Having received an Audit Report in May 2020 on Distributed Computing, management undertook the task of reducing and streamlining the university’s IT policies to provide practicable guidance to all Carleton IT users. After diligent consultation, it was decided to shift from 15 existing policies to four. The Senior Management Committee met on Nov. 30, 2023, to review and approve the four new IT Policies as well as the Signing Authorities Policy:
Acceptable Use of Information Technology and Email
Carleton University provides IT resources to its campus community, including students, faculty, staff, contractors, visitors, alumni, and retirees. It is provisioned that the users of these resources must act responsibly to prevent their abuse or illegal use.
This policy outlines the university’s position on the provisioning, operation, use, and decommissioning of IT resources. It applies to all IT resources, including networks, email systems, information systems, applications, and information assets, as well as to individuals and organizations using these resources on or off campus.
This policy replaces the IT Acceptable Use Policy, and Email Policies.
Data Protection and Risk Management Policy
This policy aims to define the requirements for classifying and protecting the university’s physical and digital data assets to mitigate information security risks. The confidentiality, integrity and availability of the university’s data and information must be preserved when stored, processed, or transmitted through software, systems, and processes.
This Policy applies to anyone that uses, accesses, or connects to university records or managed software, systems, processes and data.
This policy replaces the Cloud Computing Security, Data Classification and Protection, and Information Security Incident Response Policies.
Information Technology Procurement Policy
The purpose of this policy is to facilitate Carleton University’s procurement of IT equipment. This policy ensures that the University obtains better prices and incurs fewer expenses for technical support, training, and infrastructure by standardising these purchases, as well as providing access to the support services offered by ITS.
The purpose of this Policy is to determine the best ways for the University to acquire IT equipment in terms of both cost and functionality. This policy applies to all faculty and staff members whose departments are responsible for purchasing, maintaining, or disposing of IT equipment.
This policy replaces the Acquisition of Wireless Cellular Services, Desktop and Laptop Computer Equipment and Telecommunications Cabling and Wiring Policies.
University Information Technology (IT) Security Policy
Carleton University is committed to protecting the university’s information assets by implementing specific security requirements. This policy defines the
information security and information technology requirements for the protection of those assets. All employees are responsible for managing risk and safeguarding the security and integrity of the university’s information assets. Proper security is essential for the university’s compliance with legal, regulatory, and contractual obligations.
The policy applies to all individuals, including but not limited to faculty, staff, researchers, students, visiting scholars, visitors and any authorized third-party agents that support or use Carleton University’s information systems.
This policy replaces the Information Security, Mobile Technology Security, Password, Remote Network Access, and Information Technology Security Policies.
This policy outlines the authority of various members of the University community to bind contracts, expanding upon resolutions and ensuring proper assessment and approval processes are followed before signing any binding documentation. Signing authorities can only be exercised according to this Policy and the “Procedures for the Exercise of Signing Authority”.
This policy covers Contracts, Construction Contracts, Employment Contracts, Gift Agreements, Purchase Contracts, Research Proposals, Research Contracts, and insurance coverage confirmations.
One notable change is that the Average Annual Value and the Total Value for Research Contracts rose from $100,000 to $300,000 and from $300,000 to $500,000, respectively.