Information Stewards

An Information Steward is responsible for organizing their department's or office's handling of sensitive personal information (SPI).

For questions about the Information Steward role description contact either Lorna Koppel, Tufts Technology Services Director of Information Security, or Beth Knauss, Tufts Technology Services, Information Security Compliance Program Manager.


Each business unit or group at Tufts is required to designate an Information Steward (IS). The IS is accountable and responsible for implementing information stewardship safeguards and best practices within their business unit or group.

Roles and Responsibilities of Information Stewards

Information Stewards are responsible for organizing and supporting the proper handling of sensitive personal information in their unit or other group. A steward:

  • Is knowledgeable about protecting SPI
    • Regularly attends training and reviews information provided by Information Security, especially through the ISPortal
    • Is familiar with the laws and regulations and the university policies that apply to SPI
    • Is familiar with best practices for protecting SPI
  • Knows and learns about their group
    • Knows and learns about what type of SPI their group uses or stores
    • Is able to describe the activities that use or store SPI in their group
    • Using supporting tools, documents what SPI is used and how it is used
  • Consults with Information Security to evaluate and develop their group’s practices to protect SPI
    • Develops local policies and procedures for their group for collecting, accessing, transporting, storing, and disposing of records containing SPI
    • Coordinates and supports implementing university and local policies and procedures to safeguard handling SPI by their group
  • For the staff, faculty, students and others that are part of their group, raises their awareness of the importance of protecting SPI
    • Educates and provides training, using supplied materials
    • Acts as a resource as staff and others implement practices to protect SPI
  • Understands what to do if there is a possible breach of SPI

See the Information Stewards Contact List (PDF) for a listing of all the Information Stewards at Tufts.

Reporting Relationships

Information Stewardship Subcommittee

The ISS contributes to developing university-wide policy and strategy for the stewardship of institutional data. Its Charge includes information security, privacy, government and industry regulation, and information management principles, with an objective of maximizing institutional data’s value in support of the university’s vision and mission.


Information Stewards carry out their responsibilities by coordinating and collaborating with their group’s manager, who shares with the Information Steward responsibility for the proper management and protection of sensitive personal information.

Incident Reporting

Information Stewards follow the guidance at Reporting Information Security Incidents.