Hendrix College, Technology Services
Policy # 12140
Effective: Friday, April 27, 2018
- Purpose
This policy defines the requirements for the formal process of making changes to institutional data and College information systems.
- Additional Authority
- Scope
This Policy applies to all institutional data and information systems by faculty, staff, any third-parties contracted by the College, and any other individual or group authorized to access College information systems and institutional data.
- Responsible Party
- All changes to institutional data must be recorded in a continuous log. Logging should be performed preferentially by native system logging where possible.
- Changes to architecture, tools, or data that are beyond the scope of normal operations or that do not natively leave an audit trail must be approved based on the
classification of the data
:
- Changes to public data or information systems containing only public data must be approved by the Data Steward of the affected systems.
- Changes to private data or information systems containing private data must be approved by the Data Steward of the affected systems and reviewable by the CIO.
- Changes to restricted data or information systems containing restricted data must be approved by the Data Steward of the affected systems and by the CIO and must be reviewable by the SLT.
- Follow-up timeline will be established at time of change completion and on follow-up date requestor will verify correct operation.
- Change logs must be reviewed quarterly.
- Information system
- Any electronic system that stores, processes, or transmits information.
- Institutional Data
- Any data that is owned or licensed by the College. See the Data Classification Standard for more information.
Revisions
| Date |
Change |
| 5/9/2018 |
Initial Draft |
| 3/21/2022 |
Senior Leadership Approval |