IM10 — Information Systems & Technology Management [DRAFT]

Records of the selection/acquisition, development, administration, daily operations and maintenance of the University's information and telecommunications systems, IT infrastructure, and associated services.

Related Records | Responsible Unit | Information Steward | Information Confidentiality Classification | Retention | Disposition | Authority | Retention Rationale | Version Information

Content & Scope

University information systems include enterprise systems supporting common administrative processes (e.g., HR and Finance systems) and smaller-scale systems supporting the work of one or more administrative units or work groups. Telecommunications includes fax, telephone, video-conference, telephone directory and voicemail systems and services. IT infrastructure and services include servers and storage, data centres, backups and data restoration, workstation support, network management, and managing the facilities required for computing and networking hardware.

The records document: program and project management; service design; systems acquisition or selection, design, and development; testing and implementation; system controls, daily operations and maintenance.

Records include:

  • Background research and evaluations of new technologies and potential technology solutions.
  • Program and project management deliverables, including feasibility studies, business cases, charters, meeting minutes and status updates, sign-offs and other closure reporting.
  • System development deliverables, covering systems analysis and requirements, design and development, testing, implementation, and maintenance.
  • System backups.
  • System/network performance and monitoring logs and reports.
  • Documentation of systems maintenance and operations subsequent to project closure.
  • IT asset inventories and asset management documentation.
  • Service design and management documentation, including service-level agreements.

Related Records

  • For IT strategic and annual planning, see AD30 – Planning & Review.
  • For standards, procedures and guidelines applicable to the University community, see AD40 – Policies, Procedures, & Guidelines.
  • For IT disaster recovery and business continuity plans, see HS12 – Emergency/Safety Plans & Programs.
  • For records of information systems & technology support services, see IM20 – Information Systems & Technology Support.
  • For identity and access management records, see IM30 – Information Security.
  • For software license agreements and contracts with vendors and external service providers, see AD80 – Contracts & Agreements.
  • For records of the procurement and purchase of IT hardware, software, and services for the University, see FN70 – Procurement & Purchasing.

Responsible Unit

  • Informations Systems & Technology.
  • Faculty IT support units.
  • Other units responsible for information systems and IT management.

Information Steward

Vice-President, Administration & Finance.

Information Confidentiality Classification

  • Public: information on IT systems and infrastructure projects, programs and services intended for  public release.
  • Restricted: system logs and other data containing the personal information of system users.
  • Confidential: all other records.

Retention

  • Program management: 7 years after program closure.
  • System planning, design/acquisition/selection, system and user documentation: 2 years after the project has been terminated or the system has been decommissioned/discontinued and the information managed in the system has met applicable retention requirements or has been successfully migrated to another system.
  • Log files: minimum of 90 days, and a maximum of 6 months. Please note: log files required for information security services and investigations are classified with IM30 – Information Security.
  • System backups: minimum of 14 days, for daily server backups, and a maximum of 13 months for full system/server backups, as documented in the relevant backup service schedule.
  • All other records: 2 years after last action.

Note:

  • Temporary records/data serving only an intermediate role in systems processes are transitory records, and should be deleted/purged when they are no longer needed.

Disposition

Secure destruction.

Note

Responsible Units should document the disposal/destruction of official records using the University records destruction form or equivalent documentation, to verify that we are following our records retention rules.

Retention Rationale

The retention period is based on operational use.

Under Review Date

16 December 2022.