Securely enable world-class teaching, learning and research

Adhering to principles of openness, academic freedom and stewardship of public resources, information security at the University of Toronto is a shared responsibility of all members of our community.

The information security framework provides a baseline developed by the community, for the community in consultation with subject matter experts to: (1) enable the mission of the University, (2) increase trust and reduce risk, and (3) address regulatory and legal requirements the University must meet.

To support the diverse and complex needs of the University, unit heads maintain information security risk management plans aligned with the framework but adapted to the specific needs of the unit.

Learn more about the components that frame information security practices and support informed decision making at U of T.

Graphics showing the Information Security framework

  • Information Security Policies are set by the University community. They define how the institution addresses security and risk.
  • Standards specify what needs to be done to protect information and digital assets.
  • Guidelines apply and contextualize standards for real world use.
Icon of a contract with a pen and signature.

Policies

Policies set the foundation for information security governance at U of T. They provide an overarching direction for all University community members regarding protection of information and digital assets.

Learn about our policies
Icon of a contract with a pen and signature.
Icon showing information security: two hands cradling a green shield with a white checkmark.

Standards

Standards consist of baseline control statements endorsed by the University’s Information Security Council. They support security policies by specifying what needs to be done to protect our information and digital assets.

Learn about our standards
Icon showing information security: two hands cradling a green shield with a white checkmark.
Icon of a checklist

Guidelines

Guidelines are best practices and approaches to protect our information and digital assets.

Learn about our guidelines
Icon of a checklist