I. Purpose
UNC Asheville is critically dependent on its computer systems and the large quantities of information within these systems. Data ownership, access procedures and standards followed by sound procedures are necessary for the protection of University information. The formalization of data management provides the framework upon which the necessary standards and procedures for access to those University assets are governed and protected.
At UNC Asheville the principles of data management include:
- A clear system of file ownership with designated, accountable officers.
- Criteria for granting access privileges to University information both internal and external as defined by federal and state legislation.
- Written guidelines for determining how access to data will be granted and periodic review of the actual levels of access against what the policies state.
II. Scope
These data management and access procedures apply primarily to all centrally managed data supported by Information Technology Services under the jurisdiction of the Director ITS Administrative Information Systems.
Creators or managers of distributive and/or departmental systems developed and administered by University departments are responsible for the security and proper use of data under their stewardship.
III. Policy
Each Vice Chancellor will appoint a Data Manager for each of the information systems within their area. These data managers should be responsible for distributive and/or departmental systems in addition to departmental components of centrally managed systems. Normally, the Director of an office should be appointed as Data File Manager of the information system in their respective area.
The Data Managers are the functional leaders of the Administrative Information Systems. This group meets monthly and guides application development, testing, and upgrade schedule. When security and access concerns need to be discussed, the Director of Administrative Information Systems asks to be put on the agenda for the monthly meeting and leads those discussions.
This policy strictly prohibits the sharing of user names and/or passwords in order to access data.
IV. Definitions
Information Technology Security Officer is a person or persons designated by the UNC Asheville CIO who can verify that accounts are set up in accordance with the data manager’s directives.
Data File Manager Responsibilities
- Assume responsibility for system data flow and work collaboratively with Information Technology Services in designing criteria for new systems or major enhancements.
- Approve or deny requests for access to data under their jurisdiction.
a. Access to data will typically be limited to employees of the University but with the approval of the appropriate Data Manager may on occasion be granted to a volunteer supporting a University unit.
i. Authorization for access by employees requires:
ii. A written request from the director or manager of the unit;
iii. The employee’s acceptance of University policies and procedures related to accessing University computers, networks, and data evinced by the employee’s completion of the Computing and Network Use Agreement.
b. Limited, fixed-term authorization for access by volunteers requires:
i. A written request from the director or manager of the unit;
ii. Authorization for volunteers will typically be limited to 6 months;
iii. Signed acceptance by a unit employee or the director/manager accepting responsibility for the actions of the volunteer with respect to the relevant data;
iv. Approval by the appropriate Vice Chancellor;
iv. The volunteer’s acceptance of University policies and procedures related to accessing University computers, networks, and data evinced by the volunteer’s completion of the Non-Agency Account Request Form located on the ITS website.
3. Assume responsibility for data timeliness and accuracy.
4. Coordinate use of the information system by other University offices and resolve problems associated with definitions, timing, changes, and accessibility.
5. Approve maintenance and enhancement requirements including coordination of changes required by other users.
6. Provide staff with opportunities to enhance their knowledge of data maintenance and information retrieval.