The Data Asset Inventory module is a short form designed to collect basic information about data assets essential for the operation of your unit such as:
- What are our data assets and where are they managed?
- Who is responsible for our data assets?
- What purposes can our data assets be used for?
So much of the work we do is dependent on data. An asset inventory is the first step in identifying the risk management and governance efforts you need to appropriately protect and govern those data.
Data Asset: a collection of data that supports the achievement of objectives at the University. For example, data that supports student enrolment or evaluation, course selection, employee profiles, or financial transactions.
Data Asset System: the system(s), platforms or applications involved with the collection or creation, storage, processing, sharing, and destruction of data assets.
Data Access Governance Protocols: The methods by which users can obtain approval to access and use data for institutional Quality Assurance/Quality Improvement initiatives and / or for Scholarly Research purposes.
Data Asset Inventory Questions
Provide a brief description of the Data Asset
For example, enrolment data, student profiles, employee profiles, electronic medical/health records, financial transactions, system event logs, etc.
Does the data asset contain institutional data as defined for the University Data Governance Program?
Institutional data comprise all of the data that are held by the University primarily for the purpose of supporting its administrative operation, broadly understood. This does not include data that are held at the University for conducting scholarly research.
What is the approximate number of records the unit manages for this data asset?
In order to better understand risk levels it is important to understand the volume(s) of data the unit manages.
What is the Data Classification of this data asset?
Classification of the data the unit manages helps in understanding risk levels. Data assets that contain multiple classifications of institutional data are categorized based upon the highest classification.
Who is/are the individual(s) or group accountable for the data asset and responsible for its governance?
The group, individual or role accountable for a data asset is known as the Trustee. Typically a trustee is a senior administrator such as a Vice President, University Registrar or Dean.
What is the name of the data asset system - the main system, platform, or application in which the data asset resides?
The systems in which data assets reside can vary greatly across the University. ROSI and HRIS, SharePoint and OneDrive are examples; local databases or even a spreadsheet in a network or local drive may serve as the system or container for data assets.
Who is/are the individual(s) or group responsible for the administration of the data asset system?
Administrators of data asset systems could be Unit IT or Unit staff, another unit in your division, a Central/Shared Services unit, a vendor, etc. If the administrator is a person, please include their name and title.
What type of system is the data asset system? (server, client, SaaS)
Server systems include information systems that provide application, system, or network services to other information systems. Client systems run general purpose operating systems (e.g., Microsoft Windows, Apple Mac OS X) and don't host shared services to other information systems. Software as a Service (SaaS) refers to a purchased online application service.
Can the data asset be used for quality assurance or quality improvement (QA/QI) purposes?
Can the data asset be used for the purposes of administering admissions, registration, academic programs, university-related student activities, activities of student societies, safety, financial assistance and awards, graduation and university advancement, or reporting to government?
Can the data asset be used for Scholarly Research purposes?
Can the data asset be obtained by a researcher to receive all of part of the information in a data asset for the purposes of conducting research studies with the intent to publish the results, typically in a peer-reviewed journal.