平特五不中

Importance of IT policies

IT policies are an important foundation to protect 平特五不中鈥檚 data and 平特五不中鈥檚 IT resources, such as Cloud Services, software, hardware or voice communications systems. The policies:

  • Reflect and uphold 平特五不中鈥檚 mission and principles
  • Indicate how to preserve confidentiality and integrity of our personal and institutional data (enterprise and research)
  • Guide our community in making informed decisions. There are other types of governing documents, such as directives, regulations and standards, that we need to abide by. To understand the subtle differences, see below.

Reasons why we need to follow IT policies

  • The Quebec and Canadian governments have passed laws to protect the privacy rights of citizens through several laws & regulations. 平特五不中鈥檚 policies reflect these laws & regulations, and it is our individual and collective responsibility to be vigilant and compliant.
  • Many of us use sensitive data, such as student records, employee files, medical records, or data collected through research. This data is at risk of being exposed and used without user consent. Whether you are using a university-owned device (for instance laptop or mobile) or a personally-owned one, you need to keep sensitive data safe, and IT policies identify what must be done to mitigate the risks of data loss, theft and corruption.
  • Many of us use licensed software. When you use, copy, distribute, modify or sell software in a way that is not permitted by the terms of use (i.e. software license),聽you are engaging in an unlawful activity (software piracy). Every member of the 平特五不中 community must use software lawfully, since we are bound by the agreements that we implicitly or explicitly agree to.

What happens if we don't聽follow IT policies?

Policies can be seen as a constraint, and the impact of not following them may be intangible or invisible. However, as much as we try to shield our 平特五不中 community members, there are repercussions when a 平特五不中 community member doesn鈥檛 respect an IT policy. These members may put themselves and their unit at risk if they circumvent the safeguards required by聽these policies, and this may lead to security incidents, data breaches or software piracy.

To avoid financial penalties, legal actions, sanctions and reputational risk to yourself and 平特五不中, every member of the 平特五不中 community must鈥痗omply with the IT Policies.

Can a 平特五不中 community member make suggestions to improve an IT policy?

Yes, we encourage members of the 平特五不中 community to make suggestions for improvement. Suggested changes will be assessed, and revisions to the policy will take place when and if appropriate.

Who to contact with questions or comments聽about an IT Policy?

If you have any questions or comments about the IT policies, please email itgovernance.its [at] mcgill.ca

Definitions

The difference between Policies, Regulations, Directives and Standards聽is as follows:

  • Policies describe, to the 平特五不中 community members, the University鈥檚 position on a subject matter and articulate each member鈥檚 responsibilities in upholding the University鈥檚 mission and principles.
  • Regulations are similar to policies but they are more administrative and prescriptive in nature. They impose sanctions upon those who don鈥檛 respect the regulation.
  • Directives provide specific instructions or directions to support higher-order policies or regulations.
  • Standards鈥痯rovide 平特五不中 mandatory requirements, codes of practice, or specifications.

For more information, see the Policy for the Development and Review of Governing Documents.

    Back to top