University Policies

Senior Management Committee (SMC) met on Nov. 30, 2023, to review and approve the four new IT Policies, replacing and retiring fifteen previous ones:

Acceptable Use of Information Technology and Email

  • Carleton University provides IT resources to its campus community, including students, faculty, staff, contractors, visitors, alumni, and retirees. It is provisioned that the users of these resources must act responsibly to prevent their abuse or illegal use.
  • This policy outlines the university’s position on the provisioning, operation, use, and decommissioning of IT resources. It applies to all IT resources, including networks, email systems, information systems, applications, and information assets, as well as to individuals and organizations using these resources on or off campus.
  • This policy replaces the IT Acceptable Use Policy, and Email Policies.

Data Protection and Risk Management Policy

  • This policy aims to define the requirements for classifying and protecting the university’s physical and digital data assets to mitigate information security risks. The confidentiality, integrity and availability of the university’s data and information must be preserved when stored, processed, or transmitted through software, systems, and processes.
  • This Policy applies to anyone that uses, accesses, or connects to university records or managed software, systems, processes and data.
  • This policy replaces the Cloud Computing Security, Data Classification and Protection, and Information Security Incident Response Policies.

Information Technology Procurement Policy

  • The purpose of this policy is to facilitate Carleton University’s procurement of IT equipment. This policy ensures that the University obtains better prices and incurs fewer expenses for technical support, training, and infrastructure by standardising these purchases, as well as providing access to the support services offered by ITS.
  • The purpose of this Policy is to determine the best ways for the University to acquire IT equipment in terms of both cost and functionality. This policy applies to all faculty and staff members whose departments are responsible for purchasing, maintaining, or disposing of IT equipment.
  • This policy replaces the Acquisition of Wireless Cellular Services, Desktop and Laptop Computer Equipment and Telecommunications Cabling and Wiring Policies.

University Information Technology (IT) Security Policy

  • Carleton University is committed to protecting the university’s information assets by implementing specific security requirements. This policy defines the information security and information technology requirements for the protection of those assets. All employees are responsible for managing risk and safeguarding the security and integrity of the university’s information assets. Proper security is essential for the university’s compliance with legal, regulatory, and contractual obligations.
  • The policy applies to all individuals, including but not limited to faculty, staff, researchers, students, visiting scholars, visitors and any authorized third-party agents that support or use Carleton University’s information systems.
  • This policy replaces the Information Security, Mobile Technology Security, Password, Remote Network Access, and Information Technology Security Policies.

ITS Policies

ITS polices, guidelines and procedures are listed below:

Banner Change Management

Cardholder Data Network

ITS Account Management

ITS Change Management

CUNET Domain Membership and Access Policy

Data Backup and Restore

Data Centre Access

Domain Name Services (DNS)

Internet Bandwidth Management

Network Services

Radio Frequency Interference

Signing Authority (ITS)

Voice Services

Vulnerability Management

Wireless Network Operations

ITS Guidelines and Procedures

Banner Change Management Process

Glossary of Terms for Information Security

Campus Wireless Network Procedures

Cloud Computing Guidelines

Communications Infrastructure Standards and Specifications

Email Harassment

Residence Network User Guidelines

Network Service Degradation Response Procedures