Increasing Data Security: Data Stewards Handbook

Posted March 12, 2018 by Academic and Institutional Technology
Tags: Security

Increasing Data Security: Data Stewards Handbook

As of October 1, Wheaton College has officially adopted a Data Classification Policy, as well as a Data Classification and Handling Procedure, to better protect institutional data assets.

Rationale 

In 2016, Wheaton College’s cybersecurity consultants, GreyCastle Security, performed a risk evaluation of our institutional data in order to increase security. One of their top recommendations was that we adopt a Data Classification and Handling Policy/Procedure.

The purpose of this policy is to define the data classification requirements for Wheaton College’s information assets, and to ensure that data is secured and handled according to its sensitivity and impact that theft, corruption, loss or exposure would have on the institution. This policy provides direction regarding identification, classification and handling of information assets. 

The full policy can be found here.

Data Stewards

As part of this policy, Wheaton College identified and appointed data stewards who protect the data for which they are responsible. This includes: 

• Ensuring the integrity and quality of data within the system for which they are responsible
• Developing and communicating any new and changed business requirements as it relates to the system and their data
• Ensuring data is accessible, accurate, complete, consistent, and used as expected

Over the past several months, Academic and Institutional Technology has worked with GreyCastle Security to compile a Data Stewards Handbook, which outlines the process by which our data stewards protect and manage access to their data. 

The process outlined in the handbook includes:

• Labeling of data as restricted, private, or public to ensure that data is handled per College policy
• Access management to track who can access the data
• Training to ensure that everyone accessing the data is doing so in a safe manner in line with compliance regulations
• Understanding, approval, tracking, and management of requests for data reports
• Understanding the reporting and escalation process and the information needed to appropriately document the timeline and details of an incident
• Vendor Management to ensure that appropriate processes are being followed for proper vendor vetting and documentation

Current Wheaton College Data Stewards

• Allison Ash, Student Development
• Karen Belling, Student Financial Services
• Jane Bilezikian, Advancement
• Esther Carlson, Communication
• Julie Davis, Athletics
• Tony Dawson, Auxiliary Services
• Justin Heth, Student Development
• Deb Kim, Global and Experiential Learning
• Peggy King, Registrar
• Gary Larson, Institutional Research
• Ken Larson, Investments and Trust
• Connie Mixter, Human Resources
• Steve Oberg, Library
• Scott Okesson, Facilities Management
• Chloe Richards, Admissions
• Lisa Richmond, Library
• Laura Schmidt, Wade Center
• Craig Squire, Controller
• Karen Tucker, Human Resources
• Mary Lynn Uitermarkt, Wade Center
• Silvio Vasquez, Admissions
• Beth Walsh, Student Health Services
• Peter Walters, Applied Health Science
• John Welsh, HoneyRock
• Toussaint Whetstone, Counseling Center
• Jerry Woehr, International Student Programs
• Wendy Woodward, Academic and Institutional Technology

The Data Stewards Handbook process is a big project that has taken, and will take, a lot of time and planning. We appreciate your help and patience as we strive to keep Wheaton College’s data secure.

If you have any questions or concerns about the Data Stewards Handbook, please contact the AIT Service Desk by email or call 630.752.4357 (HELP).