Business Procedures Manual

Essential business procedural components for University System of Georgia institutions.

Section 12 Introduction

Section 12 Introduction

(Last Modified on October 20, 2020)

In March 2019, the content on Data Governance and Management has been moved from the Information Technology Handbook to the Business Procedures Manual. Compliance with this entire section is required for all USG organizations by December 31, 2020.

Due to the criticality of some sections and dependencies between them, compliance deadlines for the sections have been tiered. USG staff will be working with the appointed campus representative to track implementation.

Tier 1: Due by December 31, 2020, except General Data Protection Regulation, which will not be due until June 30, 2021

  • Section 12.3.1 Data System Documentation,
  • Section 12.4 Cybersecurity (including Safeguards, Classification, Access Procedures and Segregation and Separation of Duties)
  • Section 12.5.1 Regulatory Compliance.

Tier 2: Due by December 31, 2020

  • Section 12.2 Governance Structure
  • Section 12.3.4 Data Availability
  • Section 12.5.2 Training

Tier 3: Due by June 30, 2021, except adherence to the USG document retention schedule, which should already be in place

  • Section 12.3.2 Data Elements and Data Definition Documentation
  • Section 12.3.3 Data Quality Control
  • Section 12.3.5 Data Life Cycle
  • Section 12.5.4 Monitor
  • Section 12.5.4 Audit

Information is a strategic asset of all University System of Georgia (USG) organizations and is critical to administration, planning and decision-making. Effective and responsible use of information requires that data is secure, well documented, and accessible for use by authorized, trained personnel. To that end, this section of the Business Procedures Manual provides the data governance infrastructure and management practices that USG organizations must have in place.

Data Governance and Management Framework image Governance, Management, Cybersecurity, Compliance

The goal of this section is to provide guidance to USG organizations in meeting the fundamental requirements for data governance and management to ensure data security, effective use, and compliance with relevant laws and policies. USG organizations may include additional roles, responsibilities, policies, and protocols as needed to fit local context or promote best practices. These provisions apply to information systems maintained by, or on behalf of, USG organizations.

↑ Top