Securely enable world-class teaching, learning and research

The information security framework provides a baseline developed by the community, for the community in consultation with subject matter experts to:

  1. Enable the mission of the University.
  2. Increase trust and reduce risk.
  3. Address regulatory and legal requirements the University must meet.

Learn more about the components that frame information security practices and support informed decision making at U of T below.

Icon showing information security: two hands cradling a green shield with a white checkmark.

Information security standards

Information security standards set the baseline for protecting information and digital assets at U of T. Everyone plays a role in understanding and applying these standards. They support security policies by specifying what needs to be done to protect our information and digital assets.

Digital Asset Classification Standard

This standard defines classification of digital assets. It establishes an expectation for the University to follow and builds upon the Data Classification Standard.

Data Classification Standard

Knowing the criticality of your data is the first step towards adequately protecting it. U of T’s data classification groups U of T data into four levels based on its importance, sensitivity and potential for misuse.

Icon for data classification

Information Security Control Standard

These are controls for securing U of T information and digital assets based on risk. Everyone at U of T is expected to follow these controls to ensure our data and systems are adequately protected.

Icon for Information Security Control Standard

Information Security Incident Response Plan

The Incident Response Plan provides guidance for managing incident response with the primary objective to contain and mitigate the risks and issues associated with computer security incidents.