View Document

Data and Information Asset Management Policy

This is the current version of this document. You can provide feedback on this document to the document author - refer to the Status and Details on the document's navigation bar.

Section 1 - Purpose

(1) Effective use of quality data is a core driver of QUT’s values. Creating an environment where QUT’s data, information, analytics, and insights are aligned to its current operational needs and future digital ambitions requires a proactive and enabling approach to data governance. A keystone to this practice is QUT’s approach to managing data and information assets.

(2) The purpose of this Policy is to define how data and information assets are to be managed.

Top of Page

Section 2 - Application

(3) This Policy applies to:

  1. any person creating, managing, using and/or otherwise granted access to QUT’s information and data; and
  2. procurement of data for any QUT activity.

(4) This Policy does not apply to members of the QUT community who are engaged in research activities, except in situations where resulting data subsequently becomes part of the ongoing operations of the University. Research data management is defined in the Management of Research Data and Primary Materials Policy.

Top of Page

Section 3 - Roles and Responsibilities

Position Responsibility
Vice-Chancellor and President Is accountable under legislation for the collection, holding and use of QUT’s information and technology assets, including accountability for any data breach or adverse impacts to confidentiality, integrity, and availability under the Information Security Policy.

Delegates authority to manage and administer information assets.
Information Steering Group (ISG) Drives QUT’s vision of safely and responsibly using data, information, analytics and insights to improve business performance, deliver meaningful value to the University community, and mitigate current and emerging risks.
Vice-President (Digital) and Chief Digital Officer Facilitates QUT users' awareness of this Policy and identification of QUT information assets.

Responsible for data governance and broader information and data management.

Approves the assignment of ownership for identified information assets.

Coordinates management of the University’s Information Asset Register.
Information owner Is accountable for the collection of information assets on behalf of QUT for a primary business service or function.

Assigns data custodianship for information assets owned on behalf of QUT.

Is accountable for the identification of information assets within their areas of responsibility and accountability.

Is accountable for the definition of key business terms as they relate to owned information assets.

Has delegated authority and accountability for ensuring that the University complies with all relevant requirements for the specific owned information asset, including the aspects of information privacy, appropriate sharing of information, and the ethical use of the information assets.

Champions the use of the information asset within the University to generate the maximum value from the investment in governance and management practices.
Data custodian Is responsible for the use, disclosure, and protection of a defined information asset in accordance with strategic directions approved by the Information Asset Owner.

Ensures the information asset has been correctly registered in QUT's Information Asset Register (and in keeping this Register updated if any circumstances around this Information Asset change).

Ensures the information privacy aspects of the information asset have been properly assessed and understood, including completing a threshold Privacy Impact Assessment, (and if appropriate, a full Privacy Impact Assessment), on behalf of the information asset owner.

Appoints data stewards to assist, as required.

Releases information assets (or component data within the information asset) to audiences external to the University, after considering privacy, information security, legal compliance and risk management implications and impacts, in accordance with decisions made by the information asset owner.

Ensures legal, legislative and policy compliance.

Ensures preservation of public records and compliance with recordkeeping practices.

Approves and oversees data quality statements and data quality improvement plans.

Provides advice on appropriate use of information asset.
Data steward Is accountable for management of the data that comprise the information asset, including involvement in enterprise data initiatives as required.

Is responsible for ensuring appropriate data profiling has been completed, which includes point-in-time assessments of data quality, information security classification, and appropriate registration of any ongoing issues on the QUT Data Issues Register.

Provides advice or recommendations to the Data Custodian for their consideration on areas such as Data Quality Statements, Data Quality Improvement Plans, suitability for sharing with third parties, appropriate application of copyright and intellectual property, legal compliance, or system considerations.

Escalates matters to the data custodian, as required.

Provides advice on the appropriate use and interpretation of the information asset.
Data administrator
Under delegation from the data steward, responsible for the day-to-day management and control of data sourced from within their organisational or business function, including:
  1. Monitoring and management – in conjunction with relevant system owners and Digital Business Services – of user access to the information asset.
  2. Risk assessment (Risk Management Policy) of the information asset in relation to the business function.
  3. Ensuring staff are trained in and educated about the information asset and related policies, including the Acceptable Use of Information and Communications Technology Resources Policy; Records Governance Policy, Information Security Policy, Information Privacy Policy, Intellectual Property Policy and Copyright Policy.

Distributes data in an agreed format and in accordance with agreed timelines, once approved by the information asset owner.
Data creators (all staff) Ensure the quality of the data being created or captured.

Take reasonable precautions to protect QUT’s information and data against unauthorised access, use, disclosure, modification, or destruction.

Report data quality issues to their line manager, data administrator or data steward.
Users of information and data Use information and data in accordance with University requirements.
Top of Page

Section 4 - Principles

(5) The University’s data and information assets are managed on the basis of the following principles:

  1. All QUT staff are considered to be data creators, regardless of their role.
  2. Each information asset has one information asset owner, but an information asset owner may own many information assets.
  3. Each information asset must have one information custodian appointed, but an information custodian may provide oversight to many information assets.
  4. As an information asset can consist of one or many data entities, each asset may have one or more data stewards with different areas of responsibility and knowledge.
  5. All of the University’s information assets are required to be correctly registered in its Information Asset Register.
Top of Page

Section 5 - Concepts

(6) Data and information governance is a set of processes that ensure important information assets are formally and consistently managed throughout QUT. Risk based, and consistently applied governance practices are critical to the correct identification, utility and management of data and information, including improving availability, usability, quality, and integrity of information managed by the University, including the Confidentiality, Integrity, and Availability (CIA) aspects of information security as described in the Information Security Policy.

(7) Data is one way of representing everything in the world around is in a way that can be accessed, used, and reused. It represents every aspect of our University, our students, our partners, and our mission.

(8) Information is an enriched form of data that has been purposefully transformed to be more immediately useful to people. Information includes both data and context, which makes it possible to interpret, evaluate and use. In QUT, information is managed as a logical collection called an information asset to enable governance to be consistently, effectively, and sensibly applied to the entirety of our data.

(9) It is important to note that an information asset can be separate from the information technology system used to manage it; a single information asset could span multiple systems designed to work together. By the same token, a single system is likely to manage multiple information assets, used for different purposes.

Top of Page

Section 6 - Information Asset Register

(10) The  Information Asset Register (IAR) is a formal register that records QUT’s inventory of information assets and associated metadata (including custodianship; classification; and information security classification). The Information Asset Register is maintained by Vice-President (Digital) and Chief Digital Officer (or nominee).

(11) Information owners are required to review their assets on an annual basis, and will be asked to certify, via a yearly statement of compliance, that assets under their management comply with this Policy. Information asset owners will be supported in this process by Information Custodians (who will provide relevant information on the management of information assets) and the Digital Business Solutions Data Governance team.

Top of Page

Section 7 - Non-Compliance Consequences

(12) Any breaches by an individual may result in disciplinary action for staff as defined by Code of Conduct - Staff and for students as defined by Code of Conduct - Student.

Top of Page

Section 8 - Definitions

Term Definition
Data Refers to the representation of facts, concepts or instructions in a formalised (consistent and agreed) manner suitable for communication, interpretation or processing by human or automatic means. The format and presentation of data may vary with the context in which it is used and is typically comprised of numbers, words, or images. Data is not information until it is utilised in a particular context for a particular purpose. ( QLD Government Glossary ).
Digital Refers to the use and management of data, information, communications, and technology to enable delivery of University services and for the fostering of innovation and enabling strategic change through transformation.
Refers to any collection of data that is processed, analysed, interpreted, classified, or communicated in order to serve a useful purpose, present fact or represent knowledge in any medium or form. This includes presentation in electronic (digital), print, audio, video, image, graphical, cartographic, physical sample, textual or numerical form  QLD Government Glossary . University information has the capacity to be created, collected, stored, modified and transmitted by any QUT user. Information is not limited to records as defined in the Records Governance Policy , but information that represent University records should be managed as such.
Information Assets Refers to an identifiable collection of information or data stored in any manner and recognised as having value for the purpose of enabling the University to perform its business functions. Information assets are categorised from the perspective of content and business use rather than by the information technology systems that hold them (QLD Information Standard 44 – Information Asset Custodianship). An information asset can be made up of one or many data entities that represent our collective understanding of a subject and are collected into a defined asset for the purposes of effective governance and management of the underlying data.
Information, Communications and Technology (ICT) Resources
Information, Communications and Technology (ICT) Resources includes:
  1. infrastructure, equipment, software, and facilities including technologies such as computers, smart phones, the internet, broadcasting technologies, and telephony;
  2. all networks, hardware, software and communication services and devices owned, leased, or used under licence by QUT including academic and administrative systems and cloud providers; and
  3. any web pages under QUT’s management (including content on third party web providers) and/or hosted on QUT’s ICT resources.