Information Security at the University of Toronto (UofT) is a risk management program designed to protect people, data, and university digital assets and is built on shared risk management responsibility between the Chief Information Security Officer, Unit Heads, Faculty, and all individuals. Service delivery and operational responsibility is shared stewardship with Campus, Divisional, Departmental, and Academic IT, Information Technology Services, and others.
The program prioritizes shared areas of focus, largely informed by:
- Academic, functional and operational outcomes. Inputs include the mission of the university, campus and divisional strategic plans, departmental goals, etc.
- High impact current and emerging risks. Inputs include security assessments, government threat reports, CanSSOC guidance, etc.
- Alignment with university Information Security Standards and regulatory & legal requirements. Inputs include the UofT minimum information security standard, FIPPA, PHIPA, PCI-DSS, HIPAA, etc.
The program is governed by the Information Security Council.