Procedure 17-3

Electronic Monitoring

Responsible Service:
Information Technology

Date and Instance of Approval:
December 7, 2023
Vice-President, Finance and Administration

PURPOSE
1. This Procedure is established pursuant to University Policy 132 – Electronic Monitoring of Employees (“Policy 132”) to provide a table (see Section 3 of this Procedure) to inform Employees on the types of systems used by the University that can generate data about Employee activity or location (as referred to in Section 5.3 of Policy 132).
DEFINITIONS
1. Capitalized words or expressions used in this Procedure, that are not defined in this Section 2 are defined in Policy 132.
2. For the purposes of this Procedure,
  1. “Firewall” refers to hardware and software that allows or denies network traffic from one segment to another and inspects network packets as they move from one segment to another.
  2. “Virtual Private Network” or “VPN” refers to software that creates an encrypted communication link to a remote network.
  3. “Web Gateway” refers to hardware or software sitting between the users and the Internet, web gateways inspect web requests against software policies and security rules to ensure malicious applications and websites are blocked and inaccessible.
TABLE
1. The table below is intended to give examples of the types of systems that can generate data about Employee activity or location (as referred to in Section 5.3 of Policy 132); and to generally describe how Electronic monitoring might occur if the University exercises its right to engage in Electronic monitoring (as per Section 5.4 of Policy 132). The table is not exhaustive and is provided as an example/illustration.
2. In each example in the table below, the purpose of the use of information obtained is typically for the purposes of, and those consistent with, protecting University assets, resources, and data, the University’s compliance with University Policies and Procedures or with its contractual obligations or Applicable Law. The table provides additional purposes that may apply.

Category	Sub-Category	Purpose (s) - additional to those mentioned in section 3.2 above
computer software	support and service provision software (e.g., live chat, IT or HR support ticket system). Also, the features integrated into service provision software, such as those, intended to capture client satisfaction	service improvement, supporting ongoing program development
	internal enterprise management software and applications (e.g., finance, HR tools, e-commerce sites)	service delivery
	learning Management Software, proctoring software, and other education-focused software tools.	compliance with University Policies and Procedures, academic evaluation, delivery of University programs and services
	library resource reservation and access	access to library resources, assessing library service offerings, helping in planning for future offerings.
	library resource reservation and access	access to library resources, assessing library service offerings, helping in planning for future offerings.

Category	Sub-Category	Purpose (s) - additional to those mentioned in section 3.2 above
productivity tools	University-owned mobile and telephony devices	inventory management, billing, quality assurance
	registration tools for special events, learning, and professional development activities	attendance and participation in University event or activity
	business productivity software with cloud integration	collaboration
	print servers	aggregated usage statistics to ensure service delivery and billing
	mail campaign	promotion and marketing
	software for remote IT support and assistance	service delivery and service management

Category	Sub-Category	Purpose (s) - additional to those mentioned in section 3.2 above
research tools	library and research applications	University research funding obligations and to support researcher publication activities.
	data collection software including survey software, statistical software, etc. with named licensing	license compliance
	monitoring tools for specific equipment and facilities	safety of University equipment, property or safety of persons.

Category	Sub-Category	Purpose (s) - additional to those mentioned in section 3.2 above
network security tools	Virtual Private Networks (VPN) and Web Gateways	protection and proper operation of University IT assets and IT resources, issuing alerts to administrators when unusual activity on the University network is detected, and diagnostic processes are required, network security, network issue diagnosis process and network quality monitoring aggregated data could be used to monitor building usage statistics or occupancy (ex: number of persons in the library). cybersecurity tool monitors university-issued and personally enabled devices connected to the wireless internet on campus to identify anomalies in network traffic and computer usage that may indicate a cybersecurity incident
	Firewall, intrusion detection systems (IDS) and intrusion prevention systems (IPS).
	network monitoring tools, network logs and server logs, including wireless access points and wired connection.
	wireless internet
	website analytics	aggregate statistical purposes, providing data of when, where, and how users engage with website
	wi-fi location	identifying University network segments that require additional capacity

Category	Sub-Category	Purpose (s) - additional to those mentioned in section 3.2 above
cyber security tools	forensic tools and security information and event management (SIEM)	addressing cybersecurity issues with IT-related systems and associated software, preserving, identifying, extracting, and documenting cybersecurity incidents
cybersecurity prevention system tools and software, including antivirus/malware, endpoint protection software and spam/phishing email prevention systems	protecting and proper operation of University IT assets and IT resource, issuing alerts to administrators when unusual behaviour on systems is detected, and diagnostic processes are required, verifying compliance on the University network
device management software	enabling device management and configuration management for IT supported staff and faculty devices, verifying security compliance of device

Category

Sub-Category

Purpose (s) - additional to those mentioned in section 3.2 above

cyber security tools

forensic tools and security information and event management (SIEM)

addressing cybersecurity issues with IT-related systems and associated software,

preserving, identifying, extracting, and documenting cybersecurity incidents

cybersecurity prevention system tools and software, including antivirus/malware, endpoint protection software and spam/phishing email prevention systems

protecting and proper operation of University IT assets and IT resource,

issuing alerts to administrators when unusual behaviour on systems is detected, and diagnostic processes are required,

verifying compliance on the University network

device management software

enabling device management and configuration management for IT supported staff and faculty devices,

verifying security compliance of device

Category	Sub-Category	Purpose (s) - additional to those mentioned in section 3.2 above
physical security and location	perimeter access to buildings and interior room doors, proximity ID card readers for access control; used with employee identification cards, badges, key cards, FOBs, etc.	facility and physical security
	intrusions alarms	issuing alerts to Protection Services of a possible intruder to a University facility.
	parking enforcement	verifying compliance to University traffic and parking rules and other University Policies and Procedures.
	video surveillance systems	safety and security of persons and University property. supporting investigations of allegations regarding unlawful activity, breach of a University obligation, non-compliance with University Policies and Procedures or non-compliance with Applicable Law.
	gate counter	occupancy monitoring, service usage monitoring.