Guidelines

1. The Policy pertains to employee access to Institute Data while conducting official Georgia Tech business. It is separate and distinct from the Georgia Open Records Act governing public access to information.
2. The scope of Policy implementation will continually increase. Piloting has been completed with Student data currently residing in the Georgia Tech Data Warehouse and access to the Banner Student Information Systems granted by the Registrar's Office. The Policy is now in effect for the Georgia Tech Data Warehouse and all new administrative system implementations and associated data. Priorities for expanded implementation will be determined based upon management priority and user need.
3. The Policy and related procedures will be reviewed and revised based upon lessons learned as implementation broadens.
4. The Chief Stewards define principles governing data access. The Chief Stewards assign data stewardship responsibilities.
5. Data Stewards manage subsets of Institute data. There is a strong relationship between data groupings and organizational responsibility. Georgia Tech's complex organization and data require stewardship responsibility be assigned on a case-by-case basis.
6. Data Coordinators are appointed by Data Stewards to assist with data classification. Data Coordinators grant access to the data within their purview according to criteria defined for specific access requirements. For example, some types of access require training, the establishment of user accounts, and awareness of federal or State guidelines restricting data access.
7. Authorized Requesters represent a campus unit or group of campus units, and are appointed by someone with at least unit head authority. Every organization determines the best way to assign this responsibility based upon workflow, organizational structure, and job responsibilities.
8. Authorized Requesters verify individual access requirements, and forward access requests to the appropriate Data Coordinator. Authorized Requesters assure that access privileges are kept current with changes in personnel status for individuals in the unit(s) represented.
9. At this time, no formal training on the Policy is provided. Data Coordinators will provide assistance as required to Authorized Requesters to assure that access privileges are granted in accordance with the Policy.
10. The procedure for gaining access to the data associated with this period of implementation is outlined in the attached process overview. The requests are initiated via email, and forwarded to the appropriate Data Coordinator. If the request requires electronic access to data, it is then forwarded to the appropriate Data Administrator for action. The process has multiple individuals involved in verification to assure soundness.
11. Access requests should include the following information:
• Department Name
• User Name
• User ID (if one has already been assigned)
• Job Title
• Phone Number
• What Data/Role & Why (Data Coordinators will provide assistance)
• Access End Date (some individuals only require temporary access)
12. If an individual is requesting access to data that has associated prerequisites, such as Banner and PeopleSoft training or review of FERPA guidelines, then the Data Coordinator will assure that the prerequisites have been met prior to approval.
13. Data Coordinators and Administrators will maintain electronic archives of all requests. Data Administrators will serve as the point of contact for related audit reviews.
14. Data Administrators will maintain a repository of information regarding the data classified by the Stewards and Coordinators. Documentation of the overall structure of Institute data will be a byproduct of a fully implemented Policy.