About institutional data at IU

On this page:


Overview

At Indiana University, institutional data (or information) is defined as:

Data in any form, location, or unit that meets one or more of the following criteria:

  • It is subject to a legal obligation requiring the university to responsibly manage the data.
  • It is substantive and relevant to the planning, managing, operating, documenting, staffing, or auditing of one or more major administrative functions, or multiple organizational units, of the university.
  • It is included in an official university report.
  • It is clinical data or research data that meets the definition of "university work" under the university's Intellectual Property Policy (UA-05).
  • It is used to derive any data element that meets the above criteria.

The University Data Management Council is responsible for establishing policies, procedures, and guidelines for managing institutional data at IU.

Data Stewards have management and policy-making responsibilities for specific data subject areas, such as student data, Human Resources data, faculty data, medical data, and research data, among others.

Data Managers, located in functional offices across the university (for example, Admissions, Purchasing, Registrar, and Student Financial Aid, among others), are responsible for reviewing and approving requests for access to university information systems, and for ensuring that users of those systems receive appropriate orientation and training.

Official classification levels

Classification levels of institutional data are defined in IU's Management of Institutional Data (DM-01).

Notes:

Standards for managing institutional data

Indiana University has official standards for managing institutional data that apply to all users and administrators of university information technology resources. These standards include rules for managing access, maintaining data integrity and security, manipulating and extracting data for reports, and choosing appropriate locations and methods for storing various institutional data elements.

If you work with institutional data at IU, you are responsible for meeting the university's official data management standards to prevent inappropriate disclosures of personal or confidential information. For details, see Management of Institutional Data (DM-01).

Especially stringent standards apply to work involving sensitive institutional data (data elements classified Restricted or Critical). Always follow best practices when storing sensitive institutional data; for example:

For more on best practices for handling sensitive institutional data at IU, see:

Request institutional storage

If you have institutional data, you can request institutional storage in Microsoft Teams at IU. You'll need to specify the type of data, whether or not it is sensitive, and whether you need to collaborate externally. The system will then create storage tailored to your needs.

Important:

Get help

To determine the approved storage options based on the type of data, use the Data Sharing and Handling (DSH) tool, which provides specific guidance on where to store institutional data, and general guidance on sharing, disposal, and classification of institutional data.

If you have questions about IU's classification of data elements, contact the appropriate Data Steward .

For help determining the highest classification of institutional data you can store on any given UITS service, see About dedicated file storage services and IT services with storage components appropriate for sensitive institutional data, including research data containing protected health information.

If you have questions about securing HIPAA-regulated research data at IU, email securemyresearch@iu.edu. SecureMyResearch provides self-service resources and one-on-one consulting to help IU researchers, faculty, and staff meet cybersecurity and compliance requirements for processing, storing, and sharing regulated and unregulated research data; for more, see About SecureMyResearch. To learn more about properly ensuring the safe handling of PHI on UITS systems, see the UITS IT Training video Securing HIPAA Workflows on UITS Systems. To learn about division of responsibilities for securing PHI, see Shared responsibility model for securing PHI on UITS systems.

For more about managing institutional data at IU, see Data Management.

This is document avqg in the Knowledge Base.
Last modified on 2023-08-16 13:09:49.