(1) The University of Queensland (UQ) values information in its many forms as a core strategic asset and will govern and manage it accordingly throughout its lifecycle. Effective information management ensures that the right information is available to the right person, in the right format and medium, at the right time. Information that enables UQ to perform its core functions is considered an asset. (2) This Policy outlines expectations and requirements for the governance and management of information at UQ and is intended to enable UQ to: (3) This policy defines principles for the governance and management of UQ’s data, information and records. The relationship between data, information and records is defined in the linked diagram (showing Data, to Information, to Record), and detailed definitions and examples are in the Appendix. (4) This Policy applies to anyone accessing or using UQ’s information, including but not limited to: (5) Exceptions to this Policy must be approved by the Chief Information Officer, in alignment with the Cyber Security Exceptions Procedure. (6) Robust and effective information management is fundamental to UQ’s functions and operations, as it: (7) The principles and requirements in this policy are related and intended to be applied holistically where possible. These principles are supported by the governance and management structures defined in the Information Governance and Management Framework. (8) Effective information management allows UQ to realise the value of its data, enables accountability and transparency, mitigates risk, and allows businesses to operate. (9) UQ will: (10) The UQ community and members of the public should have access to relevant and appropriate UQ information where necessary. (11) UQ will: (12) For more information, read the Access to and Amendment of UQ Documents Procedure, and visit the UQ Explore and Access Data web page. (13) Information quality is key to generating value from our information and supporting UQ’s strategic objectives. Information quality includes accuracy, completeness, consistency, timeliness, validity, and uniqueness. (14) UQ will: (15) To strengthen information and records management practices, UQ will: (16) To help protect UQ’s information and its community, UQ will: (17) UQ’s records must be managed in compliance with the Public Records Act 2002 and UQ’s record management requirements. The legislation and supporting instruments set requirements regarding vital, high-value, high risk and historically significant permanent records. (18) UQ will: (19) The roles below are a summary of key information governance and management roles and responsibilities. Refer to the Information Governance and Management Framework for a comprehensive list. (20) The Vice-Chancellor is accountable for ensuring the collection and management of UQ’s information and records in accordance with relevant legislative, regulatory and policy obligations. (21) The Chief Information Officer (CIO) is accountable for developing, maintaining and implementing information management capabilities, policies, procedures and technical standards to protect UQ’s information. (22) The CIO is responsible for ensuring that information roles (i.e. Information Leaders, Information Domain Custodians and Information Stewards) are assigned across UQ. (23) The IT PRAC is responsible for reviewing compliance, assurance or risk reports regarding information governance and management. Read the IT Governance and Management Framework for more information and the committee terms of reference. (24) An Information Domain Custodian is assigned to one or more information domains (see the information entity catalogue for more details). For example, the Chief Human Resources Officer is the Information Domain Custodian for the Human Resources domain. (25) For each assigned information domain, the Information Domain Custodian is responsible for: (26) An Information Steward is assigned to one or more information entities (see the information entity catalogue for more details). For example, the Director, People Services is the Information Steward for the Staff, Worker, Leave and Timesheet information entities (within the Human Resources domain). (27) For each assigned entity, the Information Steward is responsible for: (28) The Associate Director, Data Services is responsible for (29) The Data Strategy and Governance Team supports the Associate Director, Data Services to maintain and implement this policy. The team is responsible for: (30) The RTI and Privacy Office is responsible for: (31) Members of the UQ community have a responsibility to: (32) The Data Strategy and Governance team ensures that key information governance roles (such as Information Domain Custodian and Information Steward) are appointed, inducted and are aware of their responsibilities. Additionally, the team will provide information governance and management training and deliver awareness initiatives to the wider UQ community as required, to improve information literacy and awareness across UQ. (33) The Data Strategy and Governance team will report on information management risk and compliance to the IT Policy, Risk and Assurance Committee (IT PRAC) and other UQ committees as required, in alignment with the IT Governance and Management Framework. (34) The Data Strategy and Governance team will review and update this policy as required to ensure its accuracy. (35) The Information Asset Register provides details regarding information collected in the course of managing the University. (36) The Information Entity Catalogue provides a high-level overview of the information domains at UQ, and the different information entities within each domain. (37) Documents released to applicants under the Right to Information Act 2009 are progressively published via the Disclosure log. (38) The Approved Systems for Record Keeping Register provides details regarding UQ systems that contain records. (39) Related UQ policies and procedures include: (40) A full list of legislative instruments can be found in the Information Governance and Management Framework. (41) See linked Information Lifecycle diagram. The information lifecycle includes:Information Management Policy
Section 1 - Purpose and Scope
Scope
Section 2 - Principles and Key Requirements
Protect information as an asset
Information is findable and accessible
Information is suitable for all of its uses
UQ meets its information management and record keeping obligations
Information privacy, confidentiality and security is assured
Records are managed throughout their lifecycle
Top of PageSection 3 - Roles, Responsibilities and Accountabilities
Information Trustee (Vice-Chancellor)
Chief Information Officer (CIO)
IT Policy, Risk and Assurance Committee (IT PRAC)
Information Domain Custodians
Information Stewards
Associate Director, Data Services
Data Strategy and Governance Team
Right to Information and Privacy Office (RTI and Privacy Office)
UQ Community
Top of PageSection 4 - Monitoring, Review and Assurance
Section 5 - Recording and Reporting
Section 6 - Appendix
Definitions
Term
Definition
Data
Values or individual facts in their most basic format that exist independent of any given context. Data are raw values that can be processed. When data are processed, combined with other data, organised, structured or presented in a given context, it is referred to as information. Examples include individual fields in a database or pixels in an image file.
Information
Consists of data that has been processed, analysed, or interpreted within a given context. Information can exist in any format. Examples include physical (paper, DNA) or digital (audio, PDF file, .jpeg).
Record
Consists of information that has been generated or received by UQ in the course of its activities that is retained by UQ as evidence of activities or decisions, or because the information has cultural, community or organisational value. Certain records must be retained for a specified period to meet legislative requirements. Records can be managed in a range of systems, both digitally and physically. Examples include meeting minutes, contracts and financial transactions.
Information Domain
A broad category or theme under which University information can be identified and managed. See the Information Entity Catalogue for an overview of the information domains at UQ.
Information entity
A specific group of information that is related to an information domain. Examples of information entities include ‘digital learning' data for the teaching and learning domain, ‘budget’ data for the finance domain, and ‘salary’ data for the human resources domain.
UQ community
Anyone who uses UQ information and communications technology (ICT) resources, and anyone who creates, accesses or uses UQ’s information. This includes (but is not limited to) students, staff, contractors and consultants, visitors, title holders and third parties.
Related UQ Policies and Procedures
Related Legislation
Information Lifecycle
View current
This is the current version of the approved document. You can provide feedback on this document to the Enquiries Contact - refer to the Status and Details tab from the menu bar above.