Departments and units are responsible for managing external webpages, internal SharePoint sites, and various electronic or paper repositories (including Teams, SharePoint folders, and ImageNow drawers) that contain operational or historical records. Certain content must meet web accessibility guidelines, and RDA schedules.
Unit Directors are Data Stewards for the data their department or unit consumes. Department employees assist with data and content management, but unit leadership is ultimately responsible for data and records they maintain and operate. Each checklist helps centralize multiple risks, laws and policies into one place for that content owner to digest.
Employees charged with maintaining a content area below should set a yearly or biannual calendar reminder and link this checklist KB as a page to reference to assist in their review.
External Website Checklist (Drupal Editor)
External Website, (Drupal Editor) Checklist
|
Area
|
Goal
|
Resources
|
|
Security Authorization
|
- Maintain proper access controls, ensuring only authorized personnel can edit your pages.
|
|
|
Archive
|
- Identify and properly archive outdated or non-active records according to records retention schedules (RDA schedules) and legal requirements.
- Remove content that no longer has a business use from the web pages.
|
|
|
Accuracy
|
- Ensure that all content within these systems is current, accurate, and reflective of actual operations and policies.
- Ensure website links work and link to up-to-date information.
|
|
|
Schedule Self Audits
|
- Ensure key web content auditing and updates are embedded into someone’s job description, and potentially reoccurring calendar reminders during academic semester or season changes that may require updates.
|
|
|
Accessibility
|
- Ensure content maintains accessibility and usability for WACG 2.1 AA.
|
|
Internal Website Checklist, SharePoint Refresh
Internal Website Checklist, SharePoint Refresh
|
Area
|
Goal
|
Resources
|
|
Security Authorization
|
- Maintain proper access controls, ensuring only authorized personnel can view, edit, or manage sensitive data and records.
- Have clear principles on who can view, and who can edit.
- If you are a data steward/custodian understand your responsibilities.
|
|
|
Archive
|
- Identify and properly archive outdated or non-active records according to records retention schedules (RDA schedules) and legal requirements.
- Dispose of records that are at the end of their RDA and no longer have a defined business purpose.
|
|
|
Accuracy
|
- Ensure that all content within these systems is current, accurate, and reflective of actual operations and policies.
- Ensure website links work and link to up-to-date information.
|
|
|
Schedule Audits
|
- Ensure key web content auditing and updates are embedded into someone’s job description, and potentially reoccurring calendar reminders during academic semester or season changes that may require updates.
|
|
|
Accessibility
|
- Ensure all links within function correctly to maintain accessibility and usability for WACG 2.1 AA.
|
|
Teams and Department SharePoint Assurance Checklist
Teams and Department SharePoint Assurance Checklist
|
Area
|
Goal
|
Resources
|
|
Responsibility
|
- For interdepartmental teams, determine WHO is the owner and responsible for this checklist.
- All teams must have at least two owners identified.
|
|
|
Security Authorization
|
- Maintain proper access controls, ensuring only authorized personnel can view, edit, or manage sensitive data and records.
- Have clear principles on who can view, and who can edit.
- Follow best practices in Data Organization below to see if your system is understandable.
- Follow the Principle of Least Privilege: Determine the different silos of information that need to exist in your team and give lowest permission levels they need to perform their assigned tasks.
- If you are a data steward/custodian understand your responsibilities.
|
|
|
Archive
|
- Identify and properly archive outdated or non-active records according to records retention schedules (RDA schedules) and legal requirements.
- Dispose of records that are at the end of their RDA and no longer have a defined business purpose.
- Label folders in a meaningful way, with some level of year classification.
|
|
|
Accuracy
|
- Ensure that all content within these systems is current, accurate, and reflective of actual operations and policies.
- Follow practices in Data Organization.
|
|
|
Schedule Audits
|
- At least twice a year, someone should audit access levels and ensure file systems meet this checklist practice.
|
|
|
Accessibility
|
- Maintain accessibility and usability for WACG 2.1 AA standards if content is covered by such.
|
|
|
Recoverability
|
- By default, SharePoint is backed up every 30 days for recovery.
- Should you have critical data as defined below you must provide the IT department with the exact locations of your critical data.
|
|
All Other Approved Storage Locations
All Other Approved Storage Locations
|
Area
|
Goal
|
Resources
|
|
Approval
|
The location where you are storing data and records must be approved by LIT.
|
|
|
Security Authorization
|
Data Stewards are responsible for maintaining proper access controls, ensuring only authorized Personnel can access records, and work with supervisors who request access for their employees to you.
- Have clear principles on who can view, and who can edit.
- Follow the Principle of Least Privilege: Determine the different silos of information that need to exist in your team and give lowest permission levels they need to perform their assigned tasks.
- Have a clear employee or campus partner onboarding/offboarding process to grant and revoke access to a system.
- Check any importing processes you have access to within your software domain and ensure the data is pulling.
Data Stewards must notify LIT in the event of:
- Data classification changes. (ex: if feature changes and they desire to store something of a different risk level)
- If they receive notification from the vendor of a breach.
- Ensure data classified properly on an annual basis.
|
|
|
Archive
|
- Does something need to exist in physical form for a business process or for record retention purposes?
- Should it be referred to university archives for archival value?
|
|
|
Accuracy
|
- Ensure that all content within these systems is current, accurate, and reflective of actual operations and policies.
|
|
|
Accessibility
|
- Ensure settings you control maintain accessibility and usability for WACG 2.1 AA standards if content is covered by such.
|
|
|
Recoverability
|
- If Mission Critical data is present in your third-party space, review your recovery plan in the event of a data lose.
|
Your data recovery plan
|
Physical Records
Physical Records
|
Area
|
Goal
|
Resources
|
|
Security Authorization
|
- Access to the physical space is controlled so that only those who should have access can review the records.
- There is clean chain of custody for keys associated with any file cabinets.
|
- Unit employee files and onboarding/offboarding files list when an employee is given or returns cabinet or drawer keys.
|
|
Accessibility and Ergonomics
|
- Location is navigable, and lifting any boxes or opening drawers would not reasonably cause injury.
- Records organized with a methodology someone would reasonably be able to deduce.
|
- Office of Safety and Risk Management
|
|
Archive
|
- Documents being maintained in paper form can be traced back to a Record Schedule and the Record Management Plan.
- There is a clear business purpose why the records must be maintained, or they must be kept under a certain RDA, audit or legal reason.
- The paper records are simply NOT duplicates of electronic records, unless there is a clear business purpose why the records must be in paper form.
|
|
|
Accuracy
|
- Unnecessary drafts that are inaccurate, or any document/folder is not labeled incorrectly.
|
|
|
Recoverability
|
- If Mission Critical data is present in your Team, review your recovery plan in the event of a data lose.
|
Your data recovery plan
|
