Data governance at UQ is framed around the ‘6 knows’. The 6 knows are based on the original ‘5 knows of cyber security’ and focus on how data should be protected to effectively manage any risks. 

The 6 knows at UQ are: 

Quality

Do you know if your data is of suitable quality to support decisions? 

Aspects to consider include: 

  • Is the data complete and accurate?  

  • What will let you know that things are going well or poorly? (e.g. feedback mechanisms) 

  • How do you know that people are following the right policies and procedures?  

  • Do you require compliance audits? 

  • Are you using standard terminology / have you developed logic on the naming convention? 

Learn more about data quality

Top of page

Value

Do you know the value and risks associated with the data?  
E.g. what is the risk of the data leaking? 

All UQ employees are responsible for understanding Information Security Classifications, using data in accordance with its Information Security Classification, and assigning classifications to newly created data.  

Further aspects to consider include: 

  • If your data is used by others, have you made it clear to users how to understand and interpret your data?  

  • Using metrics to continuously monitor and evaluate. 

Top of page

Access

Do you know who has access to your data? 

Aspects to consider include: 

  • Do you know who is currently accessing your data? (e.g. it may be fed into downstream applications, or used by PBI portal, Data Services, etc). 

  • Do people have access to data they shouldn’t?  

Top of page

Location

Do you know where your data is? 

All UQ employees are responsible for ensuring data is stored in an appropriate, secure place approved by the University.  

Further aspects to consider include: 

  • Knowing whether your data is saved in one location or across multiple systems.  

    • Do you understand the access and security around these locations?  
  • What happens if you need to retire your data?  

Learn more about where to store your files and information

Top of page

Security

Do you know who is protecting your data? 

All UQ employees are responsible for aligning with UQ’s security, confidentiality and privacy requirements. 

Further aspects to consider include: 

  • How is protecting your data?  

    • While ITS can protect the actual copy of the data, Information Stewards are responsible for protecting access to the data (access control). 
  • Do you know the processes, procedures and automated methods in place to ensure the security of the data? 

Top of page

Protection

Do you know how well your data is protected

Aspects to consider include: 

  • Ensuring data is classified appropriately. Security controls are applied commensurate with the Information Security Classification.

  • Undertaking security assessments to determine: do people have access to data they shouldn’t? Is the data that is supposed to be protected, appropriately protected?  

Visit the Cyber security at UQ webpage

Top of page