ÎçÒ¹Ó°Ôº this Policy
Information Management
Policy Number: 12000
Effective Date:
Last Updated:
Responsible Office:
Division of IT
Responsible Administrator:
Vice President for Information Technology and Chief Information Officers
Policy Contact:
Vice President for Information Technology
University Hall
Columbia, MO 65211
umdoitvp@umsystem.edu
Categories:
- General Administration
Menu:
- Scope
- Reason for Policy
- Policy Statement
- Definitions
- Accountabilities
- Forms
- Related Information
- History
- Procedure
Scope
This policy applies to all University employees.
Reason for Policy
To state policy regarding the availability of University data and information to University employees.
Policy Statement
Information maintained electronically within the University is a University-wide asset that is available to the Board of Curators, administrators, faculty, staff and students. Timely access to such information will be provided for the effective discharge of academic or business responsibilities.
University information will be safeguarded against misuse such as unauthorized destruction, modification, or disclosure. * Abuse of this policy will result in denial of access to University data and may be cause for dismissal.
*NOTE: An example of unauthorized disclosure would be that part of the student educational record that is protected by the Family Educational Rights and Privacy Act known as the Buckley Amendment.
Individuals Granted Access
- must understand the meaning, purpose, and interpretation of the underlying data;
- must assure the accurate and responsible presentation of information derived from the data;
- must attend data and technical training at the discretion of the Information Manager.
Information Manager
An Information Manager will be designated for each of the University's system-wide applications by the President. Information Managers for other applications that maintain data of institutional value outside of the source of origination will be designated by the appropriate General Officer.
Examples of system-wide applications include human resources, financial, student, library and the alumni and development systems. Information Managers may exist at both the System and campuses.
Examples of applications that are not system-wide include patient information, equipment inventory, facilities and parking.
The duties and responsibilities of an Information Manager are to:
- assure that all decisions regarding the collection and use of data are in compliance with the law and with University policy and procedures;
- define and describe the data elements within the system;assure the validity, reliability, and consistency of the data contained in the system;
- respond to all requests for access to the data or for information;
- provide accurate documentation for access, use, and maintenance of the system;
- coordinate or provide data education and training;
- make known the rules and conditions that may affect an accurate presentation of the information;
- assure compliance with periodic backup requirements of the Universities policies on records management.
- work through Records Management to determine the appropriate retention of administrative, fiscal, legal, research and historical data.
Chief Technology Officers
Each campus, under the auspices of the Chief Technology Officer, will be responsible for establishing, publishing, maintaining, and enforcing this information access policy, as well as appropriate privacy and security procedures concerning access to University information managed by the campus.
Information Technology Management Council (ITMC)
The Information Technology Management Council is appointed by the Vice President Information Technology. It consists of managers from each of the campus and the system IT organizations.
Responsibilities of the ITMC include:
- provides advice to the Vice President Information Technology regarding levels and types of access to be provided to various users;
- recommends technical and security standards for University information;
- assists in monitoring the University's information security policies.
Definitions
Accountabilities
Vice President for Information Technology:
- Work with CIOs in a manner that leads to the implementation, adoption or endorsement of centrally provided IT and telecommunications services as appropriate
- Publishing a list of services and how to obtain such services in an appropriate location
Campus/business unit CIOs:
- Promote and enforce the use of centrally provided IT and telecom services when appropriate
- Publish a list of services and how to obtain such services
- Establish and publish procedures for request/sponsorship of non-University entity accounts and provisioning of IT and telecom resources as requested
University administrators and managers:
- Enforce the required use of official University IT and Telecom resources by their employees when conducting University business
- Sponsor accounts and provisioning of IT resources for non-University entities when appropriate
University employees:
- Use centrally provided or endorsed/approved resources when conducting University business
Additional Details
Forms
ÎçÒ¹Ó°Ôº Access & Confidentiality Agreement
Access to Electronic Resources Authorization Form
Instructions: https://umsystem.edu/ums/is/infosec/access-form-instructions
Related Information
University Collected Rules: 110.005 Acceptable Use Policy
Policy 23001 on Records General Policy
Policy 12001 on Management, Access and Use of IT Resources
History
Formerly Business Policy Manual 108 – Information Management (revised 2/1/2000)
Procedure
ÎçÒ¹Ó°Ôº Access & Confidentiality Agreement: /media/fa/is/infosec/confidentiality-agreement.pdf
Access to IT Accounts and Electronic Information: https://umsystem.edu/ums/is/infosec/account-access
Reviewed 2024-03-27