Data Roles and Responsibilities, Information Technology

Title: Data Roles and Responsibilities, Information Technology
Policy Owner: Information Security Office
Applies to: Students, Employees, Users
Campus Applicability:  All Campuses, except UConn Health
Effective Date: May 16, 2012
For More Information, Contact Chief Information Security Officer
Contact Information: (860) 486-8255
Official Website: http://security.uconn.edu/

This policy is available in the Information Security Policy Manual.

Data Stewards oversee the proper handling of administrative, academic, public engagement, or research data.  Data Stewards are responsible for classifying data according to the University’s data classification system, ensuring that appropriate steps are taken to protect data, and the implementation of policies and agreements that define appropriate use of the data. The Steward or his designated representatives are responsible for and authorized to:

  • Approve access and formally assign custody of an information technology (IT) resource.
  • Specify appropriate controls, based on data classification, to protect the IT resources from unauthorized modification, deletion, or disclosure. The Steward will convey those requirements to administrators for implementation and educate users. Controls shall extend to IT resources outsourced by the university
  • Confirm that applicable controls are in place to ensure appropriate level of confidentiality, integrity and availability
  • Confirm compliance with applicable controls
  • Assign custody of IT resources assets and provide appropriate authority to implement security controls and procedures
  • Ensure access rights are re-evaluated when a user’s access requirements to the data change (e.g., job assignment change)

Data Administrators are usually system administrators, who are responsible for applying appropriate controls to data based on its classification level and required protection level, and for securely processing, storing, and recovering data. The administrator of IT resources must:

  • Implement the controls specified by the Steward(s)
  • Provide physical and procedural safeguards for the IT resources
  • Assist Stewards in evaluating the overall effectiveness of controls and monitoring
  • Implement the monitoring techniques and procedures for detecting, reporting, and investigating incidents

Data Users are individuals who received authorization from the Data Steward to read, enter, or update information.  Data Users are responsible for using the resource only for the purpose specified by the Steward, complying with controls established by the Steward, and preventing disclosure of confidential or sensitive information.

Policy Created: May 16, 2012