The oversight body
- Information Technology Policy Committee (ITPC)
Established by Council, the oversight body to ensure the well-coordinated governance, including information security and data management for the purpose of this Policy.
The 3rd level of defence
- Internal Audit Office
The 2nd level of defence
- University Data Protection Officer
- Data and Security Team of IT Services
- Task Force on Management of Research Data and Records
The 1st level of defence
- Data Owner
The head of an administration office / faculty / department / school / centre or the Principal / Chief Investigator of a research programme or project (“unit”) who is the decision maker with respect to data collected and/or used in conducting the unit’s business. He or she has decision-making authority over any data collected and/or usedby the unit.
- Data Steward
Any appropriate individual assigned by a Data Owner to facilitate the interpretation and implementation of data and information security policies, standards and guidelines.
- Data Custodian
Organisational functions (e.g., Human Resources Section) or individuals (e.g., staff,student, contractors, third party users) that are entrusted to operate on university data/information on a need basis as part of their assigned functions or employment orcontractual duties.
- Data User
Individuals (e.g., staff, students, contractors, relevant third party users) or organisation functions (e.g., academic departments accessing student-related data on University Student Information System) that are entrusted to access and use university data on a need basis as part of their assigned employment or contractual duties or functions.