Enterprise Data Stewardship Policy
Subject: Information Technology
Revised: November 7, 2012
Effective: November 7, 2012
Review Date: November 2015
Responsible Party: Enterprise Chief Information Officer
TABLE OF CONTENTS: 100.00 Introduction 200.00 Policy 300.00 Procedures 400.00 References 500.00 Definitions
The information associated with administrative functions and research activity is a vital asset to the University. As such, maintaining the confidentiality, integrity, and availability of University data is critical to the success of the University. The University expects all stewards and custodians of its administrative and research data to manage, access, and utilize this data in a manner in accordance with this policy.
Proper stewardship of data protects against misuse while providing for appropriate use, balancing the three core values of availability, integrity, and confidentiality.
200.10 Board of Regents policies governing the use of university information technology apply to all University faculty, staff, students, and patrons. All users of University information technology must comply with MSU Enterprise policies as well as Board of Regents policies, state and federal law. References to associated policies and laws are provided in section 400.00.
200.20 All University information that is stored, processed or distributed is subject to the specific parameters of the University Data Stewardship Guidelines, Board of Regents policies, Montana state government policies, Montana State University policies, and state or federal laws as they may apply.
200.30 Data collected and/or produced under programs supported through external funds may also fall under requirements specific to the funding agency.
200.40 Certain University authorities are identified as Data Stewards with responsibility for the protection and appropriate use of data within their unit.
200.50 All University constituents shall understand and comply with the Data Stewardship Guidelines of their campus.
200.60 Individuals who create, collect, handle, or manage data are responsible for complying with the Data Stewardship Guidelines.
200.70 Responsibilities are assigned to specific Data Stewards and detailed in each campus’ Data Stewardship Procedures. The following positions are the official top-level Data Stewards for each campus data area. Responsibility can be delegated by the Data Steward to a different individual; however, the Data Steward retains ultimate accountability for proper stewardship.
|MSU-Billings||MSU-Bozeman||Great Falls College MSU||MSU-Northern|
|Student Data1||VC for Student Affairs||VP of Student Success||Assistant Dean of Student Services||Dean of Students|
|Instructional Data2||Provost and VC for Academic Affairs||Provost and VP of Academic Affairs||Associate Dean / Chief Academic Officer||Chief Academic Officer|
|Alumni Data3||Director of MSU-Billings Alumni Relations||Director of Alumni Relations||Dean / Chief Academic Officer||Director of Alumni|
|Personnel Data4||VC for Administrative Services||Chief Human Resource Officer||Associate Dean, CFO and Exec Dir of HR||Director of HR|
|Research Data5||Provost and VC for Academic Affairs||VP of Research, Technology Transfer, and Creativity||Not applicable||Chief Academic Officer|
1 Student Data examples: GIDs, grades, application information
2 Instructional Data examples: faculty teaching loads, student credit hour production, promotion and tenure
3 Alumni Data examples: addresses, donor history
4 Personnel Data examples: social security numbers, financial information, birthdates
5 Research Data examples: research expenditures, research personnel and activities, research product
200.80 The authority to interpret this policy rests with the President and is generally delegated to the Enterprise Chief Security Officer, University Chief Information Officers and University Legal Counsel, in conjunction with the appropriate Data Stewards.
Individual campuses maintain campus-specific standards and procedures that implement this policy. Campus-specific standards and procedures are currently under development; when published, the links to those pages will be provided here. Constituents will be required to comply with any standards and procedures developed for their campus:
- Great Falls College MSU
Report broken links to ITCadmin@montana.edu.
- Family Educational Rights and Privacy Act (FERPA), available at http://www.ed.gov/policy/gen/guid/fpco/ferpa/index.html.
- Gramm-leach-Bliley (GLB), available at http://business.ftc.gov/privacy-and-security/gramm-leach-bliley-act.
- Health Insurance Portability and Accountability Act (HIPAA), available at http://www.hhs.gov/ocr/privacy/hipaa/understanding/index.html.
- MUS Board of Regents policy 1300.1 Security of Data and Information Technology Resources, available at http://mus.edu/borpol/bor1300/bor1300.asp.
- MUS Board of Regents policy 1306. Logging On and Off Computers, available at http://www.mus.edu/borpol/bor1300/bor1300.asp.
“Constituent” refers to any individual or group associated with the University including students, staff, faculty, or patrons as well as any contractors, regents, committees, councils, groups, agencies, departments, entities, campus, or community.
“Data Steward” refers to a University authority, or designate, who has management responsibility for defined segments of institutional data.
“Enterprise Chief Security Officer” refers to the University’s top-level IT security position based at MSU-Bozeman.
“Information Technology” or “IT” refers to any resource related to the access and use of digitized information, including but not limited to hardware, software, devices, appliances, network bandwidth and resources.
“University” refers to any and all campuses, agencies, departments, or entities within the Montana State University enterprise.
“University authority” refers to an official of the University with significant responsibility for campus activities, who has the authority and duty to respond to issues on behalf of an institution, including but not limited to a Vice President, Provost, Chief Information Officer, Dean, or Athletic Director.
“University Legal Counsel” refers to the University’s attorney and/or designated legal staff based at MSU-Bozeman.