Central Oregon Community College
Directory
Student Login
Employee Login

This is the searchbox for the COCC website

G-22-1 Data Governance Policy

Approved: 2/13/2026

Definition:
Data governance is the process by which an organization manages its data to ensure it is secure, accurate, consistent and useable. It involves establishing policies, roles, responsibilities, and procedures that govern how data is collected, stored, accessed, and used.

Policy Purpose:
The Data Governance (DG) Policy: 1) establishes uniform data governance policy and standards; 2) Identifies shared responsibilities for ensuring data integrity; and 3) promotes data governance practices that efficiently and effectively serve the needs of COCC. COCC values access to timely, accurate, and consistent information while fully appreciating the basic security and privacy requirements involved. Controlled access by employees to administrative information is necessary to support business functions.

The DG policy further provides direction for required compliance on classification, ownership, and retention of data and information for COCC as well as clarifying accountability for data and information. Data and information as pertaining to this policy includes both electronic and non‐electronic data. COCC establishes this Data Governance Policy to define standards, accountability, and oversight for institutional data.

Policy
COCC is reliant upon the confidentiality, integrity, availability, security, and privacy of its data and information to successfully conduct its operations, meet internal and external stakeholder’s expectations, and provide services. Information Technology Services (ITS) department will be responsible to provide appropriate resources guidance and training to ensure that the data governance frameworks, security practices, privacy requirements and compliance obligations are understood and applied across the organization.

The COCC ITS department has adopted the CIS Critical Security Controls Version 8.1 as the institution’s information security framework supporting this DG policy. The CIS framework is an industry-recognized standard and will be implemented and managed by the Information Technology Services (ITS) department. COCC recognizes and adheres to all applicable federal, state and local regulatory requirements which include, but are not limited to Family Educational Rights and Privacy Act of 1974 (FERPA), the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Gramm-Leach-Bliley Act (GLBA), and the Payment Card Industry Data Security Standard (PCI DSS). Additionally, other protocols, procedures, standards, and guidelines will be provided to stakeholders by the COCC Information Technology Services (ITS) department and COCC Data Governance Committee.

This policy will be reviewed at least annually by the Information Technology Services and COCC Data Governance Committee. The scope of this policy Is managed by COCC ITS Department to ensure COCC employees, and all individuals who create access, or use COCC data are informed and aware of Data Governance best practices.