Data Governance

DATA GOVERNANCE FRAMEWORK

Data Governance Framework
At Stony Brook University


Approved Sept 19, 2016, revised June 11, 2021, revised November 21, 2024


This framework for data governance establishes a set of principles, structures, roles, and responsibilities at Stony Brook University to improve the data infrastructure and to advance institutional goals for operational excellence. The executive sponsors of Stony Brook’s Data Governance System are the Vice President for Educational & Institutional Effectiveness and the Vice President for Information Technology and Chief Information Officer, who elevate issues and resource requirements to senior leadership as needed.

Scope

This data governance framework applies to all University administrative data. Systems housing HIPAA-protected patient data and research data managed by principal investigators and their teams lie outside the scope of this framework. The scope is extensible to other data assets with approval of the Data Governance Council and notification of the Executive Sponsors.

Data Governance Definition
To enable and enhance organizational effectiveness, data governance formalizes behavior around how data are defined, produced, used, stored, and destroyed (Seiner, 2014; Gartner, 2013).

Values

Shared Assets

Data and information are shared organizational resources that constitute valuable assets.

Stewardship

Employees of Stony Brook University have a responsibility for the curation of data. They serve as caretakers of data to ensure data are collected, stored, and maintained under the premise that others will access and use them over time.

Quality

To ensure data retain value, quality of data is actively monitored and maintained.

Privacy and Confidentiality

Maintenance of individual privacy and confidentiality of educational and personal records represent not only legal requirements but also primary outcomes of data management.

 

 

 

University Administrative Data
Administrative data are information collected or created through a function of the university. These data are owned by the university with responsibility for stewardship delegated to areas or individuals.

Principles for Data Governance

Organizational Effectiveness

Data governance activities improve organizational effectiveness and efficiency of operational processes. 

Transparency

Data governance policies, activities and products exhibit transparency through documentation available to the University community.

Communication

Data governance promotes and ensures communication so that the data produced are fully understood and can be reproduced with the same results.

Compliance

Data governance adheres to and enables institutional compliance with applicable statutes, regulations, and policies; including but not limited to areas of security, privacy, and record retention.

Auditability

Data governance promotes means to document and verify data and metadata, track changes and justifications for changes.

Integrity

Data governance participants practice integrity with their dealings with each other; they are truthful and forthcoming when discussing drivers, constraints, options, and impacts for data-related decisions.

Accountability

Data governance defines responsibilities for cross-functional data-related decisions, processes, and controls.

Standards

Data governance identifies and supports consistent standards for data elements, dictionaries, metadata, quality, and usages.

Structures for Data Governance

 

I. Data Governance Council (DGC)

    1. Role: Recommend and implement institutional policy for data governance of university administrative data, including for how data are defined, produced, used, stored, and destroyed
    2. Responsibilities
      1. Develop and follow procedures for internal council operation, officers, meetings, workflow, and voting
      2. Develop and oversee implementation of institutional data strategy
      3. Develop, recommend and evaluate effectiveness of policies, procedures, and processes for data management, data quality, and data use
      4. Elevate to Executive Sponsors issues of institutional policy or practice that require resolution or additional resources
      5. Set priorities for preserving and increasing value of data assets
      6. Oversee data quality monitoring and improvement
      7. Set standards for data dictionaries and definitions, reporting conventions
      8. Ensure compliance and coordination with security policy
    3. Membership:
      1. Chief Institutional Research Officer
      2. Analytics and Enterprise Data Officer
      3. University Controller
      4. Chief Enrollment Management Officer
      5. University Registrar
      6. Chief Financial Aid Officer
      7. Provost’s Office designee
      8. Student Affairs designee
      9. Finance & Administration designee
      10. Advancement designee
      11. Human Resources designee
      12. Information Technology designee
      13. Research designee
      14. Health Sciences Designee
      15. Enterprise Risk Management designee
      16. Campus Planning & Facilities designee
      17. Chief Diversity Officer designee
      18. University Senate designee
      19. Ex officio: University staff directly supporting data governance
    4. Structure
      1. Chair
      2. Vice-Chair

II. Roles for individuals


a. Domain Data Stewards

  1. Role: Domain data stewards implement data management policies and procedures in domains of data that cut across multiple business areas.
  2. Responsibilities
  3. Maintain inventory of data assets
  4. List of tables, fields, dictionary information
  5. Coordinate Area Data Stewards in implementation of consistent data standards
  6. Maintain data dictionary for domain in consultation with data owners, ensuring each element
  7. Has clear an unambiguous definition
  8. Has clear value definitions assigned to all values
  9. Is still being used (oversee removal/retirement of unused elements)
  10. Has adequate documentation for origin and sources of authority
  11. Communicate data governance policies, procedures and practices to data owners
  12. May have role in security policy to confer and restrict access to data
  13. Membership
  14. Data stewards are identified by the functional leader of an operational unit that manages data
  15. Data stewards have data governance responsibilities as formal components of their performance plan

 


Domain Data Stewards
Domains include:
- Enrollment Management
- Financial Aid
- Human Resources
- Research Administration
- Student Records
- Accounting, Budget, Administration areas
- Campus residences
- Center for Excellence Teaching & Learning

b. Area Data Stewards

  1. Role: Responsible for data and metadata of one or more domains for a specific organizational area or unit and work with domain data stewards to ensure data in their area are aligned with business requirements, to manage the life-cycle of their data, and to ensure data quality

  2. Responsibilities
  3. Ensure data in the area are complete and adhere to valid values as specified in the data dictionary.
  4. Oversee life cycle of data in the area – data collection, entry, maintenance, and deletion 
  5. Communicate business requirements for data elements to domain data stewards and other areas of the university
  6. Communicate data standards and requirements to members of their area/unit to ensure consistency
 

 

Area Data Stewards
Areas with domain data stewards include:
- Colleges & Schools
- VP area HR functions (Provost, HSC, Medicine) 
- Enrollment management areas (West Campus UG, East Campus UG/GR, SPD, Graduate School)

c. Data Users

1. Role: individuals who use and analyze institutional data as part of their assigned duties and role at the university.
2. Responsibilities: 

a. Use University Data in compliance with local, state, and federal laws and regulations and all University policies. University data may not be improperly disclosed or re-disclosed.
b. Recognize that institutional data and information derived from it are potentially complex. Make efforts to understand the source, meaning and proper use of the data through training sessions, utilizing data dictionaries and knowledge of supporting system processes. 
c. Include information about the data source and criteria when distributing data, reports and ad hoc analytics to guard against misinterpretations of data. (see Report Standards in Communication and Training)
d. Respect the privacy of individuals whose records they may access. 
e. Ensure that passwords or other security mechanisms are used for sensitive data that need to be stored or delivered electronically
f. Report data quality issues to appropriate data steward

 

III. Administrative Data Governance Function


a. Role: administer data governance system including carrying out policy agenda of the data governance council
b. Responsibilities

1. Support the DGC and carry out its policy agenda
2. Respond to inquiries about process, content, limitations and uses of data, especially in cross-functional settings
3. Set up and administer data governance management tools
4. Consider and confirm changes to code sets, additions to tables that have cross-functional impact
5. Assemble and coordinate issue-related teams to address specific data governance issues
6. Generate reports on data quality; recommend metrics for DGC review

 

 

Roles and Responsibilities Matrix

  Data Governance Council Domain Data Stewards Administrative Data Governance Function
Standards and Policies Define, establish, monitors, audit, verify, develop, revise
 Functional implementation Support, implement, communicate
Data Quality Identify, adopt enterprise-wide data quality tools, Big picture monitoring, To what extent is Data Quality improving? Where?
Monitor Data Quality- identify areas for improvement, Monitor improvement
 Review audit reports, Coordinate remediation/clean-up, initial prioritization for Data Quality, Prioritize Data Quality levels by table/area
 Generate data quality reports, make recommendations to DGC, implement DQ policies and procedures
Metadata Establish standards for metadata format- enterprise-wide Ensure all meta-data are collected/accurate Implement standards for meta-data collection
Metrics Reviewing metrics, Identify metrics for monitoring, Monitoring, Identify priority areas based on metrics Monitoring, take action based on metrics (clean up) Propose and generate metrics for DGC review

Data Governance Administrative Function: Ensure cross-functional alignment among metadata

Changes and Amendments

This policy shall be amended by a vote of 50% plus one of all members of the Data Governance Council and notification to the Executive Sponsors. Changes go into effect after 60 calendar days of this notification, unless the Executive Sponsors reject the amendments. Amendment and notification is required for extension of scope to additional data assets; changes to membership; etc.

References

Gartner (2013). IT glossary “information governance.” Retrieved April 9, 2015 from http://www.gartner.com/it-glossary/information-governance

Seiner, R. (2014). Non-invasive data governance: The path of least resistance and greatest success. Denville, NJ: Technics Publications.

Stony Brook University (n.d.) DoIT Policy-D101: Classification and use of information assets. Retrieved April 9, 2015 from https://it.stonybrook.edu/policies/d101

Stony Brook University (2018). P302: Sensitive information classification policy. Retrieved April 21, 2021 from https://www.stonybrook.edu/policy/policies.shtml?ID=302