This policy establishes a data governance framework designed to promote and safeguard the appropriate and effective use of Institutional Data. This governance framework serves three primary purposes:
- Empowering the Data Governance Council to guide the University community about procedures for the effective management and protection of Institutional Data consistent with the needs of the University; and
- Charging the Office of Data Governance with recommending standards and procedures related to Institutional Data governance or changes thereto.
- Assigning stewardship, management, and custodianship responsibilities for Institutional Data;
Institutional Data is a valued strategic asset of Washington University and is to be provided on an as-needed basis to members of the University community in furtherance of their University responsibilities.
This Policy, along with the Data Governance Standards, and other standards and procedures that may be established under the authority of the Office of Data Governance, establishes the responsibilities of University community members to properly classify, use, protect, and manage Institutional Data.
Specifically excluded from the definition of Institutional Data are: some areas within the clinical, research, scientific and scholarly data; sole possession notes and records deemed personal property of individuals in the University community; and instructional notes and materials.
This Policy complements other relevant policies that apply to Institutional Data. See, e.g., the list of policies in the Appendix.
While the University owns and ultimately controls all Institutional Data, the Office of Data Governance (ODG) is responsible for implementing strategic initiatives through collaborative efforts with a variety of University community members, grouped according to the nature of their participation, scope of responsibility, and particular activities. For example, a department, unit, or school may be assigned primary responsibility for a subset of Institutional Data. All data users are responsible for being aware of and complying with policies applicable to Institutional Data.
The Institutional Data Stewardship, as well as primary data governance roles, groups and associated responsibilities are described below and in more detail in the Data Governance Standards.
Executive IT Governance Committee
The Executive IT Governance Committee consists of University officers who provide executive level support, guidance and sponsorship to the Data Governance program. The Committee will:
- Identify representatives for the Data Governance Council & Data Administrators
- Resolve issues escalated by the Data Governance Council
- Ensure data governance and institution strategies are in alignment
- Assist in removing barriers to the implementation and on-going operations of the program
Data Governance Council
The Data Governance Council is comprised of Data Administrators and senior leaders who have planning, policy-level and management responsibility for data within their functional areas. The Office of Data Governance (ODG) will be ex-officio members. The Data Governance Council will:
- Review and approve data governance policy, standards, guidelines, and procedures
- Further the overall vision and guiding principles of data governance
- Resolve issues escalated by Data Stewards
- Escalate issues to the Executive IT Committee
- Monitor and review overall Data Governance Program
- Hold ongoing meetings
Data Administrators are responsible for strategic planning, policy, and oversight of the subsets of Institutional Data in their data domain. Data Administrators are responsible for establishing procedures and communicating policies to the University Community applicable to Institutional Data in their functional area. Among the roles defined by this Policy, the Data Administrator has the highest level of responsibility for the management of Institutional Data and to promote proper access, accuracy, privacy, integrity, security and availability of the data for which they have responsibility. Data Administrators have responsibility for the activities of designated Data Stewards, Coordinators, and others to whom they grant authority and access. Also, as members of the Data Governance Council, Data Administrators are advisors.
Data Partners assume both strategic and/or technical roles. Data Partners are responsible for the management and security of data systems and the delegation of authority to individuals in such roles. Data Partners will coordinate with Data Stewards and other individuals with administrative responsibilities for Institutional Data to ensure appropriate access rights and permissions are granted for the use of Institutional Data
Data Partners include business and IT individuals who support and assist the Data Governance Program. Data Partners will:
- Assess compliance with data governance related policies, standards and processes
- Provide strategic and technical support
- Champion the integration of data governance pillars within day-to-day activities and standard project/program methodology
- Enable change management and communication
Data Stewards, by virtue of their position or delegated authority from Data Administrators, have strategic planning, standard-setting, and oversight responsibilities for Institutional Data in their functional area and data governance activities pertaining to those areas. Data Stewards will:
- Provide university-level knowledge and understanding for their functional area
- Develop, implement, and oversee policies and procedures for the day-to-day operational and administrative management of data
- Define and document business terms
- Identify and resolve data issues and conflicts
- Establish and monitor data-quality standards and metrics
Data Coordinators are subject matter experts designated by Data Administrators or Stewards and have operational responsibilities for the data in a particular subject area. Data Coordinators have day-to-day responsibilities for managing administrative processes and establishing business rules for effective data management.
Several existing policies, federal, and other regulations share common scope with data governance, such as:
Washington University IT Policies:
- Information Security
- Information Classification Policy
- Managing Access Policy
- Computer Use Policy
- Records Management Policy
- Externally Hosted Computing Services
- Media Reuse and Disposal
- Technical Information Security Policies
Federal and Other Regulations:
Term definitions with in this Policy:
Access: The right to read, enter, copy, query, upload, download, or update data.
Data Users: Anyone who inputs, updates, manages, reports, accesses, and relies on Institutional Data. This includes, but is not limited to, all employees, faculty, staff, students, contractors, volunteers, trustees and affiliates.
Institutional Data: All data used in planning, analysis, operations or management of any school, department or unit within Washington University or used for administrative, compliance or university reporting. Institutional Data includes data in all formats (printed, electronic, etc.) regardless of the original scope of access to it.
Standard: Specifies a uniform method of more detailed mandatory controls that enforce and support the related policy. Compliance is mandatory.
University Community: Washington University faculty, staff, students, retirees and other affiliates, contractors, distance learners, visiting scholars and others who use or access Washington University resources.