Data Stewardship Program

Data Stewardship is the architecture by which the University defines responsibility for the management and protection of its data in a manner consistent with the University’s need for access and security. It establishes and defines the role of the Data Steward.

A Data Steward is a University or Campus Executive Officer, or the senior direct report of such an Officer, who is responsible for secure management of data in his or her functional area. Data Stewards authorize access to data under their stewardship, and are required to classification that data according to the University’s Standards for the Classification of Data. 

A Stewardship Administrator is a Direct report of the Data Steward, with responsibility in the relevant functional area, who on behalf of the Data Steward assumes specific administrative duties in support of the work of data stewardship.

Departmental Information Security Program

The Departmental Information Security Program is designed to identify individuals with the appropriate security training, empower them to support security within their user communities, and provide guidance and support from the University Information Security Office.  The program establishes two roles, DISOs and DISAs.

Departmental Information Security Officers (DISOs)

Departmental Information Security Officers (DISOs) are members of the University Community who possess appropriate technical and information security training and certifications.  The program empowers these individuals, based in schools and departments of the University, to provide security oversight under the guidance and with the support of the University Information Security Officer.  The Information Security Policy for Technology Service Providers, Systems & Network Administrators, and DISOs establishes the program and creates a mandate for participation by specific schools and departments. 

Departmental Information Security Associates (DISAs)

The Departmental Information Security Associate Program empowers department-based individuals to take a more active role in securing the University’s information.  These Associates, while not expected to assume the complete range of duties performed by a DISO, will serve as the first contact for their departments and will work closely with the UISO.

Employee Orientation Program

In addition to regular participation in general New Employee Orientation, UISO offers a brief introduction to information security at Georgetown University, the policies and procedures of the university, and what you can do to protect yourself and the University from security threats.  While especially useful for new employees, these sessions are open to all members of the University community.  The program is structured to allow plenty of time for questions and discussion.

You can view this 5 minute presentation here.

Health Data Protection Program

The Health Data Protection Program is the architecture by which the University defines responsibility for the management and protection of health data  (both HIPAA covered and Secured health data) consistent with the requirements of law, regulation and policy, as well as University Policy.    

A HIPAA Covered Component is a Unit which has Personal Health Data (PHI) governed by HIPAA/HITECH.  The University publishes a list of Covered Components on the HIPAA web pages.  University Counsel defines required protections in conjunction with the UISO.

A Health Data Unit (HDU) is a component which has Secured Health Data not governed by HIPAA/HITECH.  The University publishes a list of Health Data Units on the UISO web pages. 

A Health Data Manager is any member of the University Community who is affiliated with an HDU and acquires, processes, stores, transmits, reviews, or otherwise interacts with Secured Health Data 

Technology Service Provider Program

The Technology Service Provider (TSP)  Program provides education and support for  TSP executives, managers, staff, and Systems and Network Administrators concerning information security risks, protections for the University systems and information under their management;, and  incident reporting and management.
Technology Service Provider Organizations (TSPs)

Technology Service Provider Organizations (TSPs) are Campuses, schools, departments and individuals that manage significant information resources and systems for the purpose of making those resources available to other members of the Georgetown University community. TSPs include UIS, the University’s libraries, the Law Center’s Information Systems Technology Department, and the McDonough School of Business Technology Center. UISO collaborates with and provides guidance and training to TSP staff regarding information security.

Systems and Network Administrators (SNAs)

Systems and Network Administrators (SNAs) install, maintain, and monitor university, school, departmental or local computer systems and networks including hardware and software. They are responsible for how an information system is set up to protect the data in it or accessed through it.  Application Programmers and Administrators (APAs) are also included in the SNA designation.  UISO collaborates with and provides guidance and training to SNAs regarding information security.