The Program

Information Security at the University of Toronto (UofT) is a risk management program designed to protect people, data, and university digital assets and is built on shared risk management responsibility between the Chief Information Security Officer, Unit Heads, Faculty, and all individuals. Service delivery and operational responsibility is shared stewardship with Campus, Divisional, Departmental, and Academic IT, Information Technology Services, and others.

The program prioritizes shared areas of focus, largely informed by:

  1. Academic, functional and operational outcomes. Inputs include the mission of the university, campus and divisional strategic plans, departmental goals, etc.
  2. High impact current and emerging risks. Inputs include security assessments, government threat reports, CanSSOC guidance, etc.
  3. Alignment with university Information Security Standards and regulatory & legal requirements. Inputs include the UofT minimum information security standard, FIPPA, PHIPA, PCI-DSS, HIPAA, etc.

The program is governed by the Information Security Council.

Institutional Alignment


The University of Toronto’s (U of T) IT@UofT strategic plan focuses and guides efforts to support the University’s academic mission through information technology services, informing the vision, framework and initiatives, both within the Information Technology Services (ITS) division and across the University.

The Information Security Program aligns with and supports the IT@UofT shared approach:

Data Governance

The University of Toronto’s Institutional Data Strategy (IDS) articulates University’s data and analytics priorities. Initiatives under the umbrella of the IDS will be tied to improving institutional performance and outcomes (e.g. student success, research productivity, operational excellence), while incrementally introducing new data technologies, processes and/or policies to support those initiatives.

The Information Security Program aligns with and supports the shared Data Governance strategy:

FIPP Office

The Freedom of Information and Protection of Privacy (FIPP) Office oversees and supports access protection of privacy at the University, by:

  • protecting the personal privacy of students, faculty and staff,
  • processing access requests, and
  • leading and fostering excellent access and privacy practice

The Information Security Programs aligns with and supports the FIPP Office:

More Information

Icon of a contract with a pen and signature.

Information Security Council

The Information Security Council (ISC) provides broad consultation in planning and decision-making processes as it relates to Information Security at the University of Toronto.

Icon showing information security: two hands cradling a green shield with a white checkmark.
Icon of a contract with a pen and signature.


The Tri-Campus Information Security team is a distributed, collaborative team comprised of experts across many disciplines  working together to provide a safe and secure environment for the entire University of Toronto community.

Icon showing information security. A computer surrounded by a shield, an envelope, a gear and a pencil.
Icon of a contract with a pen and signature.

Office of the CISO

The chief information security officer (CISO) is responsible for providing strategic leadership and oversight of the University of Toronto’s (UofT) information security and privacy programs.

Icon of a contract with a pen and signature.
Icon of a contract with a pen and signature.

ITS Security Team

The Information Technology Services (ITS) Information Security and Enterprise Architecture (ISEA) team provides or functionally owns shared services in incident response, network security, remote access, risk assessment, security architecture, and identity management.

Icon of a contract with a pen and signature.