Chief Data Officer, Enterprise Data and Analytics
Vice-Chancellor and President
Date of Next Review
The University has a responsibility to classify and protect information, data and records that are identified as being of value to QUT’s business functions. The purpose of this policy is to define information asset data and information concepts applicable to QUT, and clarify the roles and responsibilities of University staff.
QUT’s information management practices are governed by relevant legislative and regulatory requirements:
- Public Records Act 2002 (Qld)
- Right to Information Act 2009 (Qld)
- Information Privacy Act 2009 (Qld)
- Queensland Government Information Standards (IS44 - Information Asset Custodianship; IS18 – Information Security) and Records Governance Policy.
Data can be defined in accordance with the Queensland Government Customer and Digital Group (QGCDG) as “the representation of facts, concepts or instructions in a formalised (consistent and agreed) manner suitable for communication, interpretation or processing by human or automatic means. The format and presentation of data may vary with the context in which it is used and is typically comprised of numbers, words or images. Data is not information until it is utilised in a particular context for a particular purpose” (http://www.qgcio.qld.gov.au/products/glossary).
Information is defined in accordance with the Queensland Government Customer and Digital Group (QGCDG) as “any collection of data that is processed, analysed, interpreted, classified or communicated in order to serve a useful purpose, present fact or represent knowledge in any medium or form. This includes presentation in electronic (digital), print, audio, video, image, graphical, cartographic, physical sample, textual or numerical form” (http://www.qgcio.qld.gov.au/products/glossary). University information has the capacity to be created, collected, stored, modified and transmitted by any QUT user.Information Asset is “an identifiable collection of information or data stored in any manner and recognised as having value for the purpose of enabling [QUT]…to perform its business functions…”. Information assets are categorised from the perspective of content and business use rather than by the information technology systems that hold them (Information Standard 44 - Information Asset Custodianship). Information assets include but are not limited to records as defined in (F/6.1.3) Records Management.
Vice-Chancellor and President
As the University’s chief executive officer the Vice-Chancellor and President has authority and accountability under legislation for the collection, holding and use of QUT’s information assets. In furtherance of this role the Vice-Chancellor and President approves information management policy and delegates authority to manage and administer information assets in compliance with statutory regulation and QUT policy.
Chief Data Officer
The Chief Data Officer is responsible for:
- facilitating all QUT users' awareness of this policy
- the identification of QUT information assets
- assigning ownership of defined information assets; and
- coordinating management of the University’s Information Asset Register.
The following roles relating to information asset management align with the Queensland Government’s Information Standard 44 - Information Asset Custodianship).
Information asset owner is the senior officer with delegated authority and accountability for the collection of information assets on behalf of QUT for a primary business function. Information asset owners assign data custodianship and approve the operational rules for an information asset on the advice of the data custodian.
Data custodian is the designated senior manager responsible for the use, disclosure and protection of a defined information asset in accordance with operational rules approved by the information asset owner and QUT policy.
A data custodian ensures a coordinated and documented approach to the quality assurance processes of information asset management, including:
- data quality – accuracy, integrity, cleanliness, correctness, completeness, consistency and timeliness
- data security – in conjunction with relevant system owners and ITS – control of access to data sets to known individuals, and monitoring of the data's subsequent exposure and usage as it flows through the University systems and records (F/1.2 Information security, F/1.1 Provision, acquisition and use of information and communications technology resources)
- data standards – compliance with relevant laws, government and regulatory standards and associated policies (F/6.1 Records Management; F/6.2 Access to Information; F/6.3 Information Privacy; D/3.1 Intellectual Property) and standards imposed internally, in coordination with other responsible business units when required
- data management – definition of the authoritative source of data; the data to be provided from that source; and ensuring duplication of data is kept to a minimum
- data accessibility – sharing of the information asset to the maximum extent possible in accordance with data standards and data security, and defining the conditions of use of the data; and
- participation in information management training, and raising awareness of information asset rules and related processes within their respective business areas.
The list of QUT’s information asset owners and data custodians is currently under development as part of QUT’s Information Asset Register (IAR). They will be listed as an Appendix to this policy in due course.
Data administrator is the designated officer responsible for the management and control of data sourced from within their organisational or business area (Heads of organisational areas; Supervisors; ICT Systems Administrators and/or ICT officers; external vendor providers; IT Security Team), including:
- monitoring and management – in conjunction with relevant system owners and ITS – of user access to the information asset
- risk assessment (A/2.5) of the information asset in relation to the business function
- ensuring staff are trained in and educated about the information asset and related policies, including the Acceptable use of information and communications technology resources (F/1.11); Records management (F/6.1), Information security (F/1.2), Information privacy (F/6.2), Intellectual property (D/3.1) and Copyright (F/5.1).
Data user is any member of the University community (including students, staff members, and individuals associated with QUT) accessing and using information assets.
All data users have a responsibility to adhere to the rules set by the data custodian of the information asset in accordance with the requirements of this policy.
System owner is a senior manager who is delegated accountability from QUT to manage the use, and protection of an ICT asset. The system may deliver one or many services and often contains one or more web, application or database servers. The system owner is responsible for system support, upgrades, and for implementing the system’s roadmap. They work closely with data custodians and data administrators.
The Information Asset Register (IAR) is a formal register to record an inventory of QUT’s information assets and metadata (including custodianship; classification; storage and usage security classification). The Information Asset Register is maintained by the Office of the Chief Information Officer. Data custodians are required to review their information assets on an annual basis.Management of information assets will be reviewed and assessed on an annual basis using sampling of corporate information by the Chief Data Officer to ensure compliance with the policy.
MOPP A/2.5 Risk Management
MOPP B/8.1 QUT Staff Code of Conduct
MOPP D/3.1 Intellectual property
MOPP E/2.1 QUT Student Code of Conduct
MOPP F/1.2 Information security
MOPP F/1.11 Acceptable use of information and communications technology resources
MOPP F/5.1 Copyright
MOPP F/6.1 Records management
MOPP F/6.2 Information privacy
MOPP F/6.3 Access to information
|09.12.16||F/1.9.4, F/1.9.5||Enhancing the Student Experience REAL Difference Change Manager||Revised policy to include REAL Difference initiative, approved name change for position title, Deputy Vice-Chancellor (Technology, Information and Learning Support) to Deputy Vice-Chancellor (Technology, Information and Library Services) - effective 03.01.17|
|29.10.15||All||Vice-Chancellor||New policy - incorporates content from F/1.1 Provision and use of information resources and services|