IT Policies

Data Management Policy

This policy outlines the rules and guidelines for using company computer systems, networks, and equipment.

Policy ID: IT-POL-007
Effective Date: September 15, 2023
Last Updated: September 5, 2023
Approved by: IT Security Committee

1. Purpose

This Data Management Policy defines standards and procedures to ensure the secure, efficient, and ethical management of all university data throughout its lifecycle, including creation, storage, access, sharing, and disposal.

2. Scope

The policy applies to all data created, processed, or stored by the university across academic, research, administrative, and operational units, and applies to both physical and electronic formats.

3. Data Classification

  • Confidential Data: Sensitive personal, financial, or research data restricted to authorized personnel only.
  • Internal Data: Operational information accessible to staff and faculty as required.
  • Public Data: Information approved for public release, such as official reports and announcements.

4. Data Storage and Protection

  • All critical university data must be stored on approved servers or cloud systems with regular backups.
  • Data encryption must be applied to sensitive information both in transit and at rest.
  • External storage devices require approval before use and must comply with encryption policies.

5. Data Access and Sharing

  • Access is granted based on the principle of least privilege and role-based permissions.
  • Confidential data may only be shared with authorized parties and must comply with applicable privacy laws.
  • Public data must be verified for accuracy and approval prior to publication.

6. Data Backup and Recovery

  • Regular automated backups must be scheduled for all critical systems and databases.
  • Backup data must be stored securely and periodically tested for integrity and restorability.
  • A disaster recovery plan must define recovery time objectives (RTO) and recovery point objectives (RPO).

7. Data Retention and Disposal

  • Data must be retained according to legal, academic, and administrative requirements.
  • Expired or obsolete data must be securely destroyed using approved data wiping or shredding methods.
  • Records of disposal must be maintained to ensure compliance.

8. Compliance and Auditing

  • Periodic audits will be conducted to ensure adherence to data management standards.
  • Violations of this policy may result in disciplinary action, restricted access, or legal consequences.
  • All users are responsible for reporting suspected data mismanagement or breaches immediately to the IT Directorate.

9. Continuous Improvement

The IT Directorate will review and update this policy periodically to adapt to new technologies, regulations, and operational needs, ensuring best practices in data governance remain in place.

Download PDF Print Policy Share Policy Report Issue

Related Policies

Security Policy

Guidelines for protecting company data and systems from threats.

View Policy

Privacy Polic

Privacy policy for protecting

View Policy

Network Usage

Rules for using company networks and internet access.

View Policy