Home >> Information Security Office

Data Owners

UT Tyler Office of Information Security

Definition

TAC 202:

  • A person with statutory or operational authority for specified information (e.g., supporting a specific business function) and responsibility for establishing the controls for its generation, collection, processing, access, dissemination, and disposal

UTS 165:

  • The manager or agent responsible for the business function that is supported by the information resource or the individual upon whom responsibility rests for carrying out the program that uses the resources. The owner is responsible for establishing the controls that provide the security and authorizing access to the information resource.

Owner Responsibilities

The owner or his or her designated representatives(s) are responsible for and authorized to:

  • Approve access and formally assign custody of an information resources asset;
  • Determine the asset's value;
  • Specify data control requirements and convey them to users and custodians;
  • Specify appropriate controls, based on risk assessment, to protect the state's information resources from unauthorized modification, deletion, or disclosure;
  • Confirm that controls are in place to ensure the accuracy, authenticity, and integrity of data;
  • Ensure compliance with applicable controls;
  • Assign custody of information resources assets and provide appropriate authority to implement security controls and procedures;
  • Identify an Information Security Administrator (ISA) for the system that contains the data for which they are responsible for;
  • Review access lists based on documented security risk management decisions;

Examples of data owners

  • Supervisors in Offices of the Registrar, Financial Aid, Admissions, Student Business Services, Advancement;
  • Deans of the Colleges;