12.2 Governance Structure
(Last Modified on August 26, 2021)
This section describes the roles and responsibilities that USG organizations must designate and document within their data governance structure.
A data governance structure is required at each USG organization. The data governance structure will demonstrate accountabilities for the data assets of the organization to ensure proper processing.
The data governance structure documentation should identify the offices/positions (including incumbent) responsible for fulfilling the roles defined herein.
12.2.1 Governance and Organizational Structure
(Last Modified on August 26, 2021)
Data Governance Committee
The Data Governance Committee is responsible for defining, implementing, and managing policies and procedures for data governance and data management functions. Specific responsibilities include, but are not necessarily limited to the following:
- Defining data management roles and responsibilities contained in this section and other policy and procedure documentation;
- Maintaining documentation pertaining to data governance and management policy and procedure in a centralized and accessible location for the participant organization’s staff;
- Identifying the Data Governance and Management Committee structure and membership;
- Ensuring that cybersecurity and data privacy control processes detailed in the Cybersecurity section are developed and operational;
- Defining communications to instill data privacy values (set forth in section 12.6) within system, product or service development and operations (i.e., privacy by design); and,
- Assisting the chairs of the functional and technical committees to ensure effectiveness.
Functional Data Governance Committees
Functional Data Governance Committees are responsible for collective decision making around substantive changes to organization data collection, maintenance, access, and use within their functional area. It is the role of the Functional Data Governance Committee to identify what the threshold is for decisions to require Committee consideration. At some organizations, e.g., smaller institutions, the global Data Governance Committee may also fulfill the roles of the Functional Data Governance Committee.
Technical Data Governance Committees
Technical Data Governance Committees are responsible for technical guidance to support the work of the other Data Governance Committees and for decision making about the feasibility of and methods for carrying out decisions of the Functional Data Governance Committees. At some organizations, e.g., smaller institutions, the technical data governance roles must still be fulfilled but organizationally may be embedded in other Data Governance Committees.
Each USG organization is responsible for all data processed by offices of the organization. As the chief executive officer, the president of the USG institution, the Chancellor of the USG, or the head of other USG organizations is identified as the data owner. The USG organization data owner has ultimate responsibility for submission of organizational data to the USO.
Data owners have the responsibility for the identification, appointment and accountability of data trustees. Data owners will inform the USG organization’s Data Governance Committee of their data trustee appointments including office, name and contact information of the incumbent.
Data trustees, designated by the data owner, are executives of the USG organizations who have overall responsibility for the data processed in their data area(s). USG organization data trustees have overall responsibility for accuracy and timeliness of submission of data to the USO. These positions/offices would normally be cabinet-level positions reporting directly to the entity data owner.
Responsibilities of the data trustees include, but are not necessarily limited to:
- Ensuring that data accessed and used by units reporting to them is done so in ways consistent with the mission of the office and USG organization;
- Appointing data stewards within each functional area for which they are responsible. The data trustees will inform the USG organization’s Data Governance Committee of their data stewards’ appointments, including office, name and contact information of the incumbent;
- Participating as a member of the Data Governance Committee; and,
- Communicating unresolved concerns about data (such as data quality, cybersecurity, data privacy, access, etc.) to the data owner.
Data stewards, designated by the data trustees, are personnel responsible for the data processed, and the technology used to do so if applicable, in their data area(s). Data stewards recommend policies to the data trustees and establish procedures and guidelines concerning the access to, completeness, accuracy, privacy, and integrity of the data for which they are responsible. Individually, data stewards act as advisors to the data trustees and have management responsibilities for data administration issues in their functional areas. Data stewards have responsibility for accuracy and timeliness of submission of data to the USG system office in their area. Depending on the size and complexity of a functional department/division, it may be necessary, and beneficial, for a designated data steward to identify associate data stewards to manage and implement the stewardship process.
Responsibilities of the data stewards include, but are not necessarily limited to:
- Developing standard definitions for data elements created and/or used within the functional unit. The data definition will extend to include metadata definitions as well as the root data element definition;
- Ensuring data quality standards are in place and met;
- Inventorying and identifying the data as unrestricted, sensitive or confidential, for functional data within their area(s) of supervision/direction and communicate it to those responsible for ensuring data is handled according to its appropriate classification; (See 12.4.2 Classification)
- Establishing authorization procedures with the USG organization’s Data Governance Committee and/or chief information officer (CIO) to facilitate appropriate data access as defined by institutional/office data policy and ensuring security for that data. Authorization documentation must be maintained;
- Working with the USG organization’s Data Governance Committee, identifying and resolving issues related to stewardship of data elements, when used individually or collectively, that cross multiple units or divisions. For example, the individual data element “Social Security Number” may have more than one data steward since it is collected or used in multiple systems.
- Participating as a member of the Functional Data Governance Committee(s) as appointed by the data trustee.
- Communicating concerns about data (such as data quality, security, access, etc.) to the data trustees.
Chief Information Officer (CIO)/Chief Information Security Officer (CISO)
Responsibilities of the CIO and CISO are to ensure that technical infrastructure is in place to support the data needs and assets, including availability, delivery, access, and security across their operational scope.