The purpose of the Data Governance Structure Policy is to define how data governance will be practiced at the University of North Carolina at Greensboro (UNCG). The policy defines the individual roles and responsibilities to support data governance activities, decision-making authorities, and communication expectations of those involved in data governance activities.
Data governance is the practice of making strategic and effective decisions regarding UNCG’s information assets. It assumes a philosophy of freedom of access to university data by all members of the community coupled with the responsibility to adhere to all policies and all legal constraints that govern that use.
This policy applies to all University stakeholders who collect, analyze, maintain, or otherwise access institutional data and, when in conflict with an existing University policy, controls or supersedes it.
In the interest of attaining effective data governance, UNCG applies formal guidelines to manage the University’s information assets and assigns staff to implement them as outlined in this policy. While the University Data Sponsor is assigned a leadership role and oversight for data governance activities, this function is shared among Data Trustees, Data Stewards, Data Custodians, and Data Users.
3.Definitions, Roles and Responsibilities
The following are the descriptions of the primary roles and responsibilities within the Data Governance Structure.
The Data Sponsor provides executive-level sponsorship and support of UNCG data governance activities.
The Executive Steering Committee (ESC) serves as the current Data Sponsor for UNCG data governance. The Data Sponsor (i.e., the ESC) is trained, qualified, and responsible for supporting and sponsoring data governance initiatives. The Data Sponsor clears barriers to effective data governance and has a key role in communicating enterprise-wide initiatives to campus stakeholders. The Data Sponsor is regularly informed of data governance efforts and policy initiatives. Additionally, the Data Sponsor is responsible for securing funding for data governance activities and approving enterprise-level data governance policies. Data Sponsors understand the importance of sponsorship and support required for institutional data governance. Data Sponsors are accountable for governing institutional data in a safe and responsible manner.
The Data Sponsor will appoint Data Trustees and, through the establishment of data policies and institutional priorities, provide direction to them, Data Stewards, and Data Custodians. Data Governance (DG) at UNCG is comprised of the Executive Steering Committee (Data Sponsor), Data Trustees, and Data Stewards Committees that meet regularly to address data governance initiatives, issues, and concerns.
The Data Sponsor delegates authority and responsibility for the management and governance of institutional data to the Data Governance bodies of Data Trustees and Data Stewards. Members of these committees are authorized to make campus-wide rules and key decisions regarding the treatment of institutional data and enforce the Data Governance and Data Quality programs within their data domains in accordance with the Data Governance Charter.
Data Governance members will communicate bi-annually with the Data Sponsor (i.e., the ESC), in addition to other communication as deemed necessary. This expectation will be met by either the Data Governance Committee Chairs or the Enterprise Data Governance Manager attending a scheduled ESC meeting to provide an activity update twice per year. Other communication with the ESC will be handled via the Enterprise Data Governance Manager through the Vice Chancellor for Information Technology Services, who serves on the ESC.
The Data Sponsor decision making responsibilities include:
- Strategic planning of data governance initiatives
- Prioritization of data governance initiatives
- Approval of major changes in Information Technology (IT) services
- Data compliance decisions
3.2Data Trustee or Business Stewards
A Data Trustee is a senior University official (or their designee) who has planning and policy-level responsibilities for data within their functional areas and management responsibilities for defined segments of institutional data.
Data Trustees are responsible for assigning Data Stewards, participating in establishing policies and standards, and promoting data resource management for the good of the University. A Data Trustee plans and sets data policy and responds to data access and policy or standards implementation issues.
Data Trustees are responsible for planning and prioritizing data governance projects and initiatives. Data Trustees assign Data Stewards and communicate with Data Sponsors and Data Stewards within their domain. Data Trustees develop, approve, and support data policies and promote data resource management. Data Trustees are responsible for responding to access and policy implementation issues and outline training framework for Data Stewards and Users. Data Trustees may serve as consultants for Data Stewards and can implement data standards. Additionally, Data Trustees establish, review, and report on Key Performance Indicators (KPIs) aligned with the strategic plan. Data Trustees also approve data access requests for the University. Data Trustees are trained, qualified, and understand implications of planning and policy-level decisions related to data within their functional areas. Data Trustees are held accountable for working with institutional data in a safe and responsible manner. Data Trustees are also responsible for approval of data classification levels, and data storage and classification at each classification level.
Data Trustees communicate monthly with Data Stewards regarding policy management. Meetings may be merged to streamline meetings among Data Stewards.
Data Trustees’ decision-making responsibilities include:
- Reviewing changes made by Data Stewards
- Establishing, implementing, and enforcing standards
- Developing, revising, and enforcing policies
- Developing the data strategy to align with the University’s strategic plans
- Developing and/or defining KPIs
- Approving access requests, as appropriate
A Data Steward is a University official with direct operational-level responsibility for information management.
Data Stewards (Operational Data Stewards, Technical Stewards, or Data and Information Stewards) are responsible for operational-level metadata management and ensuring data quality. Data Stewards help build data literacy and have direct hands-on data responsibilities. Data Stewards handle data inquiries, train and onboard new staff, and elevate policy or standards changes to Data Trustees. Data Stewards are trained, qualified, and understand the implications of data management and quality across the institution. Data Stewards are held accountable for working with institutional data in a safe and responsible manner.
Data Stewards (Operational Data Stewards, Technical Stewards, or Data and Information Stewards) communicate monthly with Data Trustees (or Business Stewards) regarding policy management. Meetings may be merged to streamline meetings among Data Stewards.
Data Stewards’ decision-making responsibilities include:
- Approving changes (reference (new codes) and master data changes)
- Developing metadata terms and definitions
- Setting data quality rules
- Setting business data rules
- Making changes to data processes
Information Technology Services (ITS) and distributed campus technology personnel serve as Technology Custodians. Technology Custodians provide a secure infrastructure in support of the data including, but not limited to, providing physical security, backup and recovery processes, granting access privileges to system users with approvals as required by the Data Trustees (or their designees), and implementing and administering controls over the information.
ITS and distributed technology personnel serve as Technology Custodians and responsibilities include, but are not limited to, providing a secure infrastructure, ensuring system availability and adequate response time, and granting access privileges to system users. Technology Custodians remove access as necessary in a timely manner, implement and administer controls over information, and participate in setting data governance priorities. Additionally, Technology Custodians are responsible for the review and audit of data classification policies, and data storage and handling requirements.
Technology Custodians are trained, qualified, and understand the implications of managing data environments securely. It is important that ITS and distributed technology personnel work collaboratively to meet the data needs of the campus community. Technology Custodians are held accountable for working with institutional data in a safe and responsible manner.
Technology Custodians have representatives on the data governance committees who meet monthly and share information back to the larger group via current communication paths. Technology Custodians will have the opportunity to participate in meetings regarding data or policy management as needed.
Technology Custodians decision-making responsibilities include:
- ITS-related decisions
- Architecture (Hardware/Software) and cloud decisions
- Infrastructure, integration, and reporting decisions
- Data access management
Data Users are individuals who need and use University data as part of their assigned duties or in fulfillment of assigned roles or functions within the University community. Individuals who are given access to sensitive data have a position of special trust and as such, are responsible for protecting the security and integrity of the data. There is an expectation of accountability in working with institutional data.
Data Users need and use University data with the understanding of the importance of data and its impacts (i.e., security, integrity, quality, consistency, handling, and dissemination). Data Users who have access to sensitive data carry a position of trust within the University. Data Users are champions in their areas of expertise, and report concerns related to data management and protections. Data Users are aware of the classification of the data with which they work, and usage is compliant with Federal and State regulations as well as University policy. Data Users are trained, qualified, and understand the up-stream and down-stream implications of creating variants of conformed business terms for local use. Data Users are held accountable for working with institutional data in a safe and responsible manner.
Data Users receive quarterly and annual communications from the Enterprise Data Governance Team regarding policy management or data standards and may participate in weekly communication with those maintaining the Business Data Model.
3.6Data Governance Custodian
Data Governance Custodians are responsible for the execution and enforcement of policies and processes over the definition, production, and usage of data. Exercising authority and control, Governance Custodians are responsible for data quality and metadata management.
Data Governance Custodians: The Enterprise Data Governance (EDG) team serves as Governance Custodians. Governance Custodians exercise authority and control when enforcing policies, help set enterprise-level standards, manage data quality, and facilitate metadata management. Governance Custodians promote data governance, follow data governance best practices, and are institutional by nature.
Data Governance Custodians are trained, qualified, and understand the implications of managing data governance and enforcing data governance policies and standards. Data Governance Custodians are held accountable for working with institutional data in a safe and responsible manner.
Participate in monthly communication meetings regarding policy management.
Data Governance Custodians’ decision-making responsibilities include:
- Data governance policies, processes, and frameworks
- Metadata management and data quality management
- Enforce data standards
3.7Data Governance Structure Model
The figure below depicts the relational data governance structure, data governing body roles, and interactions.
Data Governance, in cooperation with other University authorities, administrators, and the ESC, will enforce this policy, and establish standards, procedures, and protocols in support of the policy.
Violations of this policy by a university employee may be classified as “misconduct” under EHRA policies (faculty and EHRA non-faculty) or “unacceptable personal conduct” under SHRA policies, including appeal rights stated therein.
5.Approval and Review
The Chancellor has approved the Data Governance Structure Policy. The Data Governance members will review the policy annually.
6.Related University Policies
- Acceptable Use of Computing and Electronic Resources Policy: Specifies principles and requirements UNCG has established for employee’s, student’s, and affiliate’s usage of data
- Information Security Policy: Specifies the principles and requirements UNCG has established to protect information assets owned by, or in the care of, the University.
- Data Classification Policy: Outlines measures and responsibilities required for securing data resources.
7.Related and Supporting Procedures
8.Contacts for Additional Information and Reporting
Responsible Executive: Vice Chancellor for Information Technology Services and Chief Information Officer (CIO)
Responsible Administrator: Enterprise Data Governance Manager (EDGM)