Risk & Security

Recommendations

1. Address single points of failure through system development and service rollout strategies and robust service management plans.
2. Enhance existing vendor management practices to more fully monitor vendor performance and plans.
3. Develop institution wide disaster recovery, business continuity and pandemic plans which coordinate process, resources and infrastructure across all IT providers.
4. Include a proactive component aimed at addressing pending internal or external risk as the result of new technology, government direction or like factors.

1. Identify and address gaps and take specific measures in order to better safeguard its intellectual property, data and individual privacy, including clear lines of authority to act on threats when they occur.
2. Foster an environment where security becomes a key lens and part of the fabric and culture through education, best practices, a community of practice, all of which is geared to the activities and needs of different stakeholders.
3. Launch specific initiatives which would improve security through support for research and its data, an enhanced asset management system, mandatory training programs, health information, incident response and others to be identified.
4. Provide the operational capability and ensure that the necessary governance and process is in place to quickly deal with issues
5. Ensure privacy and security, but support access to data and best practice in that area.