UNSW students walking in morning

More information regarding these processes at UNSW is available to staff on the Data & Information Governance intranet:

  • Business Glossaries
  • Business Rules Documentation
  • Committees and Data Ownership
  • Data Breach Management
  • Data Ownership and Roles
  • Information Asset Register (Sources of Truth)
  • Recordkeeping and Business Systems
  • System Classification
  • Systems of Record
  • Data & information governance at UNSW is framed around the following questions and diagram below:

    1. Do you know the value of your data?
    2. Do you know who has access to your data?
    3. Do you know where your data is?
    4. Do you know who is protecting your data?
    5. Do you know how well your data is protected?
  • There are five key steps required in responding to a suspected or actual data breach:

    1. Contain the breach
    2. Evaluate the associated risks
    3. Recovery
    4. Consider notifying affected individuals and escalation to UNSW senior management
    5. Prevent a repeat.

    For more information about how UNSW manages data breaches please refer to the Data Breach Policy and Procedure.

    More information for UNSW staff is available on the Data & Information Governance Intranet

  • Not all data assets are of equal importance to UNSW, and not all should be treated equally. To put it simply, in order to protect UNSW data, you need to know exactly what data you are trying to protect. Data classification is the process of organizing data into categories for its most effective and efficient use. Data Classification is akin to putting a sticker on a box saying “Fragile! Handle with care!”.

    The UNSW Data Classification Standard is a framework for assessing data sensitivity, measured by the adverse business impact a breach of the data would have upon the University. This Standard for the University community has been created to help effectively manage information in daily mission-related activities. Determining how to protect and handle data depends on a consideration of the data’s type, importance, and usage. The Standard outlines the minimum level of protection necessary when performing certain activities, based on the classification of the data being handled.

    • Identify: Identify the data
    • Locate: Identify where the data resides and identify who is the Data Owner
    • Classify: Categorise and determine which data needs to be protected
    • Handling: Determine what data handling guidelines need to be adopted for the data
    • Value: Assign a value to the data

    The UNSW Data Governance team assists UNSW in managing, classifying, protecting and governing data. Every staff member is responsible for following the Data Classification Standard for managing the data in a secure manner.

    For more information, please visit the Data & Information Governance Intranet or contact Data Governance Team.

  • UNSW uses the Data Cookbook as it's data governance tool to assist with managing business definitions.

    You can see more information about UNSW's use of the Data Cookbook on the Data & Information Governance intranet.

    For internal user support please log a CASD ticket.

  • It is a requirement for all users who seek to use data from a UNSW system to obtain permission from the Data Controller prior to such use.

    If you are unable to ascertain who is the Data Controller please check the UNSW Information Asset Register.

    Information on this topic for UNSW staff is now available on the Data & Information Governance Intranet

  • The Information Asset Register (also known as a Source of Truth) @ UNSW is a business system that provides authoritative primary sources of data. Identifying a source assits in avoiding duplication and the use of inaccurate or outdated information.

    The Information Asset Register is managed by the Data & Information Governance Office - please advise of any additions or amendments to the Register via email

    Information on this topic for UNSW staff is available on the Data & Information Governance Intranet.

  • The University is committed to protecting personal information in compliance with all applicable laws.

    Personal information is defined as any information from which a specific individual’s identity is apparent or can be reasonably ascertained.

    All UNSW students, employees, affiliates and contractors are responsible for ensuring that they handle personal information in accordance with the University’s Privacy Policy and applicable supporting procedures.

    The University Privacy Officer supports this Policy by:

    • developing and implementing University wide privacy procedures;
    • supporting staff to by providing advice on privacy obligations and develop local protocols and privacy statements
    • conducting internal reviews of privacy complaints.

    You can contact the Privacy Officer via email:

    For more information regarding privacy at UNSW check our Legal and Compliance office.

    Note: A zID Usage Guideline assists with any questions regarding the permitted uses of zIDs.

  • Better managed records mean better business outcomes.

    All staff and contractors or the University have an obligation to make and keep full and accurate records of their activities. A record is any document made or received as part of your work that provides evidence of action. The University owns these records and together they form a vital organisational asset.

    All records of the University must be captured to an appropriate, compliant business system. These systems may be transactional enterprise-level such as PiMS, SiMS, or the University’s corporate recordkeeping system, RAMS. Refer to Introduction to Recordkeeping for more information.

    Compliant business systems have controls in place to ensure the requirements of a record, such as their evidentiary fixed nature, retrievability, security controls, and disposal management, are met.

    Personal Network Drives (H:\ Drives), Microsoft One Drive (or other hosting services such as Dropbox), or Network Shared Drives do not meet these basic requirements and are not suitable for the capture and storage of University records.

    The University maintains an enterprise recordkeeping system, RAMS, that is available to all UNSW staff to allow for the capture and management of University records not already captured to a compliant business system. For more information refer to UNSW's Systems of Record.

    You can contact Records and Archives, or go to the RAMS website for more information on how to access RAMS and manage your records.

    All staff should be aware of the Recordkeeping Policy and the Recordkeeping Standard.