Processes

UNSW students walking in morning

More information regarding these processes at UNSW is available to staff on the Data & Information Governance intranet:

  • Business Glossaries
  • Business Rules Documentation
  • Committees and Data Ownership
  • Data Breach Management
  • Data Ownership and Roles
  • Information Asset Register (Sources of Truth)
  • Recordkeeping and Business Systems
  • System Classification
  • Systems of Record
  • Data & information governance at UNSW is framed around the diagram below. We work on ensuring that we know the answers to each of the questions for all of our key data:

    1. Do you know the value of your data?
    2. Do you know who has access to your data?
    3. Do you know where your data is?
    4. Do you know who is protecting your data?
    5. Do you know how well your data is protected?
  • More information for UNSW staff is available on the Data & Information Governance Intranet

    The UNSW person who notifies of a breach shall report it to the IT Service Centre (IT Service Centre via email), who will then escalate any relevant incident to the Data Breach Management Committee.

    The Data Breach Management Committee is convened by the Chief Data & Insights Officer and has representation from key parts of the University, including the Chief Information Security Officer.

    There are five key steps required in responding to a data breach:

    1. Contain the breach
    2. Evaluate the associated risks
    3. Recovery
    4. Consider notifying affected individuals and escalation to UNSW senior management
    5. Prevent a repeat.

    For more information about how UNSW manages data breaches please refer to the Data Breach Policy and the Data Breach Management Procedure.

    If you require assistance from the Cyber Security team in containing a data breach please log a ticket with the IT Service Centre via email.

  • More information for UNSW staff is available on the Data & Information Governance Intranet.

    Not all data assets are of equal importance to UNSW, and not all should be treated equally. To put it simply, in order to protect UNSW data, you need to know exactly what data you are trying to protect. Data classification is the process of organizing data into categories for its most effective and efficient use. Data Classification is akin to putting a sticker on a box saying “Fragile! Handle with care!”.

    UNSW Data Classification Standard is a framework for assessing data sensitivity, measured by the adverse business impact a breach of the data would have upon the University. This standard for the University community has been created to help effectively manage information in daily mission-related activities. Determining how to protect and handle data depends on a consideration of the data’s type, importance, and usage. The standards outline the minimum level of protection necessary when performing certain activities, based on the classification of the data being handled.

    • Identify: Identify the data
    • Locate: Identify where the data resides and identify who is the Data Owner
    • Classify: Categorise and determine which data needs to be protected
    • Handling: Determine what data handling guidelines need to be adopted for the data
    • Value: Assign a value to the data

    UNSW Data Governance team is helping all UNSW individuals/divisions/faculties in managing, classifying, protecting and governing the data held by UNSW. Every staff member is responsible for following the Data Classification Standard for managing the data in a secure manner.

    For more information, please visit the Data & Information Governance Intranet or contact Data Governance Team.

  • UNSW uses Data Cookbook as its data governance tool to assist with managing business definitions.

    You can see more information about UNSW's use of Data Cookbook on the Data & Information Governance intranet.

    For internal user support please log a CASD ticket.

  • Information on this topic for UNSW staff is now available on the Data & Information Governance Intranet

    About Data Sharing Agreements at UNSW

    Since data are a University asset it is a requirement for all users who seek to use data from a UNSW system to obtain permission from the Data Controller prior to such use.

    Where there is a requirement to use data from one system in another system (or with an external party to the University) it is a requirement to obtain a signed data sharing agreement that has been approved by the relevant Data Controller.

    If you are unable to ascertain who is the Data Controller please check the UNSW Information Asset Register.

  • The Information Asset Register (also known as Sources of Truth) @ UNSW are those business systems that provide authoritative, primary sources of data. Identifying them helps avoid duplication and the use of inaccurate or outdated information.

    Systems of record @ UNSW are those business systems that have been evaluated as suitable for the capture and management of University records, they may often be Source of truth systems.

    This list of Sources of Truth at UNSW is managed by the Data & Information Governance Office - please advise of any additions or amendments via email datagov@unsw.edu.au

    Information on this topic for UNSW staff is now available on the Data & Information Governance Intranet.

  • The University is committed to protecting personal information in compliance with all applicable laws, and incorporates applicable legal requirements into the University’s processes, procedures and information systems.

    Personal information is any information from which a specific individual’s identity is apparent or can be reasonably ascertained.

    All UNSW staff and contractors are responsible for ensuring that they handle personal information in accordance with the University’s Privacy Policy and applicable supporting procedures.

    The University Privacy Officer supports this Policy by:

    • developing and implementing University wide privacy procedures;
    • supporting staff to by providing advice on privacy obligations and develop local protocols and privacy statements
    • conducting internal reviews of privacy complaints.

    You can contact the Privacy Officer via email: privacy@unsw.edu.au

    For more information regarding privacy at UNSW check our Legal and Compliance office.

    Note: we have published a zID Usage Guideline to assist with any questions regarding the permitted uses of zIDs.

  • Better managed records mean better business outcomes.

    All staff and contractors or the University have an obligation to make and keep full and accurate records of their activities. A record is any document made or received as part of your work that provides evidence of action. The University owns these records and together they form a vital organisational asset.

    All records of the University must be captured to an appropriate, compliant business system. These systems may be transactional enterprise-level ones such as NewSouth Financials, PiMS, SiMS, and the University’s corporate recordkeeping system, RAMS, or they may be other business systems that have been identified and assessed as compliant. Refer to Introduction to Recordkeeping for more information.

    Compliant business systems have controls in place to ensure the requirements of a record, such as their evidentiary fixed nature, retrievability, security controls, and disposal management, are met.

    Personal Network Drives (H:\ Drives), Microsoft One Drive (or other hosting services such as Dropbox), or Network Shared Drives do not meet these basic requirements and are not suitable for the capture and storage of University records.

    The University maintains an enterprise recordkeeping system, RAMS, that is available to all UNSW staff to allow for the capture and management of University records not already captured to a compliant business system. For more information refer to UNSW's Systems of Record.

    You can contact Records and Archives, or go to the RAMS website for more information on how to access RAMS and manage your records.

    All staff should be aware of the Recordkeeping Policy and the Recordkeeping Standard.