Business Procedures Manual

Fiscal Affairs Division

Section 12 Introduction

(Last Modified on June 18, 2021)

In March 2019, the content on Data Governance and Management has been moved from the ÖгöÉÙ¸¾ÊÓƵ Information Technology Handbook to the Business Procedures Manual. Compliance with this entire section is required for all ÖгöÉÙ¸¾ÊÓƵ organizations by December 31, 2023.

Due to the criticality of some sections and dependencies between them, compliance deadlines for the sections have been tiered. ÖгöÉÙ¸¾ÊÓƵ System Office (USO) staff will be working with the appointed campus representative to track implementation.

Phase I - Initial Publication

Tier 1: Due by December 31, 2020, except General Data Protection Regulation, which is now part of Phase II, Tier 2.

  • Section 12.3.1 Data System Documentation,
  • Section 12.4 Cybersecurity (including Safeguards, Classification, Access Procedures and Segregation and Separation of Duties)
  • Section 12.5.1 Regulatory Compliance.

Tier 2: Due by December 31, 2020

  • Section 12.2 Governance Structure
  • Section 12.3.4 Data Availability
  • Section 12.5.2 Training

Tier 3: Due by June 30, 2021, except adherence to the ÖгöÉÙ¸¾ÊÓƵ document retention schedule, which should already be in place

  • Section 12.3.2 Data Elements and Data Definition Documentation
  • Section 12.3.3 Data Quality Control
  • Section 12.3.5 Data Life Cycle
  • Section 12.5.4 Monitor
  • Section 12.5.4 Audit

Phase II - Addition of Section 12.6 Data Privacy

Tier 1: Due by December 31, 2022

  • Section 12.6.4 Disassociation and De-identification
  • Section 12.6.5 Data Processing Awareness
  • Section 12.6.6 Communication

Tier 2: Due by December 31, 2023

  • Section 12.6.1 Data Inventory
  • Section 12.6.2 Data Risk Management
  • Section 12.6.3 Data Processing Documentation

Information is a strategic asset of all ÖгöÉÙ¸¾ÊÓƵ System of Georgia (ÖгöÉÙ¸¾ÊÓƵ) organizations and is critical to administration, planning and decision-making. Effective and responsible use of information requires that data is secure, well documented and accessible for use by authorized, trained personnel. To that end, this section of the Business Procedures Manual provides the data governance infrastructure and management practices that ÖгöÉÙ¸¾ÊÓƵ organizations must have in place. Please note that these different components have interdependencies and should be considered as a whole.

Data Governance and Management Framework image Governance, Management, Cybersecurity, Compliance

The goal of this section is to provide guidance to ÖгöÉÙ¸¾ÊÓƵ organizations in meeting the fundamental requirements for data governance and management to ensure data security, data privacy, effective use and compliance with relevant laws and policies. Technical requirements can be found in the ÖгöÉÙ¸¾ÊÓƵ IT Handbook. ÖгöÉÙ¸¾ÊÓƵ organizations may include additional roles, responsibilities, policies, and protocols as needed to fit local context or promote best practices. These provisions apply to information systems, products, and services maintained by, or on behalf of, ÖгöÉÙ¸¾ÊÓƵ organizations.

↑ Top