UNIVERSITY STANDARD. Title UNIVERSITY OF NORTH CAROLINA AT CHAPEL HILL STANDARD ON ENTERPRISE DATA GOVERNANCE. Introduction
|
|
- Abner Rogers
- 6 years ago
- Views:
Transcription
1 UNIVERSITY STANDARD Issuing Office Responsible University Title UNIVERSITY OF NORTH CAROLINA AT CHAPEL HILL STANDARD ON ENTERPRISE DATA GOVERNANCE PURPOSE Introduction This Standard to the Policy on Enterprise Data Governance describes the roles, responsibilities, and scope of authority of the Enterprise Data Coordinating Committee (EDCC), Data Trustees, Data Stewards, Data Managers, and Data Custodians. Further, this Standard defines data types that comprise University Enterprise Data and identifies the Data Trustees responsible for each type. SCOPE OF APPLICABILITY University Constituents with responsibility for management of Enterprise Data. Standard ROLES The Policy on Enterprise Data Governance establishes certain roles with responsibility for Enterprise Data. This Standard delineates both business and technical roles and accompanying responsibilities. This Standard also describes the roles and responsibilities of the Enterprise Data Coordinating Committee. All University Constituents have responsibilities for protecting Enterprise Data in conformance with applicable law and University Policy. Those in the roles described below have specific and additional responsibilities. Additional responsibilities may be assigned by Data Trustees and/or their delegates. Page 1 of 14
2 Responsible University Enterprise Data Coordinating Committee (EDCC) Responsibilities Provide guidance for the effective management and protection of all Enterprise Data Support efforts to develop and improve Policies, Standards, or Procedures related to Enterprise Data governance Provide guidance regarding proper management of Enterprise Data that cross stewardship boundaries Communicate with the University community regarding Enterprise Data management and applicable Policies, Procedures, and Standards Advise the University s Chief Information (CIO) regarding issues related to Enterprise Data governance Recommend and oversee initiatives that improve Enterprise Data management Define functions and responsibilities of individuals with designated data management roles and maintain list of individuals assigned to those roles within the University Classify new or existing data elements that comprise Enterprise Data and identify applicable sources of authority for each type Develop and oversee processes by which University constituents (schools, departments, units, individuals) consult with appropriate Data Trustees or Data Stewards to ensure that the appropriate approvals have been obtained before Enterprise Data is disclosed to third parties Business Roles and Responsibilities Individuals in designated data management roles may delegate their assigned responsibilities as appropriate. Fundamental responsibilities applicable to all roles include: Observe ethical obligations applicable to Enterprise Data Report violations of University policy or law or Report instances of perceived risk to security of Enterprise Data Ensure use of Enterprise Data in the best interests of the University Respect confidentiality and privacy rights of individuals Access and use Enterprise Data only for legitimate University purposes Complete training designated by the CIO applicable to the role and seek any additional information needed to understand and perform the role and fulfill its responsibilities Page 2 of 14
3 Responsible University Data Trustee Role Relative to other roles, Data Trustee have the highest responsibility for managing Enterprise Data in compliance with applicable University policies and legal and regulatory requirements. Data Trustees should be knowledgeable of applicable laws and regulations relevant to the Enterprise Data over which they have responsibility. Additional responsibilities of Data Trustees include: Promulgate Policy within scope of responsibility relevant to Enterprise Data Oversee implementation of applicable federal and state laws and regulations and University Policies, Standards, Procedures and guidelines with respect to data access and management Determine the appropriate classification level for data subsets in accordance with the Standard for Information Classification Assist in managing stewardship of shared data elements that cross multiple units or divisions and assist in efforts to minimize multiple repositories for the same data. For example, Person ID (PID) may have more than one Data Trustee since it is collected and/or used in multiple systems, such as financial, human resources, and student systems Evaluate and decide requests, particularly high-risk and atypical requests, for access to Enterprise Data within scope of responsibility. Review and decide requests for new uses of Enterprise Data or collections of data within scope of responsibility (e.g., transfer of Enterprise Data to internal or third-party repositories, databases, or applications). Determine criteria and differentiate requests requiring business approval from those where technical role or other approval is appropriate. Select appropriate Data Stewards, Data Managers, and Custodians, document and communicate those selections to the EDCC Designate above roles and define, document, and communicate their scope of responsibility and authority. Ultimate responsibility for the relevant Enterprise Data segment rests with the Data Trustee regardless of delegation of authority to others. Page 3 of 14
4 Responsible University Data Steward Responsibilities Adhere to and implement applicable federal and state laws and regulations and University policies, standards, procedures and guidelines with respect to data access and management. Ensure that applicable data quality and data definition standards are met. In cooperation with Technical Data Stewards and Managers, establish authorization procedures to facilitate appropriate data access and ensure security for that data. Develop standard definitions for data elements within scope of authority, including those that cross multiple units or divisions. For example, establish a uniform definition of full-time employee or unique definitions as appropriate for each data element. Perform appropriate review and recertification of user access for information systems that work with sensitive information (classified as Tier 2 or Tier 3 under the Information Classification Standard). Decide requests for access to Enterprise Data within the Data Steward s functional area, specifying the appropriate access procedure, and ensuring appropriate access rights and permissions according to data classification. Consult Data Trustee for atypical or high-risk requests for access. Ensure that any appropriate Memoranda or other document is in place for the access. Ensure that necessary training and support is in place for Users of the data for which Stewards are responsible. Support efforts to educate users about best practices in data management and information handling. Consult with Data Managers, Custodians, and Users as appropriate to promote effective Enterprise Data management and protection. Ensure that Information Security Liaisons are designated for their respective business unit(s) in accordance with the Information Security Liaison Policy. Ensure that documentation exists for each data element, including at a minimum: data source, data provenance, data element business name, and data element definition. Recommend appropriate Policies related to the management of Enterprise Data. Oversee data accuracy and integrity. Implement programs for data quality improvement. Evaluate risk for specific uses of data. Ensure appropriate generation, use, retention, and disposal, etc. of data and Page 4 of 14
5 Responsible University information consistent with University Policies. Determine archiving and retention requirements for data elements and ensure that storage and backup is occurring as appropriate. Ensure that employees are properly trained in the management of data, including retention, data handling, and data security. Define Standards for documentation of data elements. Select and oversee Data Managers and/or Custodians and ensure their assigned responsibilities are adequately and consistently fulfilled. Determine content and organization of official University reports and assist in preparing reports as needed. Coordinate with Technical Data management roles with respect to data retention, disposition, preservation. Define the scope of responsibilities for all Data Managers and Data Custodians appointed by the Steward, communicate that scope of authority Ensure separation-of-duties structures are present, effective, and verified where required. Resolve issues in data element definitions across data segments. Prioritize data management activities. Work with appropriate University contracting unit to ensure that obligations for data management are incorporated as in agreements with third parties to which the University grants access or rights to Enterprise Data. Consult with Office of University Counsel and/or contracting unit as needed. Ensure that obligations of other University units who use or access Enterprise Data within Data Steward s scope of responsibility are defined and appropriately documented. Authorize privileged access for users in business roles. Establish action plans to implement data Policy. Ensure appropriate data lifecycle and retention Standards. Identify data entities and data sources comprising Enterprise Data. Evaluate security of delivery modes for transmission of data. Maintain knowledge of legal and regulatory requirements for one data segment. Exercise due care and supervision in delegation of responsibilities. Ensure that employees are educated in their roles and responsibilities for data retention. Establish specific goals, objectives for data management and monitor Page 5 of 14
6 Responsible University progress toward implementation. Data Manager Responsibilities Data Managers are appointed by Stewards (or Trustees) and assigned a specific scope of authority and responsibility. Data Managers often have subject matter expertise for Enterprise Data for which they have responsibility or access. Responsibilities of Data Managers include the following: Decide requests for use or access to Enterprise Data for University business purposes (as opposed to technical support/management purposes). Apply the principle of least privilege (granting only the access needed to perform the required tasks) and work with technical staff to understand and implement security controls governing systems under their control. Comply with applicable federal and state laws and University policies, standards, procedures and guidelines with respect to data access and management. Instruct University users in proper handling of Enterprise Data within Data Manager s scope of authority. Document data definitions for each data element within the domain of Data Manager s operational unit(s). Communicate data definitions and/or recommended changes to existing definitions to the appropriate Data Custodian(s). Identify overlapping domains of authority with Data Manager s area of responsibility and coordinate or escalate to Data Steward when clarification is needed or operational changes should be considered. Assist Data Steward in determining content and organization of official University reports and assist in preparing reports as needed. Create processes and procedures to ensure the accuracy, privacy and integrity of the Enterprise Data they manage. Assist in the design of data warehouse structures that contain Enterprise Data from their subject matter areas of responsibility. Implement business unit procedures in accordance with University policies. Review and monitor compliance with administrative procedures and processes Resolve conflicts in data attributes. Consult as needed with data users and other University constituents Recommend policies or modifications to polices to Stewards and Trustees Communicate material changes to applicable policies and procedures to Data Custodians, users, and other University Constituents. Page 6 of 14
7 Responsible University Determine update precedence when multiple data sources exist, in cooperation with Technical Data roles. Data Custodian Responsibilities Understand and report on Enterprise Data storage, processing and transmission of Enterprise Data within the University and by third-party vendors and agents (including cloud providers). Deliver data or data-feeds as authorized. Facilitate approved access to Enterprise Data based on standard procedures. Report security and privacy risks. Recommend procedures to satisfy privacy, security, and compliance requirements. Collect, capture, and maintain accurate, valid, and timely data along with necessary components for understanding that data (e.g. source, provenance, business name, definition). Technical Roles and Responsibilities The Vice Chancellor (VC) for Information Technology and CIO Responsibilities With the advice of the Enterprise Data Coordinating Committee: Develop and improve Policies, Standards, and/or Procedures related to Enterprise Data governance. Resolve conflicts arising under Enterprise Data governance and management policy in collaboration with Data Trustees and Stewards. As needed, designate training requirements for Enterprise Data governance roles (business and technical). Determine the scope of Enterprise Data. IT Guardian Responsibilities IT Leader who serves in a gatekeeping and enforcement role, as well as managing defined IT functions with respect to Enterprise Data. The following IT Guardian responsibilities are to be performed in collaboration with Enterprise Data management business roles, and in accordance with applicable federal and state laws and Page 7 of 14
8 Responsible University regulations and University policies, standards, procedures and guidelines with respect to data access and management: Establish a safe and secure environment for the storage of Enterprise Data. Ensure operational continuity by backing up Enterprise Data according to schedules determined in collaboration with Enterprise Data roles, and establishing data restoration protocols. Establish technical procedures and processes for granting, revoking, and monitoring of access to Enterprise Data. Assign technical tasks and responsibilities including through documented delegations of responsibility. Provide staffing and systems to execute data management activities. Oversee activities of technical staff. Establish and maintain approved and prioritized data feed requests based on rules provided by Enterprise Data management business roles. Manage technical projects relevant to Enterprise Data management, including, as necessary in the discretion of the IT Guardian, in collaboration with data management roles and in consultation with appropriate University constituents. Advise and assist Data Trustee/Steward in assessing and mitigating risks to Enterprise Data management. Establish processes and procedures for the retention, disposition, and preservation of Enterprise Data at the direction of Enterprise Data Trustees/Stewards and in compliance with University policy. Authorize and periodically review administrator and other privileged or elevated access requests for users in technical roles. Assist Data Trustees and Stewards in resolving conflicts relating to access to Enterprise Data. Enterprise Data Types and Trustee Positions The following table outlines the common types of Enterprise Data and the corresponding positions that function as Data Trustees for each type. Some types of Enterprise Data may not fall into any of the categories below, and are still subject to related policies. Some types of Enterprise Data may fall into more than one of the categories below and may therefore have more than one responsible Data Trustee. Conflicts concerning Enterprise Data classification are managed and resolved according to the responsibilities and authority of the management roles described above. Page 8 of 14
9 Responsible University Type Trustee Description/notes Development VC for Development Includes all aspects of development data Financial information related to alumni, clubs, other fundraising, demographic information. Academic (Organizational and Administrative) Facilities Financial Human Resources Information Technology Executive VC and Provost VC for Finance & Administration VC for Finance & Administration VC for Workforce Strategy Equity and Engagement VC for Information Technology and CIO Accreditation reports, schedules, and similar. Inventory of programs. Degree, certificate, or other offerings. Student outcome reports. Required courses. Instructional administration. Includes the facilities services data of the University, including space-planning data, construction, maintenance, real estate management, operational data, reservations and physical-descriptive data. Data related to the management of fiscal resources of the University including accounting, accounts payable, accounts receivable, budgeting, capital assets, investments, inventory, loans, payroll information, purchasing, risk management, and treasury. Data and records relating to University employees, including employee demographics, benefits, retirement, and EEO data, vitas, employee evaluations, faculty accomplishments and awards, training records, and promotion and disciplinary data. Student employee data may be part of both the student record and Human Resources record. Data and records relating to Information Technology Services provisioning and management of the technology infrastructure. Page 9 of 14
10 Library and Information Resources Organizational Person Registry Associate Provost & University Librarian Executive VC and Provost Joint Responsibility shared by: Executive VC and Provost as well as VC for Workforce Strategy, Equity, and Engagement Responsible University Data and records related to management activities and information-resource-collection activities of the University libraries including databases of purchased and locally-produced information and all files of University archives and other special collections. Data and records regarding the internal organizational structure of the University and identifies hierarchical relationships among individual entities. Supports the ability to organize and aggregate/disaggregate various kinds of institutional data using standard reporting structures adopted to meet business or functional needs. Data may include responsible position or unit (vice chancellor, division, department, etc.), intra-university relationships, official names of University units, reporting abbreviations, codes and account numbers, type of organization (academic vs. administrative, health vs. academic affairs, etc.), and status (active/inactive). Data and records related to the management of identity and authentication for individuals associated with the University including the creation of unique data elements (e.g., PID and UNC OneCard) that provide identification and resolution for merging of identity records. Personregistry data can be used to provision other applications that are managing privileges to authorized individuals or groups. Page 10 of 14
11 Student and Instruction Athletics administration Clinical Data in HIPAA Covered Units Public Web/Social- Media Content Research Administration Audit Executive VC and Provost Executive VC and Provost and Director of Athletics Dean or equivalent of each Unit VC for Communications VC for Research Director of Internal Audit Responsible University Data and records regarding all phases of a student s relationship with the University from expression of interest through alumni status except as noted elsewhere. This includes, but is not restricted to, demographic data, academic, disciplinary, and medical records, course information, admissions data, housing, financial aid, and employment with the University which is dependent on student status. Financial aid, Admissions, Student Athlete, International Student, Instruction, Institutional Research, Distance Learning, Continuing Education. Recruiting, scheduling, and other Athletics administration. Dentistry, Nursing, Psychology clinics. Campus Health Services, ITS, and other units with responsibility for patient records and related Protected Health Information. Web and social-media content on University sites or representing the University and sourced or maintained by University Constituents. Includes records that represent grants & contracts (proposals and awards) the University has received and executed including dates, amounts, responsible units, project teams, percent effort, and others as appropriate. Research and grant proposals and research results are excluded. Information collected or maintained by Internal Audit as a function of their auditing role. Page 11 of 14
12 Legal VC and General Counsel Responsible University Records relating to University legal matters. Definitions Access: The right to read, enter, copy, query, download, or update data. Data: The representation of discrete facts; any information in electronic or audiovisual format, and any hardware or software that enables the storage and use of such information. The SAA Glossary of Archival and Records Terminology ( Facts, ideas, or discrete pieces of information, especially when in the form originally collected and unanalyzed. Enterprise Data: Any data or records created or received by UNC-Chapel Hill employees or other constituents in the performance or transaction of University business except where excluded under the Policy or Standard on Enterprise Data Governance. Enterprise Data includes, but is not limited to, machine-readable data, data in electronic communication systems, data in print, and backup and archived data on all media. University Constituents: UNC-Chapel Hill faculty, staff, students, retirees and other affiliates, contractors, distance learners, visiting scholars and others who use or access UNC-Chapel Hill resources. Page 12 of 14
13 Responsible University Related Requirements EXTERNAL REGULATIONS AND CONSEQUENCES Americans with Disabilities Act of 1990 FTC Red Flags Rule Family Educational Rights and Privacy Act (FERPA) Gramm Leach Bliley Act (GLBA) HIPAA Privacy Rule HIPAA Security Rule HIPAA Breach Notification Rule North Carolina Identity Theft Protection Act of 2005 North Carolina Public Records Law General Statutes 121 North Carolina Public Records Law General Statutes 132 North Carolina State Personnel Policies Payment Card Industry (PCI) Data Security Standard (DSS) The Electronic Communications Privacy Act of 1986 (ECPA) UNIVERSITY POLICIES, STANDARDS, AND PROCEDURES Standard for Enterprise Data Governance Data Classification Standard Information Security Controls Standard Privacy of Protected Health Information Policy PHI Confidentiality Statement University Records and Disposition Schedule PRIMARY CONTACT ITS Policy Office: Contact Information Page 13 of 14
14 Responsible University Effective Date and title of Approver: a. Effective Date: 01/02/2018 b. Approver: Chief Information Important Dates Revision and Review Dates, Change notes, title of Reviewer or Approver: a. Last Revised Date: N/A b. Revised by: c. Substantive Revisions: Page 14 of 14
Standard Statement and Purpose
Personnel Security Standard Responsible Office: Technology Services Initial Standard Approved: 10/23/2017 Current Revision Approved: 10/23/2017 Standard Statement and Purpose Security of information relies
More informationAudit Committee Presentation FY2011 Audit Plan (annual risk assessment) August 16, 2010
Audit Committee Presentation FY2011 Audit Plan (annual risk assessment) August 16, 2010 INTERNAL AUDITS ACADEMIC ENTERPRISE Are research and development expenses expended in accordance with the terms of
More informationRetired: Revised: July 1, Subject: Office of General Counsel/Compliance Records Retention Policy
Page 1 of 13 Effective Date: March 13, 2003 Retired: Revised: July 1, 2014 APPROVED BY: A. Cherrie Epps, Ph.D. President and Chief Executive Officer Subject: Office of General Counsel/Compliance Records
More informationScope Policy Statement Reason For Policy Procedure Definitions Sanctions Additional Contacts History. Scope. University Policies.
Management of Human Resource Records: Personnel Records for Staff and Temporary Employees and Benefit Program Records for All Employees, Retirees, and COBRA Participants About This Policy Effective Date:
More informationIdentity Provider Policy. Identity and Authentication Services (IA Services)
Identity Provider Policy Identity and Authentication Services (IA Services) Table of Contents 1 Background... 1 1.1 ehealth Ontario Identity Federation... 1 1.2 Purpose... 1 1.3 Objectives... 1 1.4 Scope
More informationASSOCIATE VICE PRESIDENT, ADMINISTRATIVE SERVICES
DEFINITION ASSOCIATE VICE PRESIDENT, ADMINISTRATIVE SERVICES Under administrative direction, plans, organizes, manages, and provides administrative direction and oversight for all functions and activities
More informationSHRINERS HOSPITALS FOR CHILDREN CORPORATE COMPLIANCE PLAN
SHRINERS HOSPITALS FOR CHILDREN CORPORATE COMPLIANCE PLAN 1.0 INTRODUCTION Shriners Hospitals for Children ( SHC ) is committed to conducting itself according to applicable business ethical standards and
More informationInternal Control Vulnerability Assessment (January 2011) Unit Name. Prepared by. Title. Reviewed by. Title. Reviewer s Comments
Internal Control Vulnerability Assessment (January 2011) Division Unit Name Prepared by Date Title (For Internal Control Team Use Only) Reviewed by Date Title Reviewer s Comments Return completed assessment
More informationOffice of Compliance Program Report
Office of Compliance Program Report January 2012 - December 2014 Table of Contents Executive Summary... 1 Background... 1 Compliance Program Strategic Plan... 2 Risk Report and Progress... 3 Compliance
More informationACADEMIC DEPARTMENT FISCAL REVIEW
CSU The California State University Office of Audit and Advisory Services ACADEMIC DEPARTMENT FISCAL REVIEW California State University, Dominguez Hills College of Health, Human Services, and Nursing Audit
More informationElectronic Records Management at MSU
Electronic Records Management at MSU Cynthia Ghering, Director UAHC Whitney Miller, University Records Archivist Deborah Gouin, Electronic Records Archivist Richard Adler, Electronic Records Archivist
More informationCFPB Compliance Management Review
General Principles and Introduction Supervised entities within the scope of CFPB s supervision and enforcement authority include both depository institutions and non-depository consumer financial services
More informationCorporate Governance. Basic Approach to Corporate Governance. 1. Outline of corporate governance structure
Corporate Governance Basic Approach to Corporate Governance The Bank s management policy is to improve management efficiency and transparency to receive high evaluation from and build unshakable bonds
More informationManagement Excluded Job Description
Management Excluded Job Description 1. Position Identification Position Number 993234 Position Title Department Reports to (title) Associate Director, Supply Management Purchasing Services Director, Purchasing
More informationVice Chancellor, Human Resources District Office Kern Community College District JOB DESCRIPTION
Vice Chancellor, Human Resources District Office Kern Community College District JOB DESCRIPTION Definition Under the direction of the Chancellor, the Vice Chancellor, Human Resources provides leadership
More information3.6.2 Internal Audit Charter Adopted by the Board: November 12, 2013
3.6.2 Internal Audit Charter Adopted by the Board: November 12, 2013 I. PURPOSE The purpose of this Charter is to formally define LACERS internal audit function s purpose, authority, and responsibility.
More informationInformation Security Education and Awareness Training
Information Technology Information Security Education and Awareness Training Standard Identifier: IT-STND-002 Revision Date: 9/1/2016 Effective Date: 3/1/2015 Approved by: BOR CIO Approved on date: 10/17/2014
More informationLibrary Technician - University COMPETENCY PROFILE
Description of Work: Positions in this banded class are characterized by the performance of a variety of duties in the field of information science and knowledge management, typically provided in a library
More informationInforming Collaborative Design
Informing Collaborative Design 1 Systemwide Activity Analysis Results by Function # Administrative Assessment Functions Sum of FTE % of FTE Sum of Gross Salary (m) 1 Facilities 1529.4 12.9% $59.9 2 Information
More informationDirector s Draft Report
Office of Audit and Evaluation March 2, 2017 Director s Draft Report Protected B Table of contents Executive summary... i Introduction... 1 Focus of the audit... 2 Statement of conformance... 2 Observations...
More informationPolicy: Delegation of Financial Authority
Policy: Delegation of Financial Authority 1 Purpose The purpose of this Policy is to assign financial authority to University positions; outline the responsibilities and accountabilities of a Financial
More informationCopyright 2018, Tech Mahindra. All rights reserved. WORKER PRIVACY NOTICE
Copyright 2018, Tech Mahindra. All rights reserved. Table of Contents 1. SCOPE OF APPLICATION... 3 2. DETAILS OF THE NOTICE... 3 2.1 WHAT PERSONAL DATA WE COLLECT... 3 2.2 WHY WE COLLECT, USE AND STORE
More informationA Guide to Understanding the Fundamental Concepts of Governance for Scrum Alliance, Inc.
A Guide to Understanding the Fundamental Concepts of Governance for Scrum Alliance, Inc. INTRODUCTION This document describes the requirements and expectations of the Board of Directors of Scrum Alliance,
More informationBoard Approved March 8, 2017 FLSA: EXEMPT CHIEF COMPLIANCE AND COLLEGE BUDGET OFFICER DEFINITION
Board Approved March 8, 2017 FLSA: EXEMPT CHIEF COMPLIANCE AND COLLEGE BUDGET OFFICER DEFINITION Under administrative direction and oversight of the Vice President, Administrative Services, the Chief Compliance
More informationCREDENTIALS - OFFICE OF BUSINESS AND FINANCE EDUCATION AND PRINCIPAL JOB RESPONSIBILITIES
NAME Betty Smith Robin Deaver Jeannie Plummer Charles Smith CREDENTIALS - OFFICE OF BUSINESS AND FINANCE EDUCATION AND PRINCIPAL JOB RESPONSIBILITIES CERTIFICATIONS Develop, plan implement, and administer
More informationInformation Technology Services Procedures
Page 1 of 17 Table of Contents 1 General Scope and Responsibilities... 2 2 Entities Affected by this Procedure... 2 3 Definitions... 2 4 Requirements... 3 4.1 Access Control Requirements... 3 4.2 Personnel
More informationMott Community College Job Description
Title: Director - Financial Aid Office Department: Student Success Reports To: Vice President of Student Success Date Prepared/Revised: February 9, 2010 / March 25, 2013, November 15, 2017 Purpose, Scope
More informationKentucky State University Office of Internal Audit
Draft for Discussion Only P&P Manual Section - Policy# I. Function and Responsibilities MISSION Mission Statement Definition of Internal Auditing PURPOSE, AUTHORITY, RESPONSIBILITY Audit Charter STANDARDS
More informationM E M O R A N D U M. The proposed resolution approves the adoption of a compliance program for the State University of New York.
Board Resolution -1- November 15, 2018 M E M O R A N D U M November 15, 2018 TO: FROM: SUBJECT: Members of the Board of Trustees Kristina Johnson, Chancellor Adoption of a Compliance Program Action Requested
More informationBCE INC. BOARD OF DIRECTORS CHARTER (INCLUDING BOARD CHAIR POSITION DESCRIPTION)
BCE INC. BOARD OF DIRECTORS CHARTER (INCLUDING BOARD CHAIR POSITION DESCRIPTION) Board of Directors I. Purpose The Board of Directors ( Board ) of BCE Inc. (the Corporation ) is responsible for the supervision
More informationAC C O U N T AN T Schematic Code ( )
I. DESCRIPTION OF WORK AC C O U N T AN T Schematic Code 10751 (31000025) Positions in this banded class perform professional accounting work with responsibility for accounting and/or budgeting functions.
More informationCHAPTER 6 GOVERNMENT ACCOUNTABILITY
Kern County Administrative Policy and Procedures Manual CHAPTER 6 GOVERNMENT ACCOUNTABILITY Section Page 601. General Statement... 1 602. Definitions... 1 603. Fraud, Waste, and Abuse... 1 604. Fraud Protocol...
More informationInternal Control in Higher Education
Internal Control in Higher Education Daniel Adams Office of Audit Services Audit Services Mission To provide assurance and advisory services that are independent, objective and risk-based in order to protect
More informationFinancial Resources: Control of finances The institution exercises appropriate control over all its financial resources.
3.10.3 Financial Resources: Control of finances The institution exercises appropriate control over all its financial resources. Judgment Compliant Non-Compliant Not Applicable Compliance Report Narrative
More informationVBI VACCINES INC. BOARD OF DIRECTORS MANDATE. Adopted September 23, 2016
BOARD OF DIRECTORS MANDATE Adopted September 23, 2016 1. Purpose The members of the Board of Directors (the Board ) have the duty to supervise the management of the business and affairs of SciVac Therapeutics
More informationCERT Resilience Management Model, Version 1.2
CERT Resilience Management Model, Asset Definition and Management (ADM) Richard A. Caralli Julia H. Allen David W. White Lisa R. Young Nader Mehravari Pamela D. Curtis February 2016 CERT Program Unlimited
More informationUPMC POLICY AND PROCEDURE MANUAL
SUBJECT: Value Analysis Program DATE: November 8, 2013 I. POLICY UPMC POLICY AND PROCEDURE MANUAL POLICY: HS-MM0302 * INDEX TITLE: Supply Chain Management It is the policy of UPMC to provide a single,
More informationKYAMBOGO UNIVERSITY. P.O. BOX 1, KYAMBOGO Tel: Fax: website:
KYAMBOGO UNIVERSITY P.O. BOX 1, KYAMBOGO Tel: 0414 286 452 Fax: 0414 220 464 Email: dhrkyu@kyu.ac.ug; website: www.kyu.ac.ug Directorate of Human Resources SENIOR MANAGEMENT JOB OPPORTUNITIES Kyambogo
More informationConflict of Interest or Commitment
Conflict of Interest or Commitment The Mission of Palmer College of Chiropractic (College) is communicated through core institutional documents describing our Identity, Vision, Values, Practice Paradigm,
More informationMUSEUM OF TEXAS TECH UNIVERSITY
MUSEUM OF TEXAS TECH UNIVERSITY Operating Policy : Code of Ethics Date: circa 1998; revised 2005 (reviewed June 2013) Purpose: Review: The Code of Ethics establishes the values and principles shared by
More informationPrivacy Statement. Information We Collect
Privacy Statement Kelly Services, Inc. and its subsidiaries ("Kelly Services" or Kelly ) respects your privacy and we acknowledge that you have certain rights related to any personal information we collect
More informationEHRA Non Faculty Salary Structure
AA 1 Unused ~ Reserved for Future Use I Unused AA 2 Associate Vice Chancellors, Associate Provosts, II $128,100 $204,900 $300,400 Vice Provosts A1 Academic Administration/University Programs I $81,800
More informationBOARD SELF-EVALUATION TOOL
BOARD SELF-EVALUATION TOOL The following assessment tool is to be completed at a meeting of the Board of Directors. We believe that this assessment can be completed in about 30 minutes, but the more time
More informationAG GROWTH INTERNATIONAL INC. BOARD OF DIRECTORS TERMS OF REFERENCE
AG GROWTH INTERNATIONAL INC. BOARD OF DIRECTORS TERMS OF REFERENCE 1. Introduction The Board of Directors (the "Board") of Ag Growth International Inc. (the "Corporation") is responsible for managing or
More informationGOODWILL INDUSTRIES OF COLORADO SPRINGS
GOODWILL INDUSTRIES OF COLORADO SPRINGS CORPORATE COMPLIANCE PROGRAM ADOPTED : By the Board of Directors Date: October 25, 2005 Attachment 2 Memorandum 10-41 TABLE OF CONTENTS Corporate Compliance Program
More informationInternal Audit Charter
Internal Audit Charter Authority Source: Endorsed by the Audit and Risk Management Committee and approved by the Vice- Chancellor Approval Date: 20/10/2017 Publication Date: 24/10/2017 Review Date: 20/10/2018
More informationPrivacy and Information Security Sanction Policy
Effective Date: November 2018 Policy Statement Privacy and Information Security Sanction Policy All workforce members, including faculty, staff, and students, are expected to comply with the organization
More informationConflicts of Interest and Conflicts of Commitment Policy and Approval Guidelines
Conflicts of Interest and Conflicts of Commitment Policy and Approval Guidelines 8.2.18.2 Conflicts of Interest and Conflicts of Commitment 8.2.18.2.1 Conflicts of Interest and Appearances of Conflicts
More informationABCANN GLOBAL CORPORATION CORPORATE GOVERNANCE POLICIES AND PROCEDURES
ABCANN GLOBAL CORPORATION CORPORATE GOVERNANCE POLICIES AND PROCEDURES OCTOBER 12, 2017 LIST OF SCHEDULES A. Board Mandate B. Audit Committee Charter C. Compensation Committee Charter D. Nominating and
More informationPOLICY & PROCEDURES MEMORANDUM
Policy No. BA-1260.1 POLICY & PROCEDURES MEMORANDUM TITLE: INTERNAL CONTROL SYSTEM EFFECTIVE DATE: February 13, 1996* (*Procedural/Title Updates 1/12/16, 1/27/15; CANCELLATION: CATEGORY: none Business
More informationBusiness Capabilities Definitions
Definitions for Northwestern Business Capabilities by Category Student Recruit Source Prospects Includes the identification, engagement and pursuit of potential students. Convert Prospects Focuses on the
More informationGSBA Governance Team Self-Assessment
GSBA Governance Team Self-Assessment Georgia School Boards Association The governance team self-assessment, which is based upon the Georgia State Board of Education Standards for Effective Governance,
More informationSample Position Description Board of Directors
Sample Position Description Board of Directors Duties and Expectations of a Director Purpose The hospital is committed to ensuring that it achieves standards of excellence in the quality of its governance
More informationSimple, Scalable, Real-time Protection
Data Sheet Simple, Scalable, Real-time Protection Practical Content Security With Egnyte Protect, companies can quickly find and safeguard the content that matters most. It is simple to use, requires almost
More informationWashington Headquarters Services ADMINISTRATIVE INSTRUCTION
Washington Headquarters Services ADMINISTRATIVE INSTRUCTION NUMBER 94 October 19, 2007 Incorporating Change 2, July 17, 2017 DFD FSD SUBJECT: Personal Property Management and Accountability References:
More informationRESOLUTION THE BOARD OF DIRECTORS WASHINGTON, D.C. Monday, May 1, unanimously
RESOLUTION THE BOARD OF DIRECTORS WASHINGTON, D.C. Monday, May 1, 2006 unanimously WHEREAS, The Corporation for Public Broadcasting, as the steward of the American people s investment in the public broadcasting
More informationIBM Clinical Trial Management System for Sites
Service Description IBM Clinical Trial Management System for Sites This Service Description describes the Cloud Service IBM provides to Client. Client means the contracting party and its authorized users
More informationPRUDENTIAL FINANCIAL, INC. CORPORATE GOVERNANCE PRINCIPLES AND PRACTICES
PRUDENTIAL FINANCIAL, INC. CORPORATE GOVERNANCE PRINCIPLES AND PRACTICES A. THE ROLE OF THE BOARD OF DIRECTORS 1. Direct the Affairs of the Corporation for the Benefit of Shareholders The Prudential board
More informationAdministrative Analyst/Specialist Non-Exempt
Administrative Analyst/Specialist Non-Exempt Entry to this classification requires general knowledge and skills in the applicable administrative and/or program field with a foundational knowledge of public
More informationTEACHERS RETIREMENT BOARD. AUDITS AND RISK MANAGEMENT COMMITTEE Item Number: 9 SUBJECT: Scope and Structure of the Enterprise Compliance Program
TEACHERS RETIREMENT BOARD AUDITS AND RISK MANAGEMENT COMMITTEE Item Number: 9 SUBJECT: Scope and Structure of the Enterprise Compliance Program CONSENT: ATTACHMENT(S): 3 ACTION: DATE OF MEETING: / 30 mins
More informationRESEARCH OPERATIONS MANAGER
RESEARCH OPERATIONS MANAGER Description of Work: The primary role of this position is to manage and supervise all activities necessary to operate one or more research work settings such as a laboratory,
More informationBoard Charter. Values Statement for IDCARE
Board Charter New Zealand Entity Company Number 4918799 NZ Business Number 9429041070109 Australian Entity ABN 84 164 038 966 Values Statement for IDCARE In all its planning, services and behaviour, IDCARE
More informationPreferred Education, Experience or Other Qualifications
KITSAP COUNTY invites applications for the position of: HUMAN RESOURCES ANALYST SALARY: $27.32 - $34.87 Hourly $56,825.60 - $72,529.60 Annually OPENING DATE: 06/08/15 CLOSING DATE: 07/17/15 11:00 PM GENERAL
More informationInformation Security Policy
Information Security Policy Issue sheet Document reference Document location Title Author Issued to Reason issued NHSBSARM001 NHS Business Services Authority Information Security policy Head of Security
More informationGROUP 1 AUTOMOTIVE, INC. AUDIT COMMITTEE CHARTER
GROUP 1 AUTOMOTIVE, INC. AUDIT COMMITTEE CHARTER The Board of Directors (the Board ) of Group 1 Automotive Inc. (the Company ) has heretofore constituted and established an Audit Committee (the Committee
More informationDevelopmental Delay Rehabilitation Services Inc.
Developmental Delay Rehabilitation Services Inc. Corporate Compliance Plan Terence Blackwell, CEO Nathan Cohen, CCC/SLP, President Corporate Compliance Officer Table of Contents Section Name I. Corporate
More informationRecords Retention Schedule
Plymouth University Records Retention Schedule Author: Date: 18/12/2015 Elena Menendez-Alonso (Digital Curator) Security Level: PUBLIC Status: Published Version: 1.0 Review Date: 31/12/2017 Contents 1.
More informationStandards for Excellence Program Organizational Self-Assessment Checklist
Standards for Excellence Program Organizational Self-Assessment Checklist Instructions for using the checklist: if the organization has met the standard, X if the organization has not met the standard,
More informationCORPORATE GOVERNANCE GUIDELINES As Amended and Restated by the Board of Directors November 14, 2017
CORPORATE GOVERNANCE GUIDELINES As Amended and Restated by the Board of Directors November 14, 2017 Role and Functions of the Board of Directors The role of the Board of Directors (the Board ) of Anadarko
More informationCompliance Program Effectiveness Guide
Compliance Program Effectiveness Guide June 2017 This Guide is a comparison of: Compliance Program Elements New York State, Social Services Law 363-D Office of Inspector General (OIG) Compliance Program
More informationGlobal Privacy Policy
Global Privacy Policy Table of Contents Introduction... 2 Policy Overview Scope Application of Local Laws Definitions.... 3 Data Protection Principles... 4 Security and Access... 5 Special Circumstances....
More informationCDK GLOBAL, INC. AUDIT COMMITTEE CHARTER Effective January 20, 2016
CDK GLOBAL, INC. AUDIT COMMITTEE CHARTER Effective January 20, 2016 I. Purpose The Audit Committee (the Committee ) of the Board of Directors (the Board ) of CDK Global, Inc., a Delaware corporation (the
More informationManaging Legal and Operational Risk in IT Agreements
Managing Legal and Operational Risk in IT Agreements Presented by: Donna Pond, Senior Director, Lead Counsel, Shire Pharmaceuticals Evan J. Foster, Partner, Saul Ewing LLP Agenda: Special issues in: Conventional
More informationPosition Summary ANALYST II. Non-Exempt. Uncovered CLOSEOUT ANALYST. Ahmad Hakim-Elahi
Page 1 of 5 Position Summary Employee Details Employee First Name: Employee Last Name: Employee ID: Classification Payroll Title: ANALYST II Payroll Title Code: 7235 Job Group: Overtime Eligible: (FLSA)
More informationCompliance Monitoring and Enforcement Program Implementation Plan. Version 1.7
Compliance Monitoring and Enforcement Program Table of Contents TABLE OF CONTENTS NERC Compliance Monitoring and Enforcement Program... 1 Introduction... 2 NERC Compliance Monitoring and Enforcement Program
More informationVICE CHANCELLOR, HUMAN RESOURCES AND EMPLOYEE RELATIONS
VICE CHANCELLOR, HUMAN RESOURCES AND EMPLOYEE RELATIONS The San Bernardino Community College District The San Bernardino Community College District (SBCCD) has 1,300 faculty and staff that don t just perform
More informationUNIVERSITY OF PITTSBURGH POLICY CATEGORY: RESEARCH ADMINISTRATION SECTION: Research SUBJECT:
UNIVERSITY OF PITTSBURGH POLICY 11-01-07 CATEGORY: RESEARCH ADMINISTRATION SECTION: Research SUBJECT: Sponsored Projects Effort Reporting/Certification EFFECTIVE DATE: December 19, 2012 PAGE(S): 8 Subject
More informationEqual Employment Opportunity AP 3420
Reference: Education Code Sections 87100 et seq.; Title 5 Sections 53000 et seq. and Sections 59300 et seq.; ACCJC Accreditation Standard III.A.12 The Shasta-Tehama-Trinity Joint Community College District
More informationDocumented and publicly available procedures are in place to ensure compliance with the Freedom of Information Act 2000
Documented and publicly available procedures are in place to ensure compliance with the Freedom of Information Act 2000 Guidance Compliance with the Freedom of Information Act 2000 Introduction 1. The
More informationAudit Committee Charter
FLUOR CORPORATION Effective: 11/02/16 Supersedes: 10/31/13 I. PURPOSE AND ACTIVITIES A. Statement of Purpose The Audit Committee (the "Committee") shall Audit Committee Charter 1. Represent and assist
More informationCompliance Issues & Procedures
Finance Division The Financial Procedures Manual Chapter 20 Compliance Issues & Procedures Also available on-line at: http://www.admin.cam.ac.uk/offices/finance/procedures Contents 1. Financial Regulations...
More informationAudit Committee Charter
Audit Committee Charter 1. Background The Audit Committee is a Committee of the Board of Directors ( Board ) of Syrah Resources Limited (ACN 125 242 284) ( Syrah or the Company ) that was established under
More informationAppendix 4G. Key to Disclosures Corporate Governance Council Principles and Recommendations
Rules 4.7.3 and 4.10.3 1 Key to Disclosures Corporate Governance Council Principles and Recommendations Introduced 01/07/14 Amended 02/11/15 Name of entity Jadar Lithium Limited ABN / ARBN Financial year
More informationLiving Our Purpose and Core Values CODE. Code of Business Ethics and Conduct for Vendors
Living Our Purpose and Core Values CODE Code of Business Ethics and Conduct for Vendors December 2016 HCSC Vendor Code of Business Ethics and Conduct Since 1936, Health Care Service Corporation, a Mutual
More informationF5 NETWORKS, INC. AUDIT COMMITTEE CHARTER AS AMENDED AND RESTATED BY THE BOARD OF DIRECTORS OF F5 NETWORKS, INC. APRIL 21, 2017
F5 NETWORKS, INC. AUDIT COMMITTEE CHARTER AS AMENDED AND RESTATED BY THE BOARD OF DIRECTORS OF F5 NETWORKS, INC. APRIL 21, 2017 PURPOSE The purpose of the Audit Committee is to assist the Board of Directors
More informationSHAW COMMUNICATIONS INC. BOARD OF DIRECTORS MANDATE
SHAW COMMUNICATIONS INC. BOARD OF DIRECTORS MANDATE This Mandate of the Board of Directors (the Board ) of Shaw Communications Inc. (the Corporation ) was adopted October 23, 2014. I. Mandate The Board
More informationAdministrative Services About Administrative Services
About The Department oversees and directs the operations of Finance, Human Resources, Sales Tax, Purchasing, Information Technology, Risk Management, Budget, the Public Information Office, Front Desk Reception,
More informationFinance Division Strategic Plan
Finance Division Strategic Plan 2018 2022 Introduction Finance Division The Finance Division of Carnegie Mellon University (CMU) provides financial management, enterprise planning and stewardship in support
More informationWhen making decisions affecting Long Island University s assets and/or resources, individuals must adhere to the following standards:
Conflict of Interest/Commitment Policy for Long Island University Introduction As part of its educational mission, Long Island University believes in the importance of interacting with the wider community
More informationCorporate Compliance Plan
Corporate Compliance Plan Effective February 23, 2007 I. Compliance Policy Statement ABX Air, Inc. Corporate Compliance Plan This document is the Corporate Compliance Plan (this Plan ) of ABX Air, Inc.
More informationPolicy Analysis: Internal Controls #1.11 1/2009
Policy Objective: To ensure that University funds are used in a responsible and appropriate manner consistent with the University s mission, applicable law, and ethical practice. Applies To: Any and all
More informationSIAAB Guidance #05. Conforming with FCIAA and Standards in Small Audit Functions in the State of Illinois. Adopted December 8, 2015
SIAAB Guidance #05 Conforming with FCIAA and Standards in Small Audit Functions in the State of Illinois Adopted December 8, 2015 Revised In Accordance with 2017 Standards Effective January 1, 2017 ***
More informationDefence Health Governance Structure
Governance Structure November 2017 Defence Health Governance Structure The Board comprises eight non-executive Directors including a non-executive Chairman, and one associate Director. The Board has assessed
More informationCORPORATE GOVERNANCE POLICIES OF THE BOARD OF DIRECTORS
CORPORATE GOVERNANCE POLICIES OF THE BOARD OF DIRECTORS INTRODUCTION AND RESPONSIBILITIES The board of directors (the Board ) of NVIDIA Corporation (the Company ) has adopted these corporate governance
More informationRecords Management Policy
Records Management Policy Responsible Officer Chief Operating Officer Approved by Vice-Chancellor Approved and commenced November 2017 Review by November, 2020 Relevant Legislation, Ordinance, Rule and/or
More informationVIRTUA DATE OF LAST REVIEW 5/11; 4/14, 8/16
8/16 POLICY Virtua is committed to helping the people of our region be well, get well, and stay well. Part of our commitment to the communities we serve is to provide services of the highest quality to
More informationAUDIT COMMITTEE CHARTER AS AMENDED AS OF MAY 6, 2015
AUDIT COMMITTEE CHARTER AS AMENDED AS OF MAY 6, 2015 This Audit Committee Charter ("Charter") was originally adopted by the Board of Directors (the "Board") of Kate Spade & Company (the "Company") at its
More informationUNIVERSITY OF OKLAHOMA Campus Payment Card Security Standard Norman Campus
UNIVERSITY OF OKLAHOMA Campus Payment Card Security Norman Campus Subject: Campus Payment Card Security Coverage: The University of Oklahoma Norman Campus Regulation: Payment Card Industry ( PCI ) Data
More informationTERMS OF REFERENCE FOR THE BOARD OF DIRECTORS I. INTRODUCTION
TERMS OF REFERENCE FOR THE BOARD OF DIRECTORS I. INTRODUCTION A. The Goldcorp Inc. ( Goldcorp or the Company ) Board of directors (the Board ) has a primary responsibility to foster the short and long-term
More informationTHE ARCG CHARTER. Issued in March 2008
THE ARCG CHARTER Issued in March 2008 Index Part A Internal Audit Purpose Charter Mission Independence Scope & Responsibilities Authority Accountability Standards Part B Compliance Introduction Guiding
More information