Following recommendations from the 2020 Distributed Computing Audit, the university committed to significantly reduce and streamline IT policies to provide practicable guidance to all Carleton IT stakeholders.
To achieve this outcome, consultations with key stakeholders were undertaken between 2021 and 2022, with policy development and approval concluding in late-2023.
A joint effort between the Office of the General Counsel, the Privacy Office, the Office of Risk Management and Information Technology Services, this process successfully condensed 15 policies into four and is assisting ITS in operationalize its governance.
These policies were presented to SMC and approved.
More to Come
More work is to come. Detailed technical information will be added to in appendices of the four main policies, and technical requirements will be consistently updated in alignment as necessary.
“With the rapid adoption of AI, we are seeing the most significant change in information technology since the introduction of the World Wide Web in 1993,” said Steve Fraser, Director of Information Security. “This is accompanied by significant changes in the legal, regulatory and insurance compliance requirements for information technology. The university will continue to proactively improve its policies, governance and cybersecurity posture to meet these changes.”