View Current

Terms of Reference (Vice-Chancellor approved) - Data and Information Governance and Strategy Committee

This is the current version of this document. You can provide feedback on this policy to the document author - refer to the Status and Details on the document's navigation bar.

Section 1 - Overview


(1) The Data and Information Governance and Strategy Committee (DIGSC) is established as a Vice-Chancellor and Chief Executive Officer (VC&CEO) Committee and is delegated the functions as set out in these Terms of Reference relating to the governance and management of data and information assets.

(2) The establishment of this Committee and the delegation of authority to it are actions authorised by the VC&CEO. 


(3) The objectives of the Committee are to:

  1. provide oversight of the development and operationalisation of the whole-of-institution data and information governance and management, and its associated information operating models, strategies, and architectures;
  2. champion the implementation and maturity of data and information governance and data literacy;
  3. provide guidance to data and information operations and projects to ensure the investment and data are utilised efficiently and effectively to drive sustainable business practices and enhance decision-making to deliver UNE’s Future Fit strategy; and
  4. support the adoption of effective information and data governance frameworks including principles, policies, standards, methods and systems, and monitoring effectiveness across the full life cycle of information assets.
Top of Page

Section 2 -  Committee Membership

(4) The members of the Committee are as follows:

  1. Chief Financial Officer (CFO)
  2. Chief Operating Officer (COO), or nominee
  3. Deputy Vice-Chancellor (DVC), or nominee
  4. Deputy Vice-Chancellor Research (DVCR), or nominee
  5. a Dean of Faculty nominated by the DVC; 
  6. an Executive Principal nominated by the DVC; and
  7. Director Governance and University Secretary (DGUS).

In attendance

(5) The following UNE Representatives are in attendance to the Committee;

  1. Chief Information Officer (CIO);
  2. Chief Information Security Officer (CISO); 
  3. Director, Office of Strategy Management;
  4. Head of Business Intelligence and Analytics;
  5. Head of Data Governance;
  6. Head of Enterprise Architecture;
  7. UNE Privacy Officer; and
  8. Program Manager, Data Insights Reference Group.

(6) The Committee may co-opt other members from time to time for a specified period and purpose.


(7) The CFO will act as Chair. If the CFO is unavailable, the COO will act as Chair. If the CFO and COO are unavailable the Committee will elect a Chair to act during the period the CFO and COO are unavailable.

(8) The Chair may invite any person from within or external to the University to assist the Committee in its deliberations, for particular items or for entire meeting/s.

Responsibilities of Committee Members

(9) Members represent all organisational divisions to facilitate consultation processes, and are expected to contribute to the Committee as University Representatives to meet the overall objectives and interests of the University.

Gender representation objectives

(10) Gender representation will be in accordance with the Gender Representation on Decision Making and Advisory Committees Policy.

Top of Page

Section 3 - Functions of the Committee

(11) The strategic functions of the Committee are to:

  1. oversee the implementation of strategies set by VC&CEO and UNE Council in relation to data and information to realise the value from information and data assets;
  2. identify and manage risks associated with information and data, and cost of investments in information and data;
  3. oversee the implementation of business analytics and reporting capability, including the identification and development of standardised institutional reporting to deliver effective and efficient services to decision makers;
  4. ensure the continuous alignment of the information and data policy suite with regulatory and compliance obligations;
  5. ensure a consistent approach to the management of enterprise data, information and analytics, and ensure the adoption of the management approach.

(12) The endorsement functions of the Committee are to endorse:

  1. the strategy, operational plans and priorities to mature information and data governance;
  2. proposals for changes to the information and data architecture and structure;
  3. information and data governance related policy changes and updates to roles and responsibilities, processes, methods and system workflows;
  4. changes to the classification or level of risk for information and/ or data assets;
  5. escalation of areas of risk exposure that are outside the University’s risk appetite to the Senior Executive with recommendation/s for action.

(13) the monitoring functions of the Committee are to monitor:

  1. the use, performance and value-add of data and information assets, and management information;
  2. the quality of information and data assets, the efficacy and adherence to controls regarding proper information and data collection, storage and security, access, use and utility, retention and disposal;
  3. issues and the information and data governance risk register, and the progress of treatments and achievement of target risk exposure;
  4. evaluation processes of the effectiveness of each element of the information and data governance framework, and the framework’s compliance with relevant standards and regulations;
  5. the impact of information and data governance training and the role and responsibilities or domain data stewards; and
  6. the activities of DIGSC User References and Working Groups.

(14) The advisory functions of the Committee are to:

  1. provide cross functional perspectives on information data governance issues to focus on an enterprise view, reaching and maintaining a target maturity level, and encouraging information and data governance to provide value;
  2. champion information and data governance and standards, and cross-functional dialogue;
  3. identify potential issues and initiatives for consideration of the Chair to be brought to the Committee for informed decision making, or assistance;
  4. provide guidance and direction on the development of information and data governance policies, processes, systems and methods; and
  5. escalate issues that have institution-wide importance for information, approval or assistance with risk assessment and treatment prioritisation. 
Top of Page

Section 4 - User Reference Group and Working Parties

(15) The workplan for the Committee will be coordinated by the following reference groups:

  1. Data and Information Governance and Literacy User Reference Group
  2. Enhanced Analytics and Data Science User Reference Group
  3. Data Technology User Reference Group

(16) The Committee may establish other ad-hoc user reference groups and working parties where required.

Top of Page

Section 5 - Authorities

(17) This Committee is established under the authority of the VC&CEO to perform the strategic, endorsement, advisory and monitoring functions set out in these Terms of Reference and matters ancillary to those functions. The VC&CEO retains the authority to withdraw or modify this authority at any time.

Top of Page

Section 6 - Conduct of Committee business


(18) The Chair of the Committee will report to the VC&CEO on business conducted, and the Committee will report to the Digital Advisory Committee and the Senior Executive following each meeting.


(19) The Committee will meet on a bi-monthly basis. The Chair may schedule additional meetings as required. The Committee is expected to use technology and flying minutes to attend the urgent matters. Committee members are expected to be available on short notice, however should be given as much notice as practical.

(20) Conflicts of interest declared at the meeting will be recorded in the minutes and recorded in accordance with the Conflicts of Interest Policy and Procedures.


(21) A quorum will consist of a simple majority of of the members of the Committee at the time the meeting is held.

(22) Decisions will be made by consensus where possible, with the final decision to be taken by the Chair.

Business papers

(23) Committee business papers, or flying minutes, and explanatory documents, will be distributed to Committee members and any official attendees as required, with as much notice as practical.

(24) Privacy, urgency and recommended resolutions (endorsement or noting) will be noted in the request.

(25) Additional document may be tabled as short notice with the approval of the Chair.


(26) The Committee may pass a resolution by flying minute provided that the resolution has been approved by a simple majority of the Committee at the time the resolution is made.


(27) Meeting notes will be prepared by the meeting Secretary, kept to a minimum and circulated promptly following the meeting. Notes will include all action items, and will not require formal endorsement by the Committee.

Disclosure of information

(28) Disclosure of business papers, minutes or other information received by the Committee must only be made with permission of the Chair.

Use of technology

(29) The Committee will use technology including telephone, video-conferencing, telepresence,and any board management software, as arrange by the Chair and/ or Secretary to distribute meeting papers and otherwise to conduct Committee business.


(30) Once every twelve month period the Committee will devote at least part of a meeting to review the effectiveness of its policies, practices and procedures over the preceding twelve months.

Secretary to the Committee

(31) The Office of the Chief Financial Officer will provide secretarial and administrative support to the Committee.

(32) The Secretary is responsible for ensuring all Committee agendas, minutes and reports are recorded in the University’s Records Management System (Content Manager) in accordance with the University’s Records Management Rule and the State Records Act 1998 (NSW). All papers much be recorded prior to distribution to the Committee, and must contain the record number generated from Content Manager.

(33) The Secretary is responsible for obtaining advice from the Records unit ( to ensure Committee papers are stored in a container within the Records Management System with the retention schedule required under the State Records Act and associated Regulations.


(34) Information Governance means the development of a decision and accountability framework that defines acceptable behaviour in the creation, valuation, use, sharing, storage, archiving, and deletion of data and information. It encompasses the policies, standards, processes, metrics, and roles guiding the efficient and effective use of data and information for the University to realise its objectives.

(35) Information means is knowledge concerning objects, such as facts, events, things processes or ideas, including concepts, that within a certain context, have a particular meaning. Information is data that has been processed into a form (physical, oral or electronic) that is meaningful to the recipient. This definition includes, but is not limited to:

  1. Raw data
  2. Information that has been produced by combining or adding value to raw data
  3. Images
  4. Audio-visual material
  5. Web content
  6. Records
  7. Metadata, policies and procedures
  8. Methodologies
  9. Dashboards
  10. Models
  11. Analysis
  12. Knowledge, and
  13. Strategies.

(36) Information security means the protection of information and information and information systems from unauthorised access, use, disclosure, disruption, modification or destruction in order to provide confidentiality, integrity and availability.

(37) Data Governance means implementation of a set of policies, processes, structures, roles and responsibilities to ensure that an agency’s data is managed effectively and that is can meet its current and future business needs.

(38) Information Asset means a body of information, defined and managed as a single unit so it can be understood, shared, protected and exploited efficiently. Information Assets have recognisable and manageable value, risk, content and lifecycles.

(39) Data Management means the activities involved with managing data across the full lifecycle so that it is protected from unauthorised use and inappropriate deletion. Data needs to be appropriately managed from procurement or service design through to creation and final disposal. This includes protection of personal, health and sensitive information, and the prevention of deletion until enabled by legal authorisation.

(40) Data use includes: modelled, captured, calculated, transformed, stored or presented.