Live now: Board of Curators meeting

UM System

Information Management

About this Policy

Information Management

Policy Number: 12000

Effective Date:

Last Updated:

Responsible Office:
Division of IT

Responsible Administrator:
Vice President for Information Technology and Chief Information Officers

Policy Contact:

Vice President for Information Technology
University Hall
Columbia, MO  65211
umdoitvp@umsystem.edu

Categories:

  • General Administration

Request additional information

Menu:

Scope

This policy applies to all University employees.

Reason for Policy

To state policy regarding the availability of University data and information to University employees.

Policy Statement

Information maintained electronically within the University is a University-wide asset that is available to the Board of Curators, administrators, faculty, staff and students. Timely access to such information will be provided for the effective discharge of academic or business responsibilities.

University information will be safeguarded against misuse such as unauthorized destruction, modification, or disclosure. * Abuse of this policy will result in denial of access to University data and may be cause for dismissal.

*NOTE: An example of unauthorized disclosure would be that part of the student educational record that is protected by the Family Educational Rights and Privacy Act known as the Buckley Amendment.

Individuals Granted Access

  • must understand the meaning, purpose, and interpretation of the underlying data;
  • must assure the accurate and responsible presentation of information derived from the data;
  • must attend data and technical training at the discretion of the Information Manager.

Information Manager
An Information Manager will be designated for each of the University's system-wide applications by the President. Information Managers for other applications that maintain data of institutional value outside of the source of origination will be designated by the appropriate General Officer.

Examples of system-wide applications include human resources, financial, student, library and the alumni and development systems. Information Managers may exist at both the System and campuses.

Examples of applications that are not system-wide include patient information, equipment inventory, facilities and parking.

The duties and responsibilities of an Information Manager are to:

  • assure that all decisions regarding the collection and use of data are in compliance with the law and with University policy and procedures;
  • define and describe the data elements within the system;assure the validity, reliability, and consistency of the data contained in the system;
  • respond to all requests for access to the data or for information;
  • provide accurate documentation for access, use, and maintenance of the system;
  • coordinate or provide data education and training;
  • make known the rules and conditions that may affect an accurate presentation of the information;
  • assure compliance with periodic backup requirements of the Universities policies on records management.
  • work through Records Management to determine the appropriate retention of administrative, fiscal, legal, research and historical data.

Chief Technology Officers
Each campus, under the auspices of the Chief Technology Officer, will be responsible for establishing, publishing, maintaining, and enforcing this information access policy, as well as appropriate privacy and security procedures concerning access to University information managed by the campus.

 

Information Technology Management Council (ITMC)
The Information Technology Management Council is appointed by the Vice President Information Technology. It consists of managers from each of the campus and the system IT organizations.

Responsibilities of the ITMC include:

  • provides advice to the Vice President Information Technology regarding levels and types of access to be provided to various users;
  • recommends technical and security standards for University information;
  • assists in monitoring the University's information security policies.  

Definitions

 

Accountabilities

Vice President for Information Technology:

  • Work with CIOs in a manner that leads to the implementation, adoption or endorsement of centrally provided IT and telecommunications services as appropriate
  • Publishing a list of services and how to obtain such services in an appropriate location

Campus/business unit CIOs:

  • Promote and enforce the use of centrally provided IT and telecom services when appropriate
  • Publish a list of services and how to obtain such services
  • Establish and publish procedures for request/sponsorship of non-University entity accounts and provisioning of IT and telecom resources as requested

University administrators and managers:

  • Enforce the required use of official University IT and Telecom resources by their employees when conducting University business
  • Sponsor accounts and provisioning of IT resources for non-University entities when appropriate

University employees:

  • Use centrally provided or endorsed/approved resources when conducting University business

Additional Details

Forms

University of Missouri Access & Confidentiality Agreement 

Access to Electronic Resources Authorization Form

Instructions: https://umsystem.edu/ums/is/infosec/access-form-instructions

Related Information

University Collected Rules: 110.005 Acceptable Use Policy 
Policy 23001 on Records General Policy
Policy 12001 on Management, Access and Use of IT Resources

History

Formerly Business Policy Manual 108 – Information Management (revised 2/1/2000)

Procedure

University of Missouri Access & Confidentiality Agreement: /media/fa/is/infosec/confidentiality-agreement.pdf

Access to IT Accounts and Electronic Information: https://umsystem.edu/ums/is/infosec/account-access

Reviewed 2024-03-27