Information Security

Information security procedures & controls

The University guidelines on use and security of information systems are:

IST Information Security Services, Policies, standards, and guidelines web-page includes more guidance, including:

The Guidelines for secure data exchange should be followed by all employees when choosing secure methods for sharing electronic information.

The Information & Privacy website includes guidance on basic security measures required for all information, including hard-copy information:

Information confidentiality classification

See the next section, Guidance on Information Confidentiality Classification, for more information.

Information security risk management methodology

The information security risk management methodology includes:

Information security incident reporting procedures

As defined in Policy 46, an information security breach involves one or more of:

  • A circumvention of information security controls;
  • The unauthorized use of information;
  • The unintended exposure of information.

Information custodians who become aware on an information security breach should follow the Information Security Breach Response Procedure.

Any information user who becomes aware of an information security breach should inform an information custodian - typically a manager - in the unit responsible for the information. If you are unsure, contact the University Records Manager, Privacy Officer, or IST's Information Security Services (, or ext. 41125) for assistance.