Policies and Procedures

University Policies are approved by Senior Management Committee (SMC). SMC policies apply to ALL faculties and departments, university wide. ITS Policies apply to services administered by ITS and anyone using those services.

The Desktop and Laptop Computer Equipment Policy states that “all desktop and laptop computer equipment purchased with operating
funds must be purchased from the preferred vendor and equipment list”. A list of vendors is on Procurement Services site. This is a Senior Management Committee (SMC) policy and applies to ALL areas of the university.

Because online services present a unique set of risks to the entire university, well beyond your own faculty or department, the Cloud Computing policy states that “Data Protection Risk Assessments must be performed prior to the exchange of information and awarding of a contract. Assessments are conducted by the ITS Security Governance team and the University’s Privacy Office.”  Additionally, contract language will be reviewed by the university’s legal counsel to understand the risks and potential exposure the service may present to the university. This is a Senior Management Committee (SMC) policy and applies to ALL areas of the university.