Access and Use - Scope of Work

Charge:  A primary goal of Data Management Committee (DMC) initiatives is to facilitate Recommendation 1.2 of the Administrative Systems Master Plan: “Improve Design and Management of Data to Enhance Decision-Making.”  More specifically, the DMC’s objectives are established in accordance with the principles set forth in the Data Management Standards (see memo, Provost and CFO; May 1, 2013).  On behalf of the DMC, working groups have been formed to identify and mitigate specific areas of risks associated with access, storage, and distribution of UT Austin’s data assets.  The Data Management Standards will serve as the primary guide for the activities of the working groups.

Members: John Moore, CW Belcher, Heather Hanna, Jerry Speitel, Michael Orr, Tracy Brown, Debra Kress , Kristi Fisher (ex officio)

Scope of Work:  The Access and Use Workgroup is charged with identifying and evaluating risks and mitigation strategies associated with accessing, using, and distributing institutional data, including:

  • Processes for granting access relative to duties
  • Data availability
  • Data definitions and interpretation
  • Legal and PR implications of disclosure
  • Processes for releasing information
  • Other risks identified by the workgroup

Possible mitigation strategies may include the use or development of:

  • Data Use Policy and/or guidebook
  • Role-Based Access Standards
  • Centralized data resources, such as IDS
  • Training and Statement of Appropriate Use
  • Other strategies proposed by the group

At appropriate intervals, the group will report their work and/or findings to the full DMC and make recommendations for implementing mitigation strategies.

A prior working group developed an initial list of risks relevant to the access, store, and distribution of institutional data.  That list will serve as a basis for the working groups initial discussions, but it is anticipated that the group will identify additional risks.  The risks identified by this group may overlap with the subject matter of other DMC workgroups; in those cases, the workgroups are expected to coordinate their work and to determine more broad-based and efficient solutions.

The workgroup should review all existing policies and procedures around their risk area in order to avoid duplication of effort or time spent discussing strategies that are already in place.  The group is also expected to engage additional personnel, as needed, to provide expertise and input to their discussions (ex: legal affairs, ISO, compliance, data stewards).  In addition, the group should be mindful of whether the risks identified are within the purview of the DMC, meaning the issues and strategies are actionable by DMC as they relate to institutional data assets.  (For instance, in instances where physical data security is an issue, the risks and mitigation strategies may already fall within the purview of ISO.)