The University of Queensland (UQ) values information as a core strategic asset and will govern and manage it accordingly throughout its lifecycle. Effective information management ensures that the right information is available to the right person, in the right format and medium, at the right time. Information that enables UQ to perform its core functions is considered an asset. Show
This policy outlines expectations and requirements for the governance and management of information at UQ and is intended to enable UQ to:
1.1 ScopeThe scope of the Information Management Policy includes the governance and management of UQ’s structured and unstructured information and data (physical, electronic or hybrid) that is collected and managed by UQ to perform its business functions and deliver its services. This policy applies to consumers of UQ information and communications technology (ICT) resources and anyone creating or accessing UQ’s information assets, including but not limited to:
Consumers that are connected to UQ networks, systems or services must comply with this policy, irrespective of location or device ownership (e.g. consumers with personally-owned computers). Exceptions to this policy must be approved by the Chief Information Officer. 2.0 Principles and Key RequirementsRobust and effective information management at UQ:
The principles and requirements in this policy are related and intended to be applied by consumers as a whole where possible. 2.1 Information is treated as an assetInformation management supports evidence of UQ decisions and activities, enables accountability and transparency, mitigates risk, and allows businesses to operate. To achieve this, UQ ICT consumers must apply the following measures to their information management practices:
Consumers should seek to ensure digital information and records remain digital and will not be converted to a physical format unless required (the 'born digital, stay digital' principle). UQ will maintain facilities to enable efficient cataloguing, long term maintenance and discovery of information assets. 2.2 Information can be found and accessedUQ facilitates the creation of large volumes of information. UQ consumers and members of the public should have access to relevant and appropriate UQ information where necessary. To achieve this:
2.3 Information is suitable for all of its usesThe quality of information must support UQ’s strategic objectives of academic and research excellence. To achieve this, UQ ICT consumers should apply the following information management practices:
2.4 Information remains compliantTo strengthen its information and records management practices, UQ will:
Records cannot be destroyed until their retention period (as specified in the Retention and Disposal Schedules) has passed. In some instances, records must not be destroyed, even if the retention period has passed. This may occur when:
This policy should be read in conjunction with other ICT policies and procedures and other UQ policies such as the: Privacy Policy; Public Records Act 2002 (Qld) and the approved Records Retention and Disposal Schedules. 2.5 Information privacy, confidentiality and security is assuredTo help protect UQ information and its consumers, UQ will:
3.0 Roles, Responsibilities and AccountabilitiesInformation management is the responsibility of all UQ consumers. Specifically, each information domain (e.g. Learning & Teaching, Research Management, or Human Resources) must have a designated Information Domain Custodian and, one or more Information Stewards. The Information Domain Custodian and Information Steward roles will usually relate to the organisational hierarchy associated with the business functions primarily responsible for managing the domain’s data. These roles, and other important Information Management roles are explained in more detail in the Information Governance and Management Framework. 4.0 Monitoring, Review and AssuranceThe CIO will ensure periodic review and monitoring of information management (including classification) is conducted to determine how well information management supports UQ’s business and strategic goals, and for its compliance with legislation. Results of this monitoring will be reported to the Information Technology Governance Committee (ITGC). UQ’s Information Technology Governance Committee will review all ICT policies (three yearly) and procedures (annually) and ensure appropriate consultation is undertaken. 5.0 Recording and ReportingUQ will meet its data retention obligations under the Telecommunications (Interception and Access) Act 1979 (Cth.). 6.0 AppendixData - There is a subtle difference between data and information. Raw data is a term used to describe data in its most basic digital format. Data is raw, individual facts that need to be processed. When data is processed, combined with other data, organised, structured or presented in a given context, it is referred to as information. Information – Includes, but is not limited to, physical (e.g. paper records) or digital files (e.g. email, voicemail, meeting minutes, video and audio recordings) in any format (e.g. PDF, .wav, .docx, or .jpeg) and data recorded by University applications (often in a database of some form). Information Management - is a collection of capabilities delivered through people, processes and technology to ensure the confidentiality, integrity, availability, quality and security of our information assets throughout their life cycle. Information Governance - is a collection of practices and processes, which provides a formal framework to apply control through defined roles and responsibilities for the management of information and data assets throughout their information lifecycle. Information Asset - A body of information, defined and managed as a single unit so it can be understood, shared, protected and exploited effectively. Information assets have recognisable and manageable value, risk, content and lifecycles. Information domain – A broad category or theme under which University information can be identified and managed. UQ uses the Topics and Entities outlined in the CAUDIT Higher Education Data Reference Model, in the context of business capabilities and organisation structures, as a guide to determine appropriate information domains. Information Standards - Define and promote best practice in the acquisition, development, management, support and use of information systems and technology infrastructure which support the business processes and service delivery of Queensland public authorities. Structured data - Data that resides in a consistent field structure and includes data in formats such as relational databases and spreadsheets. This data is often generated during business transactions and is stored in a business information system, e.g. student data, financial data, research data. Unstructured data - Data that does not have a pre-defined data model or a consistent field structure that is easily readable by machines, and includes formats such as audio, video and unstructured text. Unstructured data may have structured elements, e.g. metadata associated with an email, xml document. Record - Information in any format that has been generated or received by UQ in the course of its activities, and which must be retained by UQ as evidence of its actions and decisions. A record can consist of one or more pieces of information that together form a record or context of the activity, action or event. Retention and Disposal Schedules – Legally binding documents that have been authorised by Queensland State Archives, the authority on records governance for public entities such as UQ. They define the status, minimum retention periods and consequent disposal actions authorised for specific classes of records. 6.2 Related UQ Policies and Procedures6.3 Related legislationThe University is required under the Queensland Government’s Information asset custodianship policy (IS44) to identify and register information assets and assign roles and responsibilities to information assets, to protect information in accordance with Information security (IS18) information standard, to make full and accurate records in accordance with the Recordkeeping policy (IS40) and lawfully dispose records in accordance with the Retention and disposal of public records policy (IS31). A full list of obligations can be found in the Information Governance and Management Framework |