IT Policies

Three newly approved IT policies are now in effect at Guelph.

Over the past year or more, the Office of the CIO has been articulating an IT Security Policy Framework which defines a comprehensive security plan for the campus. The framework itself is a container for the various individual IT security polices that require specific attention.

Recently three new IT security policies were approved:

Roles and Responsibilities for IT Security. This is essentially "who is reponsibile for what" document. It makes clear the roles of senior adminstrators, IT professional, management, and individual members of the campus community.

End-point Encryption Policy. Arising from the rulings of the Privacy Commissioner, this is a very important initiative to ensure that laptops containing personal and confidential information about individual (think FIPPA) have full disk encryption. Guelph has worked with WinMagic to create a SaaS encryption service.

Vulnerability Assessment Policy. We need all the tools, policies and procedures we can muster to protect the IT environment at Guelph. The process of network discovery/scanning, identification of vulnerabilities, assessment, patching and mitigation is referred to as vulnerability management. A centrally-administered vulnerability assessment (VA) service will be utilized to discover vulnerabilities anywhere within the university technology environment, manage remediation of identified vulnerabilities, and monitor compliance.