward for remediation.

A Data User whose work duties require access to Restricted Data must accept and complete the confidentiality statement.

 

return to top