Iowa City Community School District operations committee hears data-governance update
October 15, 2025 | Iowa City Comm School District, School Districts, Iowa
This article was created by AI summarizing key points discussed. AI makes mistakes, so for full details and context, please refer to the video of the full meeting. Please report any errors so we can fix them. Report an error »
At a meeting of the Iowa City Community School District Operations Committee, technology and data staff presented an overview of the district's data-governance efforts and outlined next steps for formalizing policies and procedures.
The presentation, given by members of the district technology and data team, defined data governance as “decisions about data, not decisions using data” and described roles for data owners, stewards and custodians. The presenters said the district has made progress on a districtwide inventory of data repositories, access decision logging, master data management and a software-evaluation program.
Why it matters: The presenters tied the work to cybersecurity and legal compliance, saying clearer ownership and documented access procedures reduce the risk of unauthorized access and improve incident triage. They cited federal privacy requirements — FERPA and HIPAA — as drivers for classifying sensitive records and controlling who can see them.
Key points from the presentation
- Definition and roles: Presenters described data owners as decision-makers for datasets in their domains, data stewards as the day-to-day handlers who spot errors, and data custodians as the technical gatekeepers who grant access.
- Inventory and scope: Staff said they have compiled an inventory of more than 200 locations where district-owned data resides; the inventory includes both on-premises servers and cloud repositories that host district data.
- Security and recovery: Presenters said a prioritized inventory helps the district decide which systems to shut down or restore first in a cybersecurity incident. They noted the district performs phishing simulations every other month (up from quarterly), with the district’s test performance reported as stronger than typical districts and above 95% on recent metrics.
- Access and documentation: The team described an access-decision logging process for systems such as Infinite Campus to record who approved access and why, which staff said improves consistency and efficiency when granting accounts.
- Master data and automation: Presenters said Infinite Campus is being treated as the district’s “single source of truth” for student data and Vista for employee data, with automation planned so other systems reflect those master records rather than requiring duplicate manual entry.
- Software evaluation and curriculum partnership: Staff said about 330 software evaluations were completed in the past year; curriculum leaders review instructional tools first and IT evaluates security and rostering before a system is approved. Presenters said a small number of vendor requests were denied for unacceptable risk.
Discussion and questions
Committee members asked about the largest challenges (the inventory and discovery of hidden data repositories), costs of on-premises versus cloud storage (staff said raw storage is usually cheaper on-premises but shifts more operational risk to the district), and differences in account-security requirements for staff with elevated access. Presenters said Infinite Campus supports roughly 5,800 distinct permissions and that the district builds user-group profiles to limit permissions to job needs.
Next steps and actions proposed by staff
Staff described planned work to document current practices, engage wider stakeholders, establish a data-governance and standards committee, implement core data strategies and adopt data life-cycle management. They said the goal is to produce a data-governance handbook that compiles policies, procedures and strategies.
Formal actions recorded
- Approval of minutes: The committee moved and seconded approval of the previous meeting’s minutes; the chair called for a vote. The transcript records an affirmative voice vote but does not provide a roll-call tally.
- Agenda-setting motion: Committee members moved and seconded to adopt agenda scheduling for upcoming meetings; the chair called for a voice vote and the transcript records audible “ayes.” No formal roll-call or numeric tally was recorded in the transcript.
No new district-wide policies or committee charter were adopted during the meeting; staff presented progress and requested further stakeholder engagement and committee formation as next steps.
Ending
Staff thanked curriculum and HR partners for collaboration on software evaluations and privacy agreements. Committee members praised the technology and data staff for communicating technical issues to both technical and classroom audiences. The meeting then moved to routine agenda-setting and adjournment.
The presentation, given by members of the district technology and data team, defined data governance as “decisions about data, not decisions using data” and described roles for data owners, stewards and custodians. The presenters said the district has made progress on a districtwide inventory of data repositories, access decision logging, master data management and a software-evaluation program.
Why it matters: The presenters tied the work to cybersecurity and legal compliance, saying clearer ownership and documented access procedures reduce the risk of unauthorized access and improve incident triage. They cited federal privacy requirements — FERPA and HIPAA — as drivers for classifying sensitive records and controlling who can see them.
Key points from the presentation
- Definition and roles: Presenters described data owners as decision-makers for datasets in their domains, data stewards as the day-to-day handlers who spot errors, and data custodians as the technical gatekeepers who grant access.
- Inventory and scope: Staff said they have compiled an inventory of more than 200 locations where district-owned data resides; the inventory includes both on-premises servers and cloud repositories that host district data.
- Security and recovery: Presenters said a prioritized inventory helps the district decide which systems to shut down or restore first in a cybersecurity incident. They noted the district performs phishing simulations every other month (up from quarterly), with the district’s test performance reported as stronger than typical districts and above 95% on recent metrics.
- Access and documentation: The team described an access-decision logging process for systems such as Infinite Campus to record who approved access and why, which staff said improves consistency and efficiency when granting accounts.
- Master data and automation: Presenters said Infinite Campus is being treated as the district’s “single source of truth” for student data and Vista for employee data, with automation planned so other systems reflect those master records rather than requiring duplicate manual entry.
- Software evaluation and curriculum partnership: Staff said about 330 software evaluations were completed in the past year; curriculum leaders review instructional tools first and IT evaluates security and rostering before a system is approved. Presenters said a small number of vendor requests were denied for unacceptable risk.
Discussion and questions
Committee members asked about the largest challenges (the inventory and discovery of hidden data repositories), costs of on-premises versus cloud storage (staff said raw storage is usually cheaper on-premises but shifts more operational risk to the district), and differences in account-security requirements for staff with elevated access. Presenters said Infinite Campus supports roughly 5,800 distinct permissions and that the district builds user-group profiles to limit permissions to job needs.
Next steps and actions proposed by staff
Staff described planned work to document current practices, engage wider stakeholders, establish a data-governance and standards committee, implement core data strategies and adopt data life-cycle management. They said the goal is to produce a data-governance handbook that compiles policies, procedures and strategies.
Formal actions recorded
- Approval of minutes: The committee moved and seconded approval of the previous meeting’s minutes; the chair called for a vote. The transcript records an affirmative voice vote but does not provide a roll-call tally.
- Agenda-setting motion: Committee members moved and seconded to adopt agenda scheduling for upcoming meetings; the chair called for a voice vote and the transcript records audible “ayes.” No formal roll-call or numeric tally was recorded in the transcript.
No new district-wide policies or committee charter were adopted during the meeting; staff presented progress and requested further stakeholder engagement and committee formation as next steps.
Ending
Staff thanked curriculum and HR partners for collaboration on software evaluations and privacy agreements. Committee members praised the technology and data staff for communicating technical issues to both technical and classroom audiences. The meeting then moved to routine agenda-setting and adjournment.
View full meeting
This article is based on a recent meeting—watch the full video and explore the complete transcript for deeper insights into the discussion.
View full meetingSponsors
Proudly supported by sponsors who keep Iowa articles free in 2025
