(1) Effective use of quality data is a core driver of QUT’s values. Creating an environment where QUT’s data, information, analytics, and insights are aligned to its current operational needs and future digital ambitions requires a proactive and enabling approach to data governance. A keystone to this practice is QUT’s approach to managing data and information assets. (2) The purpose of this Policy is to define how data and information assets are to be managed. (3) This Policy applies to: (4) This Policy does not apply to members of the QUT community who are engaged in research activities, except in situations where resulting data subsequently becomes part of the ongoing operations of the University. Research data management is defined in the Management of Research Data and Primary Materials Policy. (5) The University’s data and information assets are managed on the basis of the following principles: (6) Data and information governance is a set of processes that ensure important information assets are formally and consistently managed throughout QUT. Risk based, and consistently applied governance practices are critical to the correct identification, utility and management of data and information, including improving availability, usability, quality, and integrity of information managed by the University, including the Confidentiality, Integrity, and Availability (CIA) aspects of information security as described in the Information Security Policy. (7) Data is one way of representing everything in the world around is in a way that can be accessed, used, and reused. It represents every aspect of our University, our students, our partners, and our mission. (8) Information is an enriched form of data that has been purposefully transformed to be more immediately useful to people. Information includes both data and context, which makes it possible to interpret, evaluate and use. In QUT, information is managed as a logical collection called an information asset to enable governance to be consistently, effectively, and sensibly applied to the entirety of our data. (9) It is important to note that an information asset can be separate from the information technology system used to manage it; a single information asset could span multiple systems designed to work together. By the same token, a single system is likely to manage multiple information assets, used for different purposes. (10) The Information Asset Register (IAR) is a formal register that records QUT’s inventory of information assets and associated metadata (including custodianship; classification; and information security classification). The Information Asset Register is maintained by Vice-President (Digital) and Chief Digital Officer (or nominee). (11) Information owners are required to review their assets on an annual basis, and will be asked to certify, via a yearly statement of compliance, that assets under their management comply with this Policy. Information asset owners will be supported in this process by Information Custodians (who will provide relevant information on the management of information assets) and the Digital Business Solutions Data Governance team. (12) Any breaches by an individual may result in disciplinary action for staff as defined by Code of Conduct - Staff and for students as defined by Code of Conduct - Student.Data and Information Asset Management Policy
Section 1 - Purpose
Section 2 - Application
Section 3 - Roles and Responsibilities
Top of Page
Position
Responsibility
Vice-Chancellor and President
Is accountable under legislation for the collection, holding and use of QUT’s information and technology assets, including accountability for any data breach or adverse impacts to confidentiality, integrity, and availability under the Information Security Policy.
Delegates authority to manage and administer information assets.
Information Steering Group (ISG)
Drives QUT’s vision of safely and responsibly using data, information, analytics and insights to improve business performance, deliver meaningful value to the University community, and mitigate current and emerging risks.
Vice-President (Digital) and Chief Digital Officer
Facilitates QUT users' awareness of this Policy and identification of QUT information assets.
Responsible for data governance and broader information and data management.
Approves the assignment of ownership for identified information assets.
Coordinates management of the University’s Information Asset Register.
Information owner
Is accountable for the collection of information assets on behalf of QUT for a primary business service or function.
Assigns data custodianship for information assets owned on behalf of QUT.
Is accountable for the identification of information assets within their areas of responsibility and accountability.
Is accountable for the definition of key business terms as they relate to owned information assets.
Has delegated authority and accountability for ensuring that the University complies with all relevant requirements for the specific owned information asset, including the aspects of information privacy, appropriate sharing of information, and the ethical use of the information assets.
Champions the use of the information asset within the University to generate the maximum value from the investment in governance and management practices.
Data custodian
Is responsible for the use, disclosure, and protection of a defined information asset in accordance with strategic directions approved by the Information Asset Owner.
Ensures the information asset has been correctly registered in QUT's Information Asset Register (and in keeping this Register updated if any circumstances around this Information Asset change).
Ensures the information privacy aspects of the information asset have been properly assessed and understood, including completing a threshold Privacy Impact Assessment, (and if appropriate, a full Privacy Impact Assessment), on behalf of the information asset owner.
Appoints data stewards to assist, as required.
Releases information assets (or component data within the information asset) to audiences external to the University, after considering privacy, information security, legal compliance and risk management implications and impacts, in accordance with decisions made by the information asset owner.
Ensures legal, legislative and policy compliance.
Ensures preservation of public records and compliance with recordkeeping practices.
Approves and oversees data quality statements and data quality improvement plans.
Provides advice on appropriate use of information asset.
Data steward
Is accountable for management of the data that comprise the information asset, including involvement in enterprise data initiatives as required.
Is responsible for ensuring appropriate data profiling has been completed, which includes point-in-time assessments of data quality, information security classification, and appropriate registration of any ongoing issues on the QUT Data Issues Register.
Provides advice or recommendations to the Data Custodian for their consideration on areas such as Data Quality Statements, Data Quality Improvement Plans, suitability for sharing with third parties, appropriate application of copyright and intellectual property, legal compliance, or system considerations.
Escalates matters to the data custodian, as required.
Provides advice on the appropriate use and interpretation of the information asset.
Data administrator
Distributes data in an agreed format and in accordance with agreed timelines, once approved by the information asset owner.
Data creators (all staff)
Ensure the quality of the data being created or captured.
Take reasonable precautions to protect QUT’s information and data against unauthorised access, use, disclosure, modification, or destruction.
Report data quality issues to their line manager, data administrator or data steward.
Users of information and data
Use information and data in accordance with University requirements.
Section 4 - Principles
Top of PageSection 5 - Concepts
Section 6 - Information Asset Register
Section 7 - Non-Compliance Consequences
Section 8 - Definitions
Term
Definition
Data
Refers to the representation of facts, concepts or instructions in a formalised (consistent and agreed) manner suitable for communication, interpretation or processing by human or automatic means. The format and presentation of data may vary with the context in which it is used and is typically comprised of numbers, words, or images. Data is not information until it is utilised in a particular context for a particular purpose. ( QLD Government Glossary ).
Digital
Refers to the use and management of data, information, communications, and technology to enable delivery of University services and for the fostering of innovation and enabling strategic change through transformation.
Information
Information Assets
Refers to an identifiable collection of information or data stored in any manner and recognised as having value for the purpose of enabling the University to perform its business functions. Information assets are categorised from the perspective of content and business use rather than by the information technology systems that hold them (QLD Information Standard 44 – Information Asset Custodianship). An information asset can be made up of one or many data entities that represent our collective understanding of a subject and are collected into a defined asset for the purposes of effective governance and management of the underlying data.
Information, Communications and Technology (ICT) Resources
View Document
This is the current version of this document. You can provide feedback on this document to the document author - refer to the Status and Details on the document's navigation bar.
Under delegation from the data steward, responsible for the day-to-day management and control of data sourced from within their organisational or business function, including:
Refers to any collection of data that is processed, analysed, interpreted, classified, or communicated in order to serve a useful purpose, present fact or represent knowledge in any medium or form. This includes presentation in electronic (digital), print, audio, video, image, graphical, cartographic, physical sample, textual or numerical form QLD Government Glossary . University information has the capacity to be created, collected, stored, modified and transmitted by any QUT user. Information is not limited to records as defined in the Records Governance Policy , but information that represent University records should be managed as such.
Information, Communications and Technology (ICT) Resources includes: