Welcome to the HEDW!


Guest topic: Data Governance

Data Governance has been a hot topic over the past 3 years+ in the HEDW forums – structure, process, resource and enforcement have been areas of discussion and people have been willing to share experiences. This month’s article is “live from the trenches” – how Cornell University is addressing IT governance, a necessary component for any data governance program. The article was contributed by Gregory Menzenski, the Chief Data Officer and Assistant Director, Office of Data Architecture and Analytics for Cornell Information Technologies.

Cornell University has several IT policies that define the appropriate use and control of data. In May 2017, Cornell added an IT Governance Framework for administrative IT applications and related services. The university expects all stewards and custodians of information technology (IT) systems and services to develop, manage, and use those systems and services in a manner consistent with the university’s requirements for data security, data confidentiality, and business continuity.


The purposes of the IT Governance Framework are to:

  • enable effective stewardship of Cornell IT resources and reduce duplication
  • provide the university a means of review and approval necessary to ensure appropriate use of institutional data
  • make certain that any impacts to other systems and processes are known
  • ensure coordination with pertinent stakeholders
  • provide a streamlined and logical experience when employees, students, and external users are required to use Cornell applications


For the purpose of IT governance, the framework also defines Systems of Record (non-research data systems that provide administrative information required for the function of additional (integrated) systems) and Systems of Engagement (systems that provide a business service to two or more campus units).


The IT Governance Framework defines two classes of documents for review and approval for administrative IT applications and related services.

  1. The promulgation and collegial review of a simple Statement of Need for any new administrative application acquisition and/or development
  2. The need for an additional, more rigorous Charter review when solutions create a SoR or SoE or if changes to an existing SoR or SoE have user impact

The intent of the Statement of Need review is to ensure broad community awareness, to avoid redundant development or acquisition of solutions and to facilitate service alignment with Cornell’s goals.

Charters concisely frame a proposed project’s scope. The effort to produce a charter should be modest. Charters generally outline the roles and responsibilities for each project, stakeholders, requested timeframe, benefits and beneficiaries, potential risks and concerns, integration complexity, estimated staff time or contract services costs, costs and responsibilities of ownership beyond implementation, usability and other considerations, accessibility, explanation of why a solution is required if a similar one exists, estimated funding range and proposed funding source.


Additionally, the IT Governance Framework defines associated Responsible Parties.

  • The ITGC (IT Governance Council) as the final decision-making authority for information technology across the Ithaca campus including Cornell Tech. ITGC membership is assigned by the Executive Vice President and Provost.
  • The role of the CIO and VP for IT as an advisor and arbiter for all development of SoRs or SoEs regardless of funding source with a key focus on operational practices to ensure business continuity across the Cornell enterprise.
  • The IT Advisory Council that reviews SoE and SoR development and changes IF the impact requires feedback from multiple steering committees.
  • Steering Committees with membership consisting of vested business unit senior executives who understand funding, business need, policy and compliance issues around a given SoR or SoE. The CIO helps identify and advocate for appropriate members.

Since 2017, 153 Statements of Need and 85 Charters have been prepared. The IT Governance Framework has brought a level of transparency to IT changes and investments and changes and has improved overall communication and project and operational efficiency.


The HEDW Board has posted an update to the Privacy policy effective May 25, 2018. This policy update includes the European Union GDPR influence that supports European users of the HEDW website, forum and respective pages. Please take a moment to review here.

Helping Education Do Well” is one of our mantras when describing the role of the HEDW and the more localized roles of IT and IR groups to support their institutions’ missions. Please feel free to browse the website to see what HEDW is all about. Some pages, such as the discussion forums, are restricted to members only. Membership in HEDW is free, with the only requirement that you be an employee or student of a higher education institution. Get more information and request membership on the Become a Member page.

If you have any questions please contact the HEDW Board.