FAQs

This FAQ provides guidance on data governance practices specific to the Colorado State University System (CSUS), based on the CSUS Data Governance Policy and related resources.

What is Data Governance?

Data Governance is the formal management of data across the CSU System. It involves set of activities coordinated by the Data Governance Steering Committee to provide clear practices and processes to support data quality, information awareness and literacy, compliance and regulatory requirements, data security and privacy, informed and strategic decision-making, interoperability and integration, transparency, and resource optimization at the System and its Institutions.

Why is Data Governance important?

Effective data governance ensures data quality and integrity, supports compliance with legal and regulatory requirements, reduces risks like data breaches or misuse, enhances decision-making, and builds trust among stakeholders.

Who is responsible for Data Governance at CSUS?

The Data Governance Steering Committee oversees governance activities. The System Chief Information Officer plays a key leadership role as does the System Chief Data Officer.

What types of data are governed?

Any information, regardless of electronic or printed form or location, which is created, acquired, processed, transmitted, or stored on behalf of the System or an Institution on an Information Technology Resource is included in the Data Governance Program. This includes data created, acquired, processed, transmitted, or stored by the Institution in environments in which the Institution does not own or operate the technology infrastructure. The System recognizes that Research Data requires specific and unique data management according to relevant laws, policies, regulations, standards, and specific funding agency requirements. Therefore, Research Data are exempt from the Data Governance Program.

How are data classified?

The System uses four data classification levels (public, internal, confidential, and restricted) based on the nature of the data and the risks associated with improper use. Classification levels are mutually exclusive and based on the highest level of risk.

Who is responsible for classifying data?

Data Stewards, as defined in the Data Governance Policy, are responsible for the appropriate classification of data within their designated data set(s). Data Stewards are appointed by and maintain accountability to Data Trustees.

What is the data lifecycle?

The data lifecycle includes creation or acquisition, storage and use, sharing or reporting, and archiving or destruction. Governance ensures each stage is managed securely and efficiently.

What should I do if I’m unsure about data sensitivity of usage?

Contact the CSUS Data Governance Steering Committee for guidance. They can help assess your data and provide recommendations.

When should I involve Data Governance in a project?

You should involve the Data Governance Steering Committee as early as possible, but especially when:

  • Procuring or implementing new software systems
  • Handling or storing administrative data that are not explicitly public
  • Sharing data externally with vendors or partners
  • Working with international vendors or partners
  • Integrating or sharing data across departments or campuses
  • Developing dashboards or analytics tools using institutional data

Are there exceptions to Data Governance policies?

Yes. Exceptions must be explicitly approved by the System Chief Information Officer and the Data Governance Steering Committee. Research data, as defined below, are exempt.

Research Data is the recorded factual information associated with research, including, but not limited to, all records necessary for the reconstruction and evaluation of the results of research, regardless of the form or medium on which the material is recorded (such as lab notebooks, photos, digital images, data files, data processing or computer programs (software), statistical records, etc.).

  • Research Data do not include books, articles, papers, or other scholarly writings that are published or publicly presented; drafts of such scholarly writings; plans for future research; peer reviews; or communications with colleagues; although Research Data may be referenced or included within books, articles, papers, or other scholarly writings.
  • Research Data do not include the Research Administration Data relevant to the management and operation of research projects and the research enterprise.
  • Research Data do not include information collected for the formative or summative assessment/evaluation of educational programs or services.

How do I request access to data?

Processes to request access to data are available on the Data Governance site using the Accessing Data link in the site navigation.