Preamble
The University of Waterloo encourages the effective, appropriate and innovative use of e-business to enhance service to students, faculty, staff and the public. E-business can improve the timeliness of services and reduce the cost of providing them. E-business is viewed as a natural extension of the academic and business processes already in place at the University and therefore must conform to the institution’s existing policies, procedures, and guidelines. All such endeavours need to protect the University’s assets, reputation, the integrity of the data, and preserve users’ trust and confidence in using e-business. This requires an appropriate combination of management oversight and support, and includes policies, procedures, technologies, and internal controls.
Scope
This statement applies to all e-business initiatives which involve UW facilities, personnel, or other resources. For these purposes, we consider “e-business” to be web-based University business processes that have most of the following characteristics:
- respect the confidentiality of individuals;
- are “two-way” exchanges of information between a University information system and another party (which may be an external organization or individual, a University of Waterloo student, or a University of Waterloo employee);
- require strong identification and authentication of the other party; or
- result in a strong commitment to act by those engaged in the e-business transactions.
Examples include:
- accepting payment via the Internet (e-commerce),
- signing documents electronically,
- disclosing official mark transcripts to students,
- processing student course drop and add requests,
- accepting employee change of address or banking information,
- making an internal purchase request via the web or e-mail,
- submitting financial reporting to internal and external clients,
- submitting online applications for funding,
- making external purchases via the web or e-mail, with appropriate approvals,
- posting employer job offers for co-op students, and
- accepting academic assignments electronically.
It is not intended to include:
- normal exchange of e-mail,
- browsing of unrestricted web sites at UW,
- electronic requests for non-confidential information unrelated to any particular individual.
Standards & required practices
The University recognizes the need for both consistency and flexibility in academic and business activities. In order to enable the effective, secure implementation of e-business initiatives, the University establishes the following standards and required practices:
- Every e-business initiative must adhere to privacy practices in accordance with federal and provincial privacy legislation and the University’s Protection of Privacy and Freedom of Information guidelines.
- Transmission and storage of information must comply with Policy 46 - Information Management.
- Any e-business activity resulting in a financial transaction must adhere to generally accepted accounting principles and the University’s accounting practices.
- All e-business systems and processes must be subject to internal and/or external audit.
- All e-business systems and processes for acquiring goods and services must comply with all current University procurement rules and regulations. (See Policy 17)
- All e-business initiatives must comply with Section 9 of Policy 15 relating to the sale of merchandise and services.
- E-business web site content must not include third party advertisements. Advertising of events, activities, or services that are not University-related is an inappropriate use of University resources.
- Any efforts to divert e-business revenues or compromise systems associated with e-business activities are subject to prosecution under Ontario and Federal Statutes pertaining to theft, alteration of public records, or other applicable laws.
- E-business activities that involve accepting credit card payments must comply with E-commerce Standards and Procedures.
Footnotes
The following documents are relevant supplements to this Statement:
- PCI Compliance
- Policy 46, Information Management
- Statement on Use of UW Computing and Network Resources
- Statement on Security of UW Computing and Network Resources
- Section 9 of Policy 15 that relates to the sale of merchandise and services
- Policy 17, Quotations and Tenders
- Procedure 8 - General Financial Services
Authority
This Statement was endorsed by Executive Council on October 14, 2009. (Updated, August 1, 2019)