<p>Information Strategy 2004-7</p><p>Consultation Draft 1.6 University of Sunderland Information Strategy Draft 1.6</p><p>Version Date Manager Changes Consultation draft 1.0 Oct 2003 Dave Webster Consultation draft 1.1 Feb 2004 Dave Webster Consultation draft 1.2 Feb 2004 Dave Webster Consultation draft 1.3 Mar 2004 Dave Webster Consultation draft 1.4 10 Mar 2004 Dave Webster Cross-ref plans Draft 1.5 23 Mar 2004 Dave Webster Roles and responsibilities Draft 1.6 4 July 2004 Dave Webster Expanded introduction</p><p>Documents referenced IS and IT Strategy Records Management Policy Information Standards Freedom of Information Policy Information Register Digital Preservation Guidelines</p><p>Approval History Date Authority Signed</p><p>Page 1 of 20 University of Sunderland Information Strategy Draft 1.6</p><p>Contents</p><p>1. Definitions______3 2. Summary and Context______4 2.1. Associated Strategies and Policies______5 3. Core Tenets______6 4. University information management policy______7 5. Strategic Objectives______9 6. Information Roles and Responsibilities______11 6.1. Information Manager______11 6.2. Information Custodian______11 6.3. Information User______11 7. Information Strategy Action Plan______12 8. Cross-reference Matrix of Strategic Objectives______13 Appendix A Sample University Information Custodian Responsibilities______16 Appendix B Example Data Access Matrix______17 Appendix C Implications of the Data Protection Act______18</p><p>Page 2 of 20 University of Sunderland Information Strategy Draft 1.6</p><p>1. Definitions The Information Strategy provides a framework of basic principles concerning the treatment of information supporting learning, teaching and research, and administration, in electronic and paper formats. It is distinct from the Information Systems and Technology Strategy, which covers the development and management of systems, processes, standards and technology to support the electronic use of information. In this sense the current strategy governs University information held in all forms and media, electronic or paper-based: it is recognised however that the electronic form is pre-dominant and electronic records will include scanned copies of paper-based information and indexes of archived material.</p><p>The basic definitions may be illustrated as follows: “29”, “Smith”, “NE99 0ZZ” , “2nd July 2003” are examples of DATA; when labelled by the associated METADATA of “age”, “surname”, “postcode”, “contact date” they become the INFORMATION that a person aged 29 called Smith lives at an address with the postcode NE99 0ZZ. Application of KNOWLEDGE to this information could be that Mr Smith has responded to a marketing mailshot made on 2nd July 2003 and should be given a follow-up call.</p><p>Decision Making</p><p>Knowledge Sharing</p><p>Information Management</p><p>Data Management Standards and Metadata, Data Processing</p><p>Page 3 of 20 University of Sunderland Information Strategy Draft 1.6</p><p>2. Summary and Context In the post-industrial Information Age, information is arguably an organisation’s most crucial asset, whether in the form of learning materials, research, data relating to people (students, staff, external organisations), market research and demographic information, or performance indicators to assist planning and management. In order to conduct its business effectively in a competitive market place the University must have absolute confidence in this information asset and in the systems and processes through which it is managed. Information is a resource deserving of the same care of treatment as is afforded to finances, staff, premises and equipment.</p><p>The overriding aim of the Information Strategy is to articulate corporate policy, based on sound guiding principles employed in the sector and endorsed by the JISC (Joint Information Systems Committee of the Funding Councils). The strategic aim is to create a management framework and culture ensuring that information, a crucial aspect of all University activity, is handled in such a manner to enable the objectives of the University’s Strategic Plan and supporting strategies, particularly the Academic Strategy “Enabling, Enhancing and Supporting our Learning Community” are met, and to assist the University in meeting its obligations with respect to provision of information to external organisations, which may be contractual (e.g. HEFCE) and legal (e.g. Freedom of Information Act). Crucially, the Information Strategy defines a number of major objectives concerning the handling of information, which require information systems development and are therefore fed through to the IS and IT Strategy and its operational plan.</p><p>To quote the JISC Guidelines for Information Strategy development, </p><p>“the objectives of the Information Strategy are to help the institution to achieve its Mission by providing a focus for information issues and ensuring that this most fundamental educational resource is created, maintained, used and exploited efficiently and effectively for the benefit of the institution”.</p><p>Page 4 of 20 University of Sunderland Information Strategy Draft 1.6</p><p>2.1. Associated Strategies and Policies</p><p>Communications Interception and Monitoring Policy</p><p>Project Management Digital Preservation Policy Handbook</p><p>Information Security Email and Internet Handbook Guidelines</p><p>Code of Connection to the Information Security Policy Network</p><p>Information Standards Web Policy</p><p>Records Management Corporate IT Standards Policy</p><p>Freedom of Information IS and IT Strategy IPR Policy Policy</p><p>Information Strategy Academic Strategy</p><p>Corporate Plan</p><p>Page 5 of 20 University of Sunderland Information Strategy Draft 1.6</p><p>3. Core Tenets</p><p>1. The Information Strategy covers all corporate information held by the University in all forms, electronic or paper based. </p><p>2. All corporate information will be well defined in terms of its format and its relation and value to the University’s business, processes and policies.</p><p>3. The quality of information should be fit for purpose (accurate, current, sufficient, consistent).</p><p>4. All staff shall know and exercise their responsibilities towards information.</p><p>5. All staff and students shall be provided with appropriate guidance and skills enabling ready access to the University’s body of information.</p><p>Page 6 of 20 University of Sunderland Information Strategy Draft 1.6</p><p>4. University information management policy</p><p>1. The electronic version shall be definitive Information in the University will be provided in a networked electronic form and printed information will be derived from this. Wherever possible electronic forms of communication will be used for the transaction of business and the exchange of information.</p><p>2. Avoidance of Duplication Common data should be held in one database only, as far as is technically feasible. It shall be clear who has a right to alter the information.</p><p>3. Open Information shall be readily available unless there is good reason for it not to be, for example to comply with legislation, for instance the Data Protection Act, or to maintain commercial advantage, notwithstanding the requirements of the Freedom of Information Act.</p><p>4. Accessible IT systems and tools will be provided enabling information to be accessed by those who require it, independent of time and location, with the minimum of effort.</p><p>5. Legally Compliant Personal data (i.e. data concerning named living individuals, held in any form, electronic or manual) will be treated in accordance with the Data Protection Act 1998. The Data Protection Act has bearings on application of the principles of this Strategy, as outlined later in this document. The copyrights of owners shall be respected as required by law, and every effort will be made to protect copyright and intellectual property rights of the University. </p><p>6. Secure The University will ensure that information held in its systems will be secure, as far as is feasible and practicable, against accidental or malicious damage or loss, and against unauthorised disclosure. See Information Security Policy.</p><p>7. Efficient We will review our processes in order to use information more productively. Data should not be collected or retained unnecessarily. All data will be subject to life cycle management determining retention, archival and deletion.</p><p>8. University Owned University Information belongs to the University and may be accessed by its authorised officers. No single School, Service, or individual may claim ownership of University information. However, particular organisational units or individuals are nominated as Information Managers to have responsibility for the collection, maintenance and quality of specific information. School and Service Information Managers have responsibility for maintaining specific documents and ensuring their publication through the University’s document management system and web sites.</p><p>Page 7 of 20 University of Sunderland Information Strategy Draft 1.6</p><p>9. High Quality Information shall be fit for purpose and as far as is possible, accurate and up to date. The value of data will be matched to the University’s business at all times.</p><p>10. Structured The University’s information asset shall be managed in a single coherent structure (document management system) thus ensuring clarity of management responsibility and integrated in visibility. The versions of documents held in the University’s single document management hierarchy will be current and definitive and all embedded references to specific documents (for instance web links) will point back to the central instance. </p><p>11. Compliant with Standards University information shall be held and managed in accordance with the University Information Standards, defined in an accompanying document. The Information Standards include a definition of key metadata, and retention periods based on funding council and JISC models for the HE community.</p><p>Page 8 of 20 University of Sunderland Information Strategy Draft 1.6</p><p>5. Strategic Objectives</p><p>1. To create a University information model and culture embodying best practice in information lifecycle management Best practice requires the University to employ clear policies, define roles and responsibilities, undertake staff development, and implement systems. To achieve this objective will require significant actions and management of the change from a culture of highly distributed information management to a fully coordinated institutional framework. </p><p>1.1 To develop and maintain a highly effective institutional Records Management Programme Efficient records management is a strategic necessity to achieve compliance with legal and regulatory requirements. It also brings benefits of efficient and responsive administration, and more effective communication with students, staff and external organisations. An accompanying document sets out the University’s Records Management Policy.</p><p>1.2 To realise the potential of information flow analysis as a basis for more effective business processes Improved technology and introduction of standards-based frameworks present opportunities to better serve the needs of the University and its client base. These opportunities will be under-developed unless the University’s underlying business processes are reviewed and re-engineered to take full advantage of the speed and efficiency gains that present themselves.</p><p>1.3 To promote a culture of knowledge sharing across all parts of the University. During the lifetime of the current Information Strategy, it is not expected that full steps will be taken towards the implementation of electronic knowledge management systems. These already exist in a rudimentary form, through email discussions, FAQs (Frequently Asked Questions) for student support, online user guides and problem solutions in customer service databases.</p><p>Rather, knowledge sharing will be promoted through the encouragement of staff and students to work together across traditional School and Service boundaries, and to create a learning and working environment that fosters improved face to face interaction: introduction of quality social learning and working spaces and liberalisation of the traditional boundaries of place and time of work, and development of inclusive and focused management structures.</p><p>Effective sharing of knowledge is crucial to the provision of a quality, first class service: it improves responsiveness, avoids the repetition of past mistakes, and reduces wastage of resources (“re-inventing the wheel”).</p><p>Page 9 of 20 University of Sunderland Information Strategy Draft 1.6</p><p>2. Staff Development This objective is allied with sub-objective 2.6 of the Academic Strategy, providing development for all staff in electronic information skills (2.1), covering best practice in information lifecycle management (2.2) and complementary training covering responsibilities under the Freedom of Information Act (2.3) and Data Protection Act (2.4).</p><p>3. Improving Information Systems and Technology This objective is expanded in the supporting Information Systems and Technology Strategy. It encompasses change in the University’s IT and communications systems and managing structures to underpin the delivery of the Information Strategy, in the following areas:</p><p>1) A move to the predominance of e-learning, VLEs and MLEs; 2) Seamless data exchange between systems; 3) Provision of enhanced management information; 4) Coherent and robust systems for management of the University’s electronic assets – records and content management through the web; 5) Rationalisation of supporting business processes; 6) Predominance of electronic business transactions; 7) Regional collaboration to enhance learner communication.</p><p>Page 10 of 20 University of Sunderland Information Strategy Draft 1.6</p><p>6. Information Roles and Responsibilities The following roles are defined by the JISC for institutional information management.</p><p>6.1. Information Manager The Information Manager has oversight of the Information Strategy, and is responsible for managing the implementation of the Strategy, maintaining and monitoring its effectiveness, and proposing changes in consultation. The Information Manager will be responsible for identifying appropriate Information Custodians for particular sets of information, and for putting in place effective staff development and support networks.</p><p>The Information Manager may be an individual nominated to act on behalf of the Information Systems Group.</p><p>6.2. Information Custodian Information Custodians are responsible for ensuring that standards are maintained for a defined set of information, auditing its use, ensuring quality, delegating responsibility for maintenance of the information to other individuals. Information Custodians will work to the standards for information management set by the Information Strategy and the Information Standards document.</p><p>The Information Custodians are responsible to the Information Manager for achieving and maintaining the standards for their sets of information. They are chosen as individuals with a vested interest in maintaining the quality of the information for which they are responsible.</p><p>Typical Information Custodians are those charged with responsibility for maintaining the University’s standards with respect to financial, human resources or student data. It is generally the case that they will be the individuals responsible for maintaining such sets of information in respect of the Freedom of Information Act.</p><p>6.3. Information User Information Users are simply defined as anyone who uses information in the University. Their access rights (read, write) will be controlled through a data access matrix.</p><p>Information Users will be aware, through staff development and policy, of the Information Strategy and how it affects them, and will comply with the strategy and with any specific guidelines set by the custodians of the information they use.</p><p>7. Information Strategy Action Plan</p><p>An initial Information Audit and data mapping exercise will be required to create a registry of the University’s key information. We will need to clearly define responsibilities within the Schools and Services for management of specific information sets and the business processes associated with them. This work will </p><p>Page 11 of 20 University of Sunderland Information Strategy Draft 1.6</p><p> further develop the activities of the Campus based Learner Support Group in mapping and rationalising, through PISO, key data stores and processes involved in supporting learners.</p><p>Objective Process By whom By When Performance Target Currently Met Indicator 1 Information Audit, Information sets data and Process mapped Mapping</p><p>1.1 draw up Records Standards approved corporate Manager and disseminated information standards 2 Staff Development Number of Staff trained</p><p>2.1 Electronic information skills</p><p>2.2 Best practice in information management</p><p>3 Information See Action Plan accompanying separate Information Systems and Technology Strategy Systems and Technology</p><p>Page 12 of 20 University of Sunderland Information Strategy Draft 1.6</p><p>8. Cross-reference Matrix of Strategic Objectives The following table shows correspondences between key strategies.</p><p>Information Strategy Strategic Plan Academic Strategy JISC Strategy 2004-6 Comments 1 To create a University information model and culture embodying best practice in information lifecycle management 1.1 To develop and Exploiting Intellectual 4.8 demonstrating Economic, efficient and legally compliant maintain a highly Property operational efficiency effective institutional Integrated information and communications Records Management environment Programme 1.2 To realise the Being customer 4.2 Provide the high Provide cost-effective and user-led advisory services potential of information focused and supportive standard of support required flow analysis as a basis to facilitate learning for more effective Maintaining financial business processes stability with a smaller, 4.6 seamless access to more flexible cost base integrated learner support</p><p>4.7 simple and accessible learner support</p><p>4.8 be scalable…to respond to changes…operational efficiency 2 Staff Development Valuing and developing 2.6 e-literacy skills Helping to embed e-learning and supporting our key asset, our staff development, embedding of emerging e-learning pedagogies e-learning Manage change to exploit ICT</p><p>Page 13 of 20 University of Sunderland Information Strategy Draft 1.6</p><p>Page 14 of 20 University of Sunderland Information Strategy Draft 1.6</p><p>Information Strategic Plan Academic Strategy JISC Strategy Comments Strategy 3 Improving Providing a high 4.3 continuously To help ensure ICT is used effectively to Information quality experience improve…the e- improve learning and teaching Systems and for all learners learning experience Technology To support the development of international Exploiting new 3.7 provide a high learning modes of delivery quality learning environment… Provision of a first class sustainable appropriate infrastructure (network, middleware, content, infrastructure…e- ICT) learning Use of VLEs and MLEs</p><p>Page 15 of 20 University of Sunderland Information Strategy Draft 1.6</p><p>Appendix A Sample University Information Custodian Responsibilities</p><p>Information Where held Information Custodian University planning, Director of Planning and analysis and research Market research School and Service plans Individual Deans and Directors Student records SITS, SAS Academic Registrar Staff data, qualifications, Frontier, HR Head of HR training Financial data, forecasting Oracle financials, Finance Head of Finance and analysis University terrier, premises Estates Head of Estates Programme/module SITS Academic Registrar catalogues Commercial customers Solutions database Director of Business Development External funding PMRS Systems authentication LDAP ITaCS Head of Systems External communications Head of Marketing, Corporate Affairs QAA information Quality Assurance, SAS Research Director of GRS</p><p>Page 16 of 20 University of Sunderland Information Strategy Draft 1.6</p><p>Appendix B Example Data Access Matrix</p><p>Page 17 of 20 University of Sunderland Information Strategy Draft 1.6</p><p>Appendix C Implications of the Data Protection Act</p><p>1. As already stated, personal data relating to named living individuals, is subject to the Data Protection Act and special note must be taken of how legislation modifies the general principles of this Strategy where such personal data is involved. Data concerning students, members of staff, business contacts, etc. is fundamental to our operation. Care must be taken over its handling to ensure such activities remain within the law. The Data Protection Policy provides full details, however please note the following:</p><p>2. Data may be used only for the purpose stated to the individual, and agreed by them, when collected. It is not for example permissible to use personal data for marketing when it was collated through complaints.</p><p>3. Data may only be passed between different employees on a need to know basis, again only for purposes agreed by the individuals.</p><p>4. For data to be passed between separate organisations, a Data Sharing Agreement is required.</p><p>Page 18 of 20</p>