Information Management Governance Committee

Terms of Reference

1. To advise the Vice Chancellor on governance of Information for the University.
2. To provide comment, direction and endorsement for information governance decisions.
3. To provide support for management strategies, policies, services and plans around
   information governance.
4. To oversee the management, protection, and ethical use of information at the university.
5. To ensure alignment with digital transformation by integrating information governance
   principles into digital strategy, emerging technologies, and data management practices.
6. To ensure alignment with Information security as it aligns with the NZISM and PSR and
   University of Otago Cyber Security Framework.
7. To monitor alignment with Pae Tata, Māori Strategic Framework, Pacific Strategic
   amework, other relevant institutional frameworks, strategies, policies and procedures.
8. To bring relevant stakeholders to discuss and contribute relevant information to work
   together to bring solutions.
9. To identify issues relating to information and records management at institutional,
   academic and service division levels and promote solutions.
10. To consider and implement recommendations from the Audit of Public O6ice
    Recordkeeping report.
11. To promote records management as a core part of business strategies, systems and
    processes.
12. To demonstrate commitment to Te Tiriti o Waitangi principles and accountabilities.
13. To advise on information management priorities that are strategic, and risk related.
14. To provide oversight of the University's information assets.
15. To report and maintain information management risks in the risks register.
16. To report updates into the Audit and Risk Committee.

Scope

The Information committee will provide:

1. Governance and accountability structures related to information, including Research,
   Learning and Teaching, data and public records.
2. Be the governing body for pre-approval of policies, procedures, and guidelines governing
   information at the University, including security before going to the Policy Managment
   Group.
3. Oversight of data privacy and protection especially as it relates to the Privacy Act 2020.
4. Provide a stewardship structure for data as per the University Information Framework.

Composition

Voting members

1. Head of Information Management (Chair)
2. Chief Digital Officer
3. DVC Research and Innovation
4. DVC Academic
5. DVC Māori
6. DVC Pacific/O6ice of Pacific Development
7. Dean Learning and Teaching
8. Representative from Office of Māori Development
9. University Registrar and Secretary to the Council
10. General Counsel
11. University Librarian
12. Head Curator Archives Hacken Collections
13. Chief People O6icer
14. Representative from SARO
15. Student Representative

Non-voting Members

1. Research Data representative
2. Head of Risk, Assurance and Compliance
3. Head of Enterprise Project Management
4. Head of IT Assurance and Cyber Security

Governance reporting

The report needs to support the governance role of the committee, certainly with a stronger focus on strategic rather than operational.

The focus will be on governance implementations, policies etc, that support the goals of the University and Pae Tata.

It would be desirable to have the committee be a place where interested stakeholders can meet to discuss risks, brainstorm desired outcomes to steer the University to seek solutions for all identified stakeholders work together.

The committee will meet on a bimonthly basis to provide initial extra governance oversight until systems and procedures are in place. After the initial year, the committee can discuss moving to meet on a quarterly basis.

Proposed standing agenda

• Welcome and Apologies
• Review and acceptance of minutes
• Matters arising
• Consider any reports to committee
• Information management report
• Review of information risks
• Other business
• Actions
• Next meetings date(s)