1. Introduction

Orapuh recognises the importance of effective data governance to ensure the integrity, security, and usability of its data assets. This policy establishes the framework, principles, and procedures for managing data across the organisation.

2. Scope

This policy applies to all data collected, processed, stored, or used by Orapuh, including but not limited to research data, academic data, administrative data, and personal data.

3. Principles

  • Data Ownership: Orapuh owns all data generated or collected in the course of its activities. Data stewards will be designated for each dataset to ensure accountability and oversight.
  • Data Integrity: Orapuh is committed to maintaining the accuracy, consistency, and reliability of its data throughout its lifecycle. Data quality assessments and validation procedures will be implemented to uphold data integrity.
  • Data Security: Orapuh will implement appropriate technical, physical, and administrative safeguards to protect data from unauthorised access, disclosure, alteration, or destruction.
  • Data Privacy: Orapuh will comply with applicable data protection laws and regulations to ensure the privacy and confidentiality of personal data. Consent will be obtained for the collection and use of personal data, and data subjects’ rights will be respected.
  • Data Transparency: Orapuh will strive to be transparent about its data collection, processing, and use practices, providing clear and accessible information to data subjects about how their data is handled.

4. Data Governance Framework

  • Data Stewardship: Data stewards will be assigned for each dataset to oversee its management, integrity, and compliance with data governance policies. Data stewards will be responsible for data classification, access control, and usage policies.
  • Data Classification: Data will be classified based on its sensitivity, criticality, and regulatory requirements. Classification levels will determine access controls, encryption requirements, and other security measures.
  • Data Access and Usage: Access to data will be granted on a need-to-know basis, with appropriate permissions and controls in place to prevent unauthorised access or misuse. Data usage will be limited to authorised purposes and in compliance with data governance policies.
  • Data Retention and Disposal: Data will be retained only for as long as necessary to fulfill its intended purpose or comply with legal, regulatory, or contractual requirements. Data disposal procedures will be implemented to securely delete or destroy data when no longer needed.

5. Compliance and Monitoring

  • Compliance: Orapuh will regularly assess its data governance practices to ensure compliance with applicable laws, regulations, and industry standards. Any non-compliance issues will be addressed promptly and remediated.
  • Monitoring: Ongoing monitoring and auditing of data governance activities will be conducted to identify areas for improvement, mitigate risks, and enhance data governance effectiveness.

6. Training and Awareness

  • Training: Orapuh will provide training and education to employees, contractors, and other stakeholders on data governance policies, procedures, and best practices to promote awareness and adherence to data governance principles.

7. Accountability and Enforcement

  • Accountability: All individuals responsible for managing or accessing data within Orapuh are accountable for adhering to this data governance policy and associated procedures.
  • Enforcement: Violations of this policy will be subject to disciplinary action, up to and including termination of employment or contractual relationship, as well as legal action if warranted.

8. Review and Revision

This data governance policy will be reviewed regularly to ensure its continued relevance and effectiveness in supporting Orapuh’s mission and objectives. Updates and revisions will be made as necessary to address changes in technology, regulations, or organisational needs.

9. Adoption and Communication

This data governance policy will be communicated to all relevant stakeholders within Orapuh and made readily accessible through internal channels, such as the organisation’s intranet or employee handbook. All new employees and contractors will receive training on this policy as part of their onboarding process.

10. Governance Oversight

The Orapuh Oversight and Academic Board (OAB) will provide oversight and governance of this data governance policy, ensuring alignment with the organisation’s overall governance framework and strategic objectives.

This Data Governance Policy is approved by the Orapuh Oversight and Academic Board (OAB) and will be reviewed annually or as needed to ensure its effectiveness and relevance.