DG 1.02pr - Data Security/Access :

The Data Security/Access Team, under the Charter of the Data Governance Committee, is responsible for maintaining a list of security access assigned to each role mapped to individual employees, in order to ensure the security and integrity of college data and systems.

Supervisors will request employee access via Data Stewards representing each functional area of the college who are then responsible for requesting access to data for employees within their functional areas. The college’s appointed Data Stewards and the DGC are responsible for implementing this procedure. Data Stewards will monitor college data and system usage within their areas to ensure a secure office environment with regard to the data and systems. Data Stewards shall validate the access requirements of staff in their functional areas, according to job functions, before submitting requests for access. The access requests are reviewed and acted upon by the Data Governance Committee.

• Each employee is responsible for all transactions occurring via the use of their login and password when accessing institutional data systems. An employee shall not share their login identification or passwords with other employees.
• Each employee is responsible for understanding all data elements that they use. If an employee does not understand the meaning of a data element, that employee must not refer to or alter the data until they consult and discuss the issue with the appropriate Data Steward within their functional area and/or the DGC.
• An employee’s inappropriate use of institutional data may result in suspension of the user’s access privileges and may result in retraining or disciplinary action, subject to college policies, collective bargaining agreements, and college procedures. An employee’s deliberate misuse of institutional data will result in revocation of the user’s access privileges and disciplinary action, up to and including termination.

Levels of Access
The levels of access are determined by the Data Stewards and approved by the Data Security/Access Team under the Charter of the Data Governance Committee. Levels are defined
as:

• Create
  • Can add new records to a table. 
• Read
  •  View, but not change, institutional data.
    • (For example, Intent is to avoid ‘ad hoc’ changes to field usage (Cr Equiv, Test Scores) that solves a local (department problem, but creates systemic issues).
• Edit
  • Can update or amend contents of fields in tables, but not how fields ‘work’.
• Delete
  • Can delete records from a table