Manual of Policies and Procedures

F/1.9 Corporate information asset management

Contact Officer

Chief Data Officer, Division of Resources

Approval Date

29/10/2015

Approval Authority

Vice-Chancellor and President

Date of Next Review

31/10/2017

1.9.1 Policy principles
1.9.2 Legislative environment
1.9.3 Definitions
1.9.4 Roles and responsibilities
1.9.5 Information Asset Register
Related Documents
Modification History

1.9.1 Policy principles

The University has a responsibility to classify and protect information, data and records that are identified as being of value to QUT’s business functions. The purpose of this policy is to define information asset data and information concepts applicable to QUT, and clarify the roles and responsibilities of University staff.

Top

1.9.2 Legislative environment

QUT’s information management practices are governed by relevant legislative and regulatory requirements:

  • Public Records Act 2002 (Qld)
  • Right to Information Act 2009 (Qld)
  • Information Privacy Act 2009 (Qld)
  • Queensland Government Information Standards (IS44 - Information Asset Custodianship; IS31 – Retention and Disposal of Public Records; IS18 – Information Security).

Top

1.9.3 Definitions

Data can be defined in accordance with the Queensland Government Chief Information Office as “the representation of facts, concepts or instructions in a formalised (consistent and agreed) manner suitable for communication, interpretation or processing by human or automatic means.  The format and presentation of data may vary with the context in which it is used and is typically comprised of numbers, words or images. Data is not information until it is utilised in a particular context for a particular purpose” (http://www.qgcio.qld.gov.au/products/glossary).

Information is defined in accordance with the Queensland Government Chief Information Office as “any collection of data that is processed, analysed, interpreted, classified or communicated in order to serve a useful purpose, present fact or represent knowledge in any medium or form. This includes presentation in electronic (digital), print, audio, video, image, graphical, cartographic, physical sample, textual or numerical form” (http://www.qgcio.qld.gov.au/products/glossary). University information has the capacity to be created, collected, stored, modified and transmitted by any QUT user.

Information Asset is “an identifiable collection of information or data stored in any manner and recognised as having value for the purpose of enabling [QUT]…to perform its business functions…”.  Information assets are categorised from the perspective of content and business use rather than by the information technology systems that hold them (Information Standard 44 - Information Asset Custodianship). Information assets include but are not limited to records as defined in (F/6.1.3) Records Management.

Top

1.9.4 Roles and responsibilities

Vice-Chancellor and President
As the University’s chief executive officer the Vice-Chancellor and President has authority and accountability under legislation for the collection, holding and use of QUT’s information assets. In furtherance of this role the Vice-Chancellor and President approves information management policy and delegates authority to manage and administer information assets in compliance with statutory regulation and QUT policy.

Chief Data Officer
The Chief Data Officer is responsible for:

  • facilitating all QUT users' awareness of this policy
  • the identification of QUT information assets
  • assigning ownership of defined information assets; and
  • coordinating management of the University’s Information Asset Register.

The following roles relating to information asset management align with the Queensland Government’s Information Standard 44 - Information Asset Custodianship).

Information asset owner is the senior officer with delegated authority and accountability for the collection of information assets on behalf of QUT for a primary business function. Information asset owners assign data custodianship and approve the operational rules for an information asset on the advice of the data custodian.

Data custodian is the designated senior manager responsible for the use, disclosure and protection of a defined information asset in accordance with operational rules approved by the information asset owner and QUT policy.

A data custodian ensures a coordinated and documented approach to the quality assurance processes of information asset management, including:

  • data quality – accuracy, integrity, cleanliness, correctness, completeness, consistency and timeliness
  • data security – in conjunction with relevant system owners and ITS – control of access to data sets to known individuals, and monitoring of the data's subsequent exposure and usage as it flows through the University systems and records  (F/1.2 Information security, F/1.1 Provision, acquisition and use of information and communications technology resources)
  • data standards – compliance with relevant laws, government and regulatory standards and associated policies (F/6.1 Records Management; F/6.2 Access to Information; F/6.3 Information Privacy; D/3.1 Intellectual Property) and standards imposed internally, in coordination with other responsible business units when required
  • data management – definition of the authoritative source of data; the data to be provided from that source; and ensuring duplication of data is kept to a minimum
  • data accessibility – sharing of the information asset to the maximum extent possible in accordance with data standards and data security, and defining the conditions of use of the data; and
  • participation in information management training, and raising awareness of information asset rules and related processes within their respective business areas.

The list of QUT’s information asset owners and data custodians is currently under development as part of QUT’s Information Asset Register (IAR).  They will be listed as an Appendix to this policy in due course.

Data administrator is the designated officer responsible for the management and control of data sourced from within their organisational or business area (Heads of organisational areas; Supervisors; ICT Systems Administrators and/or ICT officers; external vendor providers; IT Security Team), including:

  • monitoring and management – in conjunction with relevant system owners and ITS – of user access to the information asset
  • risk assessment (A/2.5) of the information asset in relation to the business function
  • ensuring staff are trained in and educated about the information asset and related policies, including the Acceptable use of information and communications technology resources (F/1.11); Records management (F/6.1), Information security (F/1.2), Information privacy (F/6.2), Intellectual property (D/3.1) and Copyright (F/5.1).

Data user is any member of the University community (including students, staff members, and individuals associated with QUT) accessing and using information assets.

All data users have a responsibility to adhere to the rules set by the data custodian of the information asset in accordance with the requirements of this policy.

Any breaches by an individual data user may result in disciplinary action for staff as defined by QUT Staff Code of Conduct (B/8.1) and for students as defined by QUT Student Code of Conduct (E/2.1).

System owner is a senior manager who is delegated accountability from QUT to manage the use, and protection of an ICT asset. The system may deliver one or many services and often contains one or more web, application or database servers. The system owner is responsible for system support, upgrades, and for implementing the system’s roadmap.  They work closely with data custodians and data administrators.

Information Technology Governance

The Information Technology Governance Committee is responsible to the Vice-Chancellor and President for providing advice on information management policy and strategy. Details of the Committee's terms of reference and membership are available in the Information Technology Governance Committee policy (F/1.7).

Top

1.9.5 Information Asset Register

The Information Asset Register (IAR) is a formal register to record an inventory of QUT’s information assets and metadata (including custodianship; classification; storage and usage security classification). The Information Asset Register is maintained by the Office of the Vice-President (Technology) and Chief Information Officer. Data custodians are required to review their information assets on an annual basis.

Management of information assets will be reviewed and assessed on an annual basis using sampling of corporate information by the Chief Data Officer to ensure compliance with the policy.

Top

Related Documents

MOPP A/2.5 Risk Management

MOPP B/8.1 QUT Staff Code of Conduct

MOPP D/3.1 Intellectual property

MOPP E/2.1 QUT Student Code of Conduct

MOPP F/1.2 Information security

MOPP F/1.7 Information Technology Governance Committee

MOPP F/1.11 Acceptable use of information and communications technology resources

MOPP F/5.1 Copyright

MOPP F/6.1 Records management

MOPP F/6.2 Information privacy

MOPP F/6.3 Access to information

Queensland Government’s Information Standard 44 - Information Asset Custodianship

Top

Modification History

Date Sections Source Details
09.12.16 F/1.9.4, F/1.9.5 Enhancing the Student Experience REAL Difference Change Manager Revised policy to include REAL Difference initiative, approved name change for position title, Deputy Vice-Chancellor (Technology, Information and Learning Support) to Deputy Vice-Chancellor (Technology, Information and Library Services) - effective 03.01.17
29.10.15 All Vice-Chancellor New policy - incorporates content from F/1.1 Provision and use of information resources and services

Top