Purpose
The Data Governance Committee will appoint a Data Governance Officer to actively monitor compliance with the Data Governance and Management Policy and the corresponding guidelines, procedures, and resources referenced therein. Other roles and responsibilities will be defined to monitor specific areas of this Policy.
Go to Procedures
Go to Resources
Related Policies
Data Governance and Management Policy
Related Guidelines, Procedures and Resources
- Data Governance and Management Policy Guideline
- Data Governance Structure
- Data Domains
- Data Management Categorization
- Data Protection Categorization
- Data Regulation Categorization
- Data Protection Safeguards
- Protected Data Practices
- Systems Inventory
- Data Element Dictionary
- Access Procedures
- Separation of Duties
- Regulatory Compliance
- Training
- Audit
Definitions
Capitalized terms not otherwise defined herein shall have the same meaning as set forth in the Data Governance and Management Policy
Audience
| Responsible | Data Governance team Cyber Security Library Records Management |
|---|---|
| Accountable | Data Governance Committee |
| Support | Data Domain & Technology Sub-Committees Associate Data Trustee Data Steward Associate Data Steward System Owner Technical Manager Data Administrator Data User |
| Consulted | Internal Auditing General Counsel |
| Informed |
Procedures
- Monitor Roles and Responsibilities
-
- The Chief Information Security Officer (or their appointed designee) must monitor:
- Cybersecurity policies, guidelines, procedures, and resources
- Georgia Tech Protected Data Practices
- Cybersecurity Training
- The Dean of Libraries (or their appointed designee) must monitor:
- Data Retention and Disposition policies, guidelines, procedures, and resources
- Data Retention and Disposition Training
- The Data Governance Officer must monitor:
- Data Governance Structure
- Intersection with the Technology Governance Structure
- Data Domains
- Data Categorizations
- Systems Inventory
- Data Element Dictionary
- Access Procedures
- Separation of Duties
- Regulatory Compliance
- Data Governance and Management Training
- The General Counsel and Vice President for Ethics & Compliance (or their appointed designee) may partner in the monitoring areas described above (#1-3).
- The roles described above (#1-4) must consult with the Chief Audit Executive (or their appointed designee) in the creation and execution of their respective monitoring programs.
- The roles indicated in the “Support” section of the “Audience” list above must support monitoring efforts by participating in surveys, interviews, and review of documentation that supports compliance with the Policy and the corresponding guidelines, procedures, and resources.
- The Chief Information Security Officer (or their appointed designee) must monitor:
- Monitoring Program
-
- Monitoring efforts may be prioritized using the following guidelines:
- Data Domains with a “Data Impact Categorization” of “High Impact,” then “Moderate Impact,” then “Low Impact.”
- Information Systems with a “System Criticality Categorization” of “Mission-Critical,” then “Moderate Criticality,” then “Low Criticality.”
- Monitoring must be conducted at a frequency determined by the Data Governance Committee.
- Monitoring may be conducted through the use of surveys, interviews, and review of documentation that supports compliance with the Policy, guidelines, procedures, and resources. Monitoring must inform:
- Understanding of the Data Governance and Management Program (“Program”)
- Steps towards compliance
- Documentation supporting compliance
- Monitoring must be conducted with a sampling of Associate Data Trustees, Data Stewards, Associate Data Stewards, System Owners, Technical Managers, Data Administrators, and Data Users. Monitoring may be conducted with the Data Governance Committee, the Data Management Committee, and the Data Domain & Technology Sub-Committees.
- Monitoring results will be documented and retained for a period determined by the Data Governance Committee. A summary of findings will be provided to the Data Governance Committee, highlighting areas of concern, improvement, and success.
- The Data Governance Committee will communicate any areas of concern to the Data Trustees and Data Owner as appropriate.
- Monitoring efforts may be prioritized using the following guidelines:
Resources
- When will monitoring efforts begin?
- The USG expects all institutions to have a Data Governance and Management Program in place by June 2021. Monitoring of this Program may begin as early as the second half of 2021.
| Revision Date | Author | Description |
|---|---|---|
| 2021-07-27 | Zachary Hayes, Data Governance | New |
