Last Revision: April 28, 2022
Stamford Campus Technology Services
STAMFORD CAMPUS DATA ADMINISTRATOR, DATA STEWARD AND DATA USER ROLES AND RESPONSIBILITIES
The following pertains to University departmental shares, shared printers, SharePoint sites and access to computers or other resources managed by the Stamford Campus Technology Services department. This does not replace the data roles and responsibilities outlined in the University of Connecticut Information Security Policy Manual. The policy was updated to comply with the updated UConn wide Data Roles and Responsibilities policy and current best practices.
Data Administrator
Jeff Shapiro, Stamford Campus Technology Services Systems Administrator, is Data Administrator at the Stamford Campus. The Data Administrator is responsible for managing permissions for University IT resources such as departmental shares and shared printers. The Data Administrator grants and revokes access to these resources based on requests from Data Stewards. All requests must be submitted by the Data Steward using the ticketing system. and include the name of the resource and the NETID, if available, of the person to whom access will be granted. Matt Proulx, the Technology Manager, serves as Alternate Data Administrator in the event that the Primary Data Administrator is unavailable.The Data Administrator is The Data Administrator of the Stamford Campus is responsible for resources in the Stamford Campus ITS Organizational Unit and cannot manage permissions for other University IT resources. If you are unsure whether a resource is in the Stamford OU, the Data Administrator can provide that information; if an individual requires access to a resource that is not in the Stamford OU, the Data Administrator will assist in contacting the Data Administrator who is responsible for that resource. The Data Administrator will identify and explain any permissions available for a resource at the request of the Data Stewardalso be a Site Owner on Staff SharePoint sites they support.
Data Steward
Each Department Head will act as the Data Steward for his or her department. Data Stewards are responsible for determining which individuals in their department will be granted access to departmental shares and shared printers; if necessary, access to computers can be restricted to specified individuals. The level of access of these resources for each user must be specified by the Data Steward.
Data Stewards are responsible for requesting that access to IT Resources be granted when needed and promptly requesting that access be revoked when no longer needed. Data Stewards are responsible for ensuring that these requests comply with the University of Connecticut IT Policies including those outlined in the Information Security Policy Manual.
Data Stewards are responsible for providing Data Users under their supervision with a copy of the Information Security Policy Manual and ensuring that those individuals are aware of and meet compliance standards. Data Stewards are responsible for informing the Data Administrator of the location and nature of any confidential information that is being stored.
Each Data Steward may designate one individual to assume the role of Alternate Data Steward. If the Data Steward is absent or cannot be contacted, the Alternate Data Steward shall be responsible for requesting that access to resources be granted or revoked (see Alternate and Delegate Data Steward).
Each Data Steward may delegate data stewardship over particular resources to a Delegate Data Steward. Delegate Data Stewards must fulfill the responsibilities of a Data Steward, and may make requests for access directly to the Data Administrator as outlined below (see Alternate and Delegate Data Steward). The Data Steward is responsible for informing the Data Administrator that an Alternate or Delegate Data Steward has been assigned. It is also the Data Stewards responsibility to inform the Data Administrator that someone has been relieved of such duties.
Alternate and Delegate Data Steward*
Alternate and Delegate Data Stewards need to submit their requests by email to the Data Administrator. The primary Data Steward for the department must be cc’d on all requests. The Data Administrator will process all changes emailed to them only if this procedure is followed. Properly requested changes made by a Delegate or Alternate Data Steward may be revoked by the primary Data Steward at any time.
Data User
Data Users are individuals who are granted access to IT resources. Data users who need access to an IT resource must submit a request to their Data Steward, who will request that the Data Administrator grant the Data User access. Requests made by a Data User directly to the Data Administrator will be denied. Data Users are responsible for being familiar with the Information Security Policy Manual. Data Users are responsible for understanding Data Classification Levels and how to appropriately store and work with each type of data. If they have any questions, the Data Administrator is available for consultation on data types via a scheduled appointment.
Violations
Violations of information security policy must be immediately reported to the Information Security Office as specified in the Information Security Policy Manual. If you suspect a violation please contact the Information Security Office directly at (860) 486-8255. Individuals who report violations are explicitly protected from retaliation by the University’s Non-Retaliation Policy.
*For Professional Staff only. Faculty will have a SINGLE Data Steward for any individual resource; no delegation will be doneemployees of the university responsible for the overall use and proper handling of administrative, academic, public engagement, or research data. Data Stewards must classify data according to the University’s Data Classification Policy. Data Stewards ensure that appropriate steps are taken to protect data and implement policies and agreements that define appropriate use of data. For SharePoint, Data Stewards are also Site Owners in SharePoint. They are able to grant permissions on their own.
The Data Steward or their designated representatives are responsible for:
• Ensuring the information they are responsible for is accurate
• Authorizing the specific use of information across the organization
• Working with other Data Stewards to resolve conflicting data issues
• Specify appropriate controls, based on data classification, to protect the data from unauthorized modification, deletion, or disclosure
• Ensuring access rights are evaluated on a regular basis
Data User
Data Users are individuals who receive authorization from the Data Steward/Administrator to access, enter, or update information. Data Users must use the resource only for the purpose specified by the Data Steward, complying with controls established by the Steward, and preventing disclosure or confidential or protected information.
Absent Data Steward
If the Data Steward is absent or otherwise not available, as a Staff member, the supervisor of the Data Steward may be contacted. If a Data Steward has not named an alternate, the Campus Director can fill in for Staff requests should a Data Steward be absent. Determining who the proper supervisor is will be done by the org chart found in the global address book. If this takes us to someone off campus, the Campus Director may be used instead. For faculty, there are no provisions for a backup data steward. Requests for resources will not be processed unless they come from the faculty member.
Requests for Data (Non-SharePoint)
All requests for Data access must be approved by a Data Steward. The current proper way to submit a ticket: https://stamford.uconn.edu/its. This can be done by either a Data User or Data Steward. If the Data Steward is not the requestor, the request will be put on hold until we get approval through the ticketing system from the Data Steward.
Should a Data Steward no longer wish to control a resource, they may delegate this to a subordinate. However, in doing so that subordinate becomes the primary contact for the resource. All resources will have one primary contact. Such a request MUST be initiated in an authentic ticket with no exceptions as back-end changes will need to be made to verify a new Data Steward. Additionally, new Data Stewards will need to request permission changes by submitting a ticket.
Request for Data (SharePoint)
The above procedure can be followed for SharePoint but due to Data Stewards being Site Owners of their own SharePoint site, they can approve permissions on their own through Office365. Additionally, Data Stewards can delegate other Site Owners to approve SharePoint requests on their behalf.
Administration
All shared resources will have an appropriate Active Directory description. The AD Description will contain the Data Steward for the resource for EFS folders and the Data Steward and shared resource name for shared mailboxes and calendars. This description will be checked before making a resource change. This method is subject to change should it interfere with future ITS policies on Active Directory naming/description conventions.