Scope & Statement of Applicability

 The scope of this IT Security Policy Framework includes the entire University enterprise, including the regional colleges, Guelph-Humber, all administrative, academic, research and ancillary units, and the entire University networking environment (including remote and mobile users). 

This Framework reflects the risk management and risk assessment priorities of the Enterprise Risk Management Steering Committee (RM-SC), and documents the connection between risk assessment and identification of appropriate controls.The Framework is intended to guide cost-effective protection of all systems infrastructure, applications, services, databases and computing accounts (i.e. information assets).

Implementation of controls, including enterprise-level policies, standards, and processes are intended to reduce inherent IT risks to acceptable levels (i.e. residual risk).

The Framework references guidance of the international ‘code of practice’ for information security contained in ISO/IEC 27002:2005.