System Owner & Data Owner Training

System-Owner-Data-Owner

The System Owner is the University manager responsible for having an IT system documented, operated and maintained.  With respect to IT security, the System Owner’s responsibilities include the following:

  1. Require that the IT system users complete any system unique security training prior to, or as soon as practicable after, receiving access to the system, and no less than annually, thereafter.
  2. Ensure that system documentation and diagrams are updated with system changes.
  3. Manage system risk and develop any additional information security policies and procedures required to protect the system in a manner commensurate with risk.
  4. Maintain compliance with University Information Security policies and standards in all IT system activities for both systems hosted by a third-party provider and on-premise systems.
  5. Maintain compliance with the Third-Party Hosted System/Application Security Review Procedures when system is hosted by a third-party provider.
  6. Maintain compliance with requirements specified by Data Owners for the handling of data processed by the system.
  7. Designate System Administrators, Data Owner and Application Administrator for the system.
  8. Complete annual role-based training.

The Data Owner is the University manager responsible for the policy and practice decisions regarding University data, and is responsible for the following:

  1. Evaluate and classify sensitivity of the data.
  2. Define protection requirements for the data based on the sensitivity of the data, any legal or regulatory requirements, and business needs.
  3. Communicate data protection requirements to the System Owner.
  4. Define requirements for access to the data.
  5. Complete annual role-based training.
  6. Approve access to data.
  7. Appoint a Data Custodian, where appropriate.

The Radford University IT Security Standard 5003s [PDF] requires all System Owners and Data Owners to complete training annually.  The IT Security Office provides this training via Desire 2 Learn throughout the year, but an individual assigned to these positions can request one-on-one training.

How to Request This Service

Send an email to itsecurity@radford.edu to request training. Please include your contact information so we can setup a session with you.