uc policy library

data management policy

data management policy

university of canterbury university of

canterbury

category: university management category: university management

last modified: august 2005 last modified: august 2005
review date: august 2007 review date: august 2007
approved by: chief operating officer approved by: chief operating officer
contact person: the registrar, extn 6854 contact person: the registrar, extn 6854

introduction: introduction:

the university of canterbury is currently in a data-oriented environment which promises to become the
university of canterbury is currently in a data-oriented environment which promises to become
more complex in the future and place greater demands on those who are responsible for collecting, more
complex in the future and place greater demands on those who are responsible for collecting,
managing and disseminating the data. in order to manage our operations and progress in this managing and
disseminating the data. in order to manage our operations and progress in this
challenging environment, this university data management policy has been adopted. challenging environment,
this university data management policy has been adopted.

the data generated and held by the university is a key asset and must be managed correctly to the data
generated and held by the university is a key asset and must be managed correctly to
enable the university not only to function properly, but also to grow and gain a competitive enable the
university not only to function properly, but also to grow and gain a competitive
advantage. advantage.

this policy outlines: this policy outlines:

a data management framework which covers the collection, storage, security, maintenance and a data
management framework which covers the collection, storage, security, maintenance and
dissemination of administrative data throughout the university. dissemination of administrative data
throughout the university.
roles responsible and accountable for data collection, storage, security, maintenance, roles responsible and
accountable for data collection, storage, security, maintenance,
dissemination and data quality dissemination and data quality

scope: scope:
this policy provides a comprehensive data management framework which is consistent across all of this policy
provides a comprehensive data management framework which is consistent across all of
the university’s major management information systems (ucfinance, ucstudent and ucpeople). the university’s
major management information systems (ucfinance, ucstudent and ucpeople).
‘data management’ in this case refers to the management of administrative data i.e. data which is ‘data
management’ in this case refers to the management of administrative data i.e. data which is
required for the operation of the university. required for the operation of the university.

there are three key result areas of this data management policy: there are three key result areas of this data
management policy:
a clear framework which defines accountability and responsibility for data, security, and user a clear
framework which defines accountability and responsibility for data, security, and user
privilege/access. privilege/access.
good data management resulting in high quality data, which in turn results in cost savings and good data
management resulting in high quality data, which in turn results in cost savings and
improvements in business agility. improvements in business agility.
 increased value of data through widespread and appropriate use. increased value of data through
widespread and appropriate use.
definitions:

administrative data: data relevant to the operation of the university (this is primarily data
contained in hr, finance, and student administration systems i.e. excludes departmental specific
and research data etc).

custodian: a senior position within the university responsible for the collection and dissemination
of data in a management information system.

data: a general term meaning the facts, numbers, letters and symbols processed by a computer to
produce information.

data categories:
1. public data: available to public. no access control or identification is required.
2. general administrative data (proprietary data): data for general administration. primarily
internal usage, not for external distribution e.g. student names, addresses etc.
3. protected data: data to be used only by individuals who require it for their jobs - efts, ftes,
grades, salary bands.
4. restricted data: data containing sensitive personal or confidential information, commercially
sensitive information or other information that would usually be regarded as sensitive
information e.g. disabilities, aegrotats, disciplinary proceedings etc.

data management framework: the organisational structure in place to manage the university data
resource.

data quality: the accuracy, completeness, and currency of data.

expert: technical expert.

information: data that has been processed into a meaningful form and content relevant to a
particular situation.

management information system: a system that gathers, condenses and filters data until they
become information, then makes it available on time and in a useful form for use in decision
making at various levels of management within an organisation.

steward: the intermediary role between users and experts.

users: those people who use administrative data in order to support the operation of the university.

policy statement:

those responsible for the university operations must also be responsible for the administrative data
that concerns the university. maintaining the quality of this data is crucial to maximize the value of
investments that the university has made in data collection and maintenance.

the university of canterbury is committed to the following principles of data management and
expects that these will be adhered to.

data management policy – university of canterbury 2

principles of data management
the following principles of data management outline best practices at a high level within the
university which every data custodian (below) must be aware of and adhere to; in order to ensure
contributions to data quality are being made at all levels within the university.

these principles must guide all data management procedures.

1. wherever possible, data must be simple to enter and must accurately reflect the situation; it
must also be in a useful, usable form for both input and output.
2. data should only be collected if it has known and documented uses and value.
3. data must be readily available to those with a legitimate business need for it.
4. processes for data capture, validation, and processing should be automated wherever possible.
5. data must only be entered once.
6. processes that update a given data element must be standard across the management
information system.
7. data must be recorded as accurately and completely as possible, by the most informed source,
as close as possible to its point of creation, and in an electronic form at the earliest opportunity.
8. where practical, data should be recorded in an auditable and traceable manner.
9. the cost of data collection and sharing must be minimized.
10. the university, rather than any individual or business unit, owns all data.
11. every data source (eg finance, human resources, and student administration) must have a
defined custodian (a business role) responsible for the accuracy, integrity, and security of that
data.
12. data must be protected from unauthoriz e d access and modification.
13. data must not be duplicated unless duplication is essential for practical reasons. in such cases,
one source must be clearly identified as the master, there must be a robust process to keep the
copies in step, and copies must not be modified (i.e. ensuring that the data in the source system
is the same as that in other databases).
14. data structures must be under strict change control, so that the various business and system
implications of any change can be properly managed.
15. whenever possible, adopt international, national, or industry standards for common data
models. when this is not possible, develop organisational standards instead.
16. data should be consistently defined across the university.
17. users must accurately present the data in any use.

data management roles and accountabilities

in order to ensure that the data is consistent, correct, and available to those with legitimate
requirements for it, the establishment of the following data management roles for each major
information system is necessary. these will create a data management framework which is
consistent across the university.

data management policy – university of canterbury 3

data framework:
figure 1: data is owned by the university of canterbury
the data custodian is a delegated authority responsible for the mis and all of the data associated with that mis.
the data expert is primarily concerned with data and the technical aspects surrounding data management.
the user works with information.
the steward is the intermediary between experts and users.

data custodian
the data custodian is a person responsible for the collection, dissemination and security of data in a
major management information system. the data custodian does not ‘own’ the data. the data
contained within each management information system is owned by the university of canterbury,
rather than by any individual person or group of people.

the establishment of the data custodian role is based on two key concepts:
1. data is critical to the university and must be shared across the university.
2. data assets must be coordinated across the university at the highest level to ensure maximum
return on investment.

the overriding philosophy of data custodianship should be one of a trustee acting in partnership for
all participants. custodianship reinforces the concept of one individual being ultimately responsible
and accountable for the information that others might use. the data custodian provides guidance,
decision-making and leadership for the data stewards (below), so that university-wide information
needs are met.

the data custodian is defined at a senior level within the university. they are not expected to carry
out the necessary work themselves, their role is to ensure that visibility and responsibility for their
data is articulated from a senior level to ensure progression towards a common goal of high quality

data management policy – university of canterbury 4

and clearly defined data. actions should be guided by the principles of data management outlined
above.

responsibilities
responsible for understanding legislation and university policies surrounding data e.g. privacy,
protected disclosures, communications, official information, records management as well as
consequences of misuse of data, the legal and administrative consequences of maintaining and
disseminating data within their custody.
responsible for corporate use of data, in both uploading and downloading data.
responsible for data quality.
responsible for security.
responsibility for customized business interpretations (and negotiates with data steward for
delivery of reporting functions).
change management: provide advance notice of proposed business changes and corresponding
impacts on data structures, and will negotiate resources necessary to implement the change (i.e.
the data custodian is the one who decides the necessity for change, it is not determined by the
data experts).

data steward
the steward coordinates data experts (outlined below) and business users from across the
university. by using their knowledge and collective views about the data and issues faced by the
user community, issues can be addressed in a university-wide context. the data steward must
understand the larger business context in which the data will be used and should be able to relate
university user needs to specific technical capabilities and requirements.

responsibilities
responsible for ensuring data in each system is complete, accurate and up-to-date.
working with data experts to define appropriate nomenclature, data definitions, business rules
governing derivation of data, data retention, security, data quality monitoring.
responsible for maintaining data quality and security.

tasks
establishes procedures governing data elements
establishes access authorization procedures
determines and evaluates the most reliable source of data
makes data dictionary understandable to users
ensures that only needed versions of each element exist
assigns responsibilities for data integrity
resolves conflicts involving shareable data
consults with users on use of electronic data
analysing and improving data quality
has direct expertise in the data set
controls data entry into a system
maintains data integrity
standard entity definitions

data management policy – university of canterbury 5

 standard attribute definitions
documenting data definitions, calculations, summarizations, etc.
entity and attribute aliases (differing terms in separate places)
reporting, customised reporting
data security specification
data retention criteria
definition of common data and associated metadata

data experts
these are staff with detailed technical knowledge and experience in their respective data processing
and application areas. they understand the technical framework underlying the university’s data
processing and management activities.

what the data experts cannot do must also be clear. they cannot act as data stewards or data
custodians because those responsible for the university operations are also responsible for the
administrative data that concerns these operations.

responsibilities
deliver data and provide the infrastructure, security and data framework for delivering quality
data in a timely fashion to university clients
data quality analyses
technical security
deployment
technology

end users
everybody who touches data throughout the organisation must understand their role in data quality
and be able to provide feedback that will help stop bad data habits from propagating throughout the
university. it is important that users are aware of the many uses of data in order to understand how
crucial high quality data is to the operation of the university.

security

the university of canterbury acknowledges an obligation to ensure appropriate security for all
administrative data in its domain of ownership and control. this obligation is shared, to varying
degrees, by every member of the university.

application level security at uc is generally well set up and managed. this data management
policy ensures consistent application of the same security across all management information
systems within the university. security must be directly related to the category in which the data is
classified. these categories being: public data, general administrative data, protected data, and
restricted data.

there are two aspects surrounding the security of administrative data:

data management policy – university of canterbury 6

data security- refers to user access, and the amount of access each user is allowed. data security is
administered by data custodian (or by delegation to data stewards). the technical security
framework is the responsibility of data experts.

physical security- data users throughout the university must understand that certain information is
privileged and should be kept secure. physical security is important to ensure unauthorised access
does not occur.

related policies, procedures and forms:

computer use policy and procedures

official information policy of the university of canterbury
privacy policy of the university of canterbury
privacy act 1993
protected disclosures act: internal procedures and code of conduct
records management policy
web policy

ｩ this policy is the property of the university of canterbury.

data management policy – university of canterbury 7