Body
Issue/Question
What is the USD Data Governance Program
Environment
- DATA
- DLP
- Data Governance
- Banner
- Steward
- University of South Dakota (USD)
Cause
A common understanding of data use, governance, and protection catalyzes business outcomes.
Resolution
USD STAFF ONLY
USD Data Governance Program
Purpose
The University of South Dakota (USD) Data Governance Program establishes a structured framework for managing institutional data as a strategic asset. It ensures that data is:
- Accurate and reliable
- Secure and protected
- Accessible to authorized users
- Governed in compliance with regulatory and institutional requirements
The program aligns governance, security, and operational practices to support decision-making, compliance (FERPA, HIPAA, GLBA, PCI), and emerging capabilities such as analytics and artificial intelligence.
Governance Structure
USD operates a layered data governance model that integrates leadership oversight, operational coordination, and domain-level stewardship.
- Data Governance Steering Committee
- Role: Strategic oversight and policy authority
- Responsibilities:
- Approves data governance policies and standards
- Defines institutional data governance strategy and priorities
- Resolves escalated data issues and conflicts
- Ensures alignment with regulatory and institutional objectives
- Provides executive sponsorship and direction
- Membership includes:
- CISO (chair)
- CIO
- Senior academic and administrative leadership
- Legal/Compliance representation
- Data Governance Management Committee
- Role: Operational governance and program execution
- Responsibilities:
- Implements data governance policies and standards
- Coordinates data stewardship activities across domains
- Reviews and operationalizes systemwide (SDBOR) governance requirements
- Supports RAPID/RACI role alignment and governance processes
- Manages data-related issue intake and escalation
- Drives data quality, access, and lifecycle initiatives
This committee serves as the central coordination body between institutional operations and system-level governance efforts.
- Data Governance Roles
- USD follows a role-based governance model aligned with BOR policy and industry best practices.
- Data Stewards
- Own data definitions, meaning, and usage within functional domains
- Approve access to data based on business need
- Ensure data quality and consistency
- Participate in governance decisions and policy development
- Data Custodians
- Manage technical environments where data resides (e.g., systems, databases)
- Implement security controls and access enforcement
- Support backup, recovery, and system integrity
- Data Trustees
- Provide executive-level accountability for data domains
- Ensure data is used in alignment with institutional and regulatory requirements
- Institutional Reporting / Analysts
- Use governed data to produce reports and analytics
- Work with stewards to ensure consistency and accuracy
- Support institutional decision-making
- Information Security
- Defines and enforces data protection controls
- Oversees monitoring, incident response, and compliance alignment
- Integrates governance with security tooling (e.g., DLP, Purview)
- Functional Offices
(Admissions, Registrar/ARR, Financial Aid, HR, Finance, etc.)
- Act as primary data owners and subject matter experts
- Define business rules and operational use of data
- Assign and support data stewards
- Core Governance Policies and Controls
- Data Classification Policy
- USD classifies data into categories (e.g., Public, Internal, Restricted) to ensure appropriate handling and protection.
- Key objectives:
- Align data protection with sensitivity and risk
- Enable consistent access control decisions
- Support compliance with FERPA, HIPAA, GLBA, and other regulations
- Data Loss Prevention (DLP)
- USD uses Microsoft Purview and related technologies to enforce data protection controls:
- Detection of sensitive data (PII, financial, regulated data)
- Blocking or restricting unauthorized sharing
- Monitoring data movement across systems (M365, endpoints, cloud apps)
- Integration with classification labels
- Information Security and Data Responsibilities Policy
- This policy defines institutional responsibilities for protecting data, including:
- Acceptable use of data
- Access control requirements
- Data handling and sharing expectations
- Security responsibilities for users, stewards, and administrators
- It establishes that data protection is a shared responsibility across the institution.
- Key Governance Capabilities at USD
- USD has operationalized several governance and security capabilities:
- Data classification and labeling (Microsoft Purview)
- Enterprise DLP enforcement
- Identity-based access control (Entra ID / Conditional Access)
- Security monitoring (Microsoft Sentinel, Defender, MDR)
- Data stewardship coordination
- Policy-driven governance aligned with SDBOR initiatives
- Relationship to SDBOR Data Governance
- USD actively participates in the South Dakota Board of Regents (SDBOR) Data Governance initiative, which establishes:
- Systemwide data standards and policies
- Shared governance frameworks (RAPID/RACI)
- Coordinated stewardship and compliance models
- USD’s governance program is designed to:
- Align with systemwide standards
- Maintain institutional operational authority
- Enable consistent and secure data use across campuses
- Data Governance Operating Model
- Below is a high-level view of USD’s data governance structure:
Summary
- USD’s Data Governance Program provides a structured, policy-driven, and security-integrated approach to managing institutional data. By combining:
- Clear governance roles
- Strong policy foundations
- Integrated security controls
- Alignment with systemwide initiatives
- USD ensures that data remains a trusted, protected, and strategically leveraged asset.