Enterprise Data Stewardship Policy
Subject: Information Technology
Revised: July 25, 2017
Effective: October 4, 2017
Review Date: October 2020
Responsible Party: Chief Information Officer
- Table of Contents
- 100.00 Introduction
- 200.00 Policy
- 300.00 Procedures
- 400.00 References
- 500.00 Definitions
100.00 Introduction
Data associated with administrative functions and research activity is a vital asset to the University. As such, maintaining the confidentiality, integrity, and availability of University data is critical to the success of the University. The University expects all stewards and custodians of its administrative and research data to manage, access, and utilize this data in a manner in accordance with this policy.
Proper stewardship of data protects against misuse while providing for appropriate use, balancing the three core values of availability, integrity, and confidentiality.
200.00 Policy
200.10 Board of Regents policies governing the use of university information technology apply to all University faculty, staff, students, and patrons. All users of University information technology must comply with MSU Enterprise policies as well as Board of Regents policies, state and federal law. References to associated policies and laws are provided in section 400.00.
200.20 All University information that is stored, processed or distributed is subject to the specific parameters of the University Data Stewardship Guidelines, Board of Regents policies, Montana state government policies, Montana State University policies, and state or federal laws as they may apply.
200.30 Data collected and/or produced under programs supported through external funds may also fall under requirements specific to the funding agency.
200.40 Certain University authorities are identified as Data Stewards with responsibility for the protection and appropriate use of data on their campus .
200.50 All University constituents shall understand and comply with the Data Stewardship practices on their campus as codified in 300.00 below.
200.60 Individuals who create, collect, handle, or manage data are responsible for complying with the Data Stewardship Standards.
200.70 Responsibilities are assigned to specific Data Stewards and detailed in each campus’ Data Stewardship Procedures. The following positions are the official top-level Data Stewards for each campus data area. Responsibility for data elements may be delegated by the Data Steward to different individuals; however, the Data Steward retains ultimate accountability for proper stewardship.
Any delegation of stewardship responsibility shall be documented and communicated to the Chief Information Officer and Legal Counsel. This data shall be reviewed annually by the Data Governance Council.
Data Type | MSU-Billings | MSU-Bozeman | Great Falls College MSU | MSU-Northern |
---|---|---|---|---|
Student Data1 | Vice Chancellor for Student Access and Success | Vice President for Student Success | Assistant Dean of Student Services | Registrar |
Instructional Data2 | Provost and Vice Chancellor for Academic Affairs |
Executive Vice President for Academic Affairs and Provost |
Chief Academic Officer | Vice Chancellor for Academic Affairs |
Financial Data3 | Vice Chancellor for Administration and Finance | Vice President, Administration and Finance | Chief Financial Officer | Vice Chancellor for Finance and Business |
Personnel Data4 | Vice Chancellor for Administration and Finance | Chief Human Resources Officer | Chief Student Affairs & Human Resources Officer | Director of Human Resources |
Research Data5 | Provost and Vice Chancellor for Academic Affairs | Vice President of Research & Economic Development | Chief Academic Officer | Vice Chancellor for Academic Affairs |
1 Student Data examples: GIDs, grades, application information
2 Instructional Data examples: faculty teaching loads, student credit hour production,
promotion and tenure
3 Financial Data examples: Credit card and banking information, Student Loan Balances
and payment information
4 Personnel Data examples: social security numbers, financial information, birthdates
5 Research Data examples: research expenditures, research personnel and activities,
and research products created by Montana State faculty or staff
200.80
The authority to interpret this policy rests with the President and is delegated to the Chief Information Officer, University Legal Counsel and the Data Governance Council, in conjunction with the appropriate Data Stewards.
300.00 Procedures
Individual campuses maintain campus-specific standards and procedures that implement this policy. Constituents will be required to comply with any standards and procedures developed for their campus:
- MSU-Billings http://www.montana.edu/uit/security/documents/Billings_DataStewardshipStandards.pdf
- MSU-Bozeman http://www.montana.edu/uit/security/documents/Bozeman_DataStewardshipStandards.pdf
- Great Falls College MSU http://www.montana.edu/uit/security/documents/GFC_DataStewardshipStandards.pdf
- MSU-Northern http://www.montana.edu/uit/security/documents/Northern_DataStewardshipStandards.pdf
* MSU agencies follow MSU-Bozeman campus procedures
400.00 References
Report broken links to PMO@montana.edu.
- Family Educational Rights and Privacy Act (FERPA), available at http://www.ed.gov/policy/gen/guid/fpco/ferpa/index.html.
- Gramm-leach-Bliley (GLB), available at http://business.ftc.gov/privacy-and-security/gramm-leach-bliley-act.
- Health Insurance Portability and Accountability Act (HIPAA), available at http://www.hhs.gov/ocr/privacy/hipaa/understanding/index.html.
- MUS Board of Regents policy 1300.1 Security of Data and Information Technology Resources, available at http://mus.edu/borpol/bor1300/bor1300.asp.
- MUS Board of Regents policy 1306. Logging On and Off Computers, available at http://www.mus.edu/borpol/bor1300/bor1300.asp.
500.00 Definitions
“Constituent” refers to any individual or group associated with the University including students, staff, faculty, or patrons as well as any contractors, regents, committees, councils, groups, agencies, departments, entities, campus, or community.
“Data Steward” refers to a University authority, or designate, who has management responsibility for defined segments of institutional data.
“Information Technology” or “IT” refers to any resource related to the access and use of digitized information, including but not limited to hardware, software, devices, appliances, network bandwidth and resources.
“University” refers to any and all campuses, agencies, departments, or entities within the Montana State University enterprise.
“University authority” refers to an official of the University with significant responsibility for campus activities, who has the authority and duty to respond to issues on behalf of an institution, including but not limited to a Vice President, Provost, Chief Information Officer, Dean, or Athletic Director.
“University Legal Counsel” refers to the University’s attorney and/or designated legal staff based at MSU-Bozeman.