Service Description
The Data Governance Oversight Group (DGOG) provides guidance and consulting on appropriate uses of University (Enterprise) data, classification questions, direction to authoritative sources of specific data, training on data governance responsibilities, and other University Data-related topics.
Additionally, the DGOG handles or facilitate requests for review or approval of certain data uses (procurement of new software or IT services, development of campus systems, changes to data inclusion or use for existing systems, new use of regulated data such as SSN, or other activities implicating mainly sensitive (Tier 2/3) information that require specific review.)
Some requests for specific data from campus sources for unit-level reporting, and guidance on unit self-reporting/dashboard activities can also be handled through the DGOG (see Data Governance at UNC for resources and guidance and for more detail).
If you are not sure where to go for help with a University Data question, the DGOG is available as a way finder and guide. The DGOG has five service offerings tailored to various needs.
- Review of Purchases – Use this if you need a data governance review for a vendor or a tool that you are buying. This is the best one to select if a vendor is providing a service for you, you are purchasing a new piece of software, you are renewing a contract for software or services from a vendor, or you are engaging an independent contractor. If you know you also need a risk assessment, this is the best service offering to select.
- Other Review – Use this if you need a data governance review, but you are not spending any money. Some common examples are: you are adding a plugin to an existing system, you are changing the scope of sensitive information in an existing system, you are making a major change to access to an existing system, or you are building a homegrown tool.
- Find and Request Data – Use this if you are requesting data that you do not already have access to. This is the best option if you are looking for a report or for raw data. If you want to set up an integration between two platforms so that you can transfer data from one to another please select the “Other Review” service offering instead.
- Ask a Question – Use this if your needs do not fit any of the three options above. Some examples: asking a question purely out of curiosity; need help determining the tier of your data; looking for an existing application/system/IT tool that meets your needs. If you are asking “Do I need a review?” it is best to instead select one of the two review options.
- M365 Plugin – Use this if you want to enable a plugin to a 3rd party application in Microsoft 365.
Audience
Employees
Documentation
User/Customer Responsibilities
- Provide the best information available related to your request. Not all questions on the Service Request apply to your situation. You many provide as much or little information as you choose in the initial request.
- Do not include any sensitive information of any kind in your service request! (A fulfiller will contact you if it’s necessary to communicate any Tier 2 or 3 information related to your request, simply note that you need to supply SI but do not attach or include it).
- Respond promptly and thoroughly to follow-up communications, provide the documentation or information needed to give you a response to your request.
Out of Scope
- Requests reporting data breach or other security incidents.
- Requests handled through specific offices of the University (see Data Governance at UNC for references to other types of data oversight and compliance and how to access those resources.)
- Requests for user access to specific systems (see the specific service/system which should have access provisioning methods available).
Other Important Info Worth Noting
DO NOT SUBMIT REPORTS OF KNOWN OR SUSPECTED DATA BREACH OR OTHER SECURITY INCIDENTS. If you believe that University Data may have been compromised, please call 919-962-HELP and ask for a critical response from a Security Analyst. Other information about reporting data malfeasance is available through the Office of Ethics and Policy or specific offices with responsibility for the data you are concerned with.
Documentation
See more at Datagov.unc.edu, safecomputing.unc.edu, and privacy.unc.edu
Expected Delivery
More than 2 weeks.
Keywords
report, steward, privacy, security, access, vendor, procurement, third party, DPC, protection, DGOG, use agreement, BAA, PCI, PII, personally identifiable, HIPAA, release, PHI, advice, research, analysis, Tier, protected, CERTIFI, custodian classification, FERPA, Legacy, risk
Support
Request support at any time. Service is monitored during weekdays. If you suspect a security or other data issue please do not report that in this form. Call the Service Desk and request a critical ticket to a Security Incident Handler.
Hours of Operation
8:00am-5:00pm M-F only