Access to Management Information
Your responsibilities in using management information
- In requesting access to management information and the Management Information Gateway, you must agree that you:
- are familiar with the University’s Data Protection Policy
- have completed the data protection training
- are familiar with the University’s Information Security Policy
- are familiar with any additional data retention policies which exist in your department
- are familiar with the requirements of the Freedom of Information Act and Environmental Information Regulations
- As some data from the Management Information Gateway is confidential and, on occasion, may include individualised staff/student information, you must ensure compliance with the following data handling principles for all data access on the Management Information Gateway:
- Data should be accessed only when required as a part of your employment
- Only the data required to fulfil the task should be queried and downloaded
- Be aware that database logins and queries are logged, and backups are kept of filestore documents
- Any local files or printed copies displaying confidential or sensitive data must be destroyed securely when no longer required
- Where possible a single ‘golden’ copy of the data should be used in preference to creating multiple copies
- Data should not be shared with other individuals unless you have been assured they are authorised to see the data (e.g. for staff data from ResourceLink, permission has been explicitly granted from HR, the system owner)
- Measures should be taken to ensure data displayed on screen is concealed from unauthorised individuals, e.g. by locking your computer when unattended and using privacy screens on computer monitors in open areas
- If individualised data requires further manipulation or sharing, you should ensure it is:
- only shared with authorised colleagues
- only stored on University approved filestores and never stored on third-party filestores, removable media such as CDs, DVDs, USB memory sticks and mobile devices
- never stored on local hard drives (internal and external) unless absolutely necessary and only for the duration of the activity (e.g. when transforming large quantities of data or recovering from system failure)
- always be encrypted where personal data needs to be transferred (at minimum through a password protected zip file and sent through the University’s DropOff service)
About our management information provision
Management information is primarily provided through one central portal, the Management Information Gateway. All data contained within the Gateway is for internal use only and must not be shared outside the University. If you believe that data has been shared inappropriately or a security breach has occurred, you should follow the method statement on data loss and information security breach management.
If you believe access to management information will support you in your role, you should first agree this with your line manager or Head of Department, as each access request will require their approval. To apply for access to the Management Information Gateway, please submit an MI Gateway Access Request.
Where appropriate, access can be given to information about one or more departments, and to one or more of the following categories depending on your role:
- Planning (including Strategic Planning Meetings and Medium Term Planning)
- Student recruitment, admissions and profiles
- Programmes and modules (including Key Information Sets)
- Student experience and outcomes
- Research and impacts (a separate privileged access is required for access to REF compilation data)
- HR and finance (a separate privileged access is required for access to individualised staff data)
- League tables
- Risk management
Why cannot I access a Tableau Workbook?
There can be a number of reasons that you cannot access a Tableau Workbook. The most common are:
1. A user is not on campus
Increasingly, people are picking up mail off campus on a mobile device or from home. To be able to remotely access secure areas, a user has to be connected to the VPN.
Solution: As part of communications, emphasise that a member of staff needs to be either on campus or using the VPN and point them to the instructions provided by IT Services.
2. The wrong web address is issued
This is author error so it is always worth getting another person to test a URL.
Solution: Ask a colleague to check a memo/web page prior to it going live.
3. The web address gets mangled
Sometimes if an email is passed between clients, the address can get chewed up and an address gets split over 2 lines within an email with the result that the web link no longer works.
For example, www.bbc.co,uk ends out as:-
Solution: If a Workbook address is long, give the address on a web page. It is also possible to use a URL shortener like bitly.
4. A person tries to access a workbook but has not been authorised
For example, it is agreed that a communication is sent out exclusively to all HODS so all HODS are given access to the Workbook in advance.
Once the communication goes out, a HOD forwards the message to all members of his/her department. However, members of the department will not be able to see it.
Solution: As part of the communication, indicate that the Workbook is locked down and if other people require access, they should complete the MI Gateway Access Request Form. Once the form has been completed, a line manager has to approve the request.
It is also useful to reflect on the accuracy of the target audience. In the above example, if the data is genuinely for HODs' eyes only then other people should not be given access.
5. A person already has MI Gateway Access but cannot access the Workbook
Solution: Within the Gateway, there is hierarchy of access. For example, HODS see more information than junior members of staff.
If a member of staff changes role with a department or moves to a new department, BIU needs to be informed via the MI Gateway Access Request Form.
6. A person is assigned appropriate access rights but still cannot gain access to the Workbook
Solution: Ask the person to shutdown ALL their web browser sessions and restart their browser. N.B. They need to shutdown all sessions - sometimes a browser window can sit behind an Excel sheet etc.
Restarting the browser should eliminate any caching issues and they will have access.