Enterprise Information Governance & Management
Charting a secure path through NYU's data landscape
Today’s data silos make it difficult to efficiently answer questions. Data exists across systems and geographies, takes different forms, and may be shaped through various contexts and rules. Meanwhile, there is a need for timely, comprehensive, accessible, reliable, and protected information across the organization.
Enterprise Information Governance & Management (EIG&M) group engages University stakeholders through the Enterprise Information Management (EIM) Framework, an integrative discipline for structuring, describing, and governing information assets across NYU. EIM improves efficiency, enables appropriate and timely access, minimizes risk, promotes transparency, provides business insights, and protects you.
Data at NYU
Data informs nearly every decision at a 21st-century university. In the course of normal operations, NYU accumulates large quantities of data, much of it confidential and governed by state, national, and international regulations. This information must be handled in a way that is secure, accessible, and governed by sound strategy for collecting, storing, and disposing of it, as well as making the data accessible to those who need it.
The data lifecycle refers to the stages that data goes through from its creation or acquisition to its eventual archiving or disposal. Designing and following a sound data lifecycle is essential to the secure management of information.
At NYU, the lifecycle can be broken down into four primary stages.
1. Create & Acquire
Data Collection/Capture: data is generated, acquired, or collected from various sources (manual data entry, automated data collection, data intake from external systems).
2. Maintain & Use
Once collected, data must be made available in a secure, responsible way. Aspects of this include:
- Data Storage: the type of storage, databases, and technologies used to ensure efficient data retrieval and management.
- Data Processing and Analysis: data cleansing, transformation, and analysis to derive insights, make informed decisions, and support business objectives.
- Data Usage and Application: using the data for specific purposes, such as generating reports, supporting business processes, or feeding into applications.
- Data Sharing and Distribution: defining access controls, ensuring data quality, and establishing mechanisms for data sharing.
3. Archive & Retrieve
Data Archiving involves retaining data for compliance or historical purposes while minimizing the impact on active systems and ensuring that archived data can be retrieved if needed.
When data is no longer needed or reaches the end of its lifecycle, it must be securely deleted to prevent unauthorized access or data breaches based on Data Destruction/Disposal best practices and policies.
Data governance is the management of data availability, usability, integrity, and protection. It includes the people, processes, policies, and technologies that ensure data quality and compliance with regulatory requirements.
Key components of data governance include:
Ensuring that data is accurate, consistent, and reliable. This includes establishing standards for data and implementing processes to monitor and improve data quality.
Protecting data from unauthorized access, disclosure, alteration, and destruction. This includes access controls, encryption, and other security measures to safeguard sensitive information.
Data Management Policies
Developing and enforcing policies and procedures regarding how data is collected, stored, processed, and accessed.
Assigning responsibility for data management to specific individuals or departments. Data stewards ensure that data is handled appropriately and meets data quality standards.
Managing metadata, which provides information about the characteristics, origin, usage, and quality of data.
Data Lifecycle Management
Defining and implementing processes for the creation, usage, storage, archiving, and deletion of data. This helps optimize data storage, reduce redundancy, and comply with data retention policies.
Compliance and Risk Management
Ensuring that data management practices comply with relevant laws, regulations, and industry standards. This includes managing risks associated with data breaches, privacy violations, and other data-related incidents.
Data Governance Oversight
Establishing a governance council that oversees and guides the development and implementation of data governance policies and practices.
Information management at NYU is a shared responsibility across multiple groups. Enterprise Information Governance & Management, a group within NYU's Office of Global Privacy & Data Strategy, leads the development and deployment of data management strategies as well as providing consultation and support for Data Stewards and employees who will be handling NYU data.
Enterprise Information Governance & Management (EIG&M), with privacy at its core, supports NYU to ensure information is a University asset that is accessible, reliable, and protected. EIG&M functions were developed and are performed in collaboration with key stakeholders and school engagement. These include:
- Implementing and managing the Enterprise Information Management (EIM) Framework, which organizes data functions and programs to ensure information is accessible, reliable, and protected.
- Administering enterprise data analysis: The EIM Framework facilitates analysis, particularly for common information assets, contributing to alignment and transparency through the lens of business, complementing technology planning facilitated by Enterprise Data Management
- Managing Enterprise Data Governance as a component of EIM
Enterprise Information Management (EIM) is a business program enabling the full lifecycle management of all enterprise information content at NYU in alignment with the University’s business and technology interests. EIM is the foundation for NYU's Enterprise Data Strategy efforts.
The EIM framework supports NYU’s activities by delivering accessible, reliable, and protected information assets through a repeatable and scalable model:
- Organize information assets according to the university activities.
- Align with formalized governance and roles: Data Trustees, Stewards, and Custodians.
- Govern assets through the full data lifecycle, with accountability to Enterprise Trustees.
Areas of Focus
- Enterprise Information Management (including AIDA)
- Data Governance organization and workflows
- Institutional metadata (glossaries, enterprise models, traceability, etc.)
- Enterprise data quality management
- Master data management and reference data management
- Data privacy and protection