To enhance overall security, the University’s Administration Committee approved the adoption of 15 new security schedules and the implementation of a risk exception process to improve standardization, guidance, and transparency around the use of technology.
Are you doing your part to keep our community safe from cyber threats? The new security schedules are now in effect, we will be sharing more information about how these changes affect you throughout this year. In the meantime, it is up to the community to familiarize themselves with their content.
Key changes
The new schedules provide a framework following broad areas of technology use. All members of the uOttawa community have responsibilities related to the devices they use to conduct business (workstations, mobile phones, tablets) and around Information security and risk management. Management and IT staff have minimum requirements to meet for server management, and Access and Network management. View the full list of security policies and schedules.
- Information security and risk management
These schedules outline the requirements relating to the management and protection of sensitive or critical information, security training for staff, and the protection of the University's IT assets.- Schedule N - Clean Desk
- Schedule P - Information Security Risk Assessment
- Schedule S - Security Awareness and Training
- Schedule W - Vulnerability Scanning
- Schedule X - Web Application Security Assessment
- Access and network management
These schedules provide guidance regarding the use and management of privileged access to IT Systems and Services, permitted authentication methods, and the security of the University's wireless network.- Schedule L - Privileged Account Usage on End-User Devices
- Schedule M - Privileged Access to IT Systems and Services
- Schedule V - Multi-factor Authentication
- Schedule Y - Wireless Communication
- Management of workstations and printers
If you use a workstation and/or printers owned or managed by the University of Ottawa, the new schedules outline hardware and software configurations, permitted uses, software installations, physical access, and protection of information.- Schedule Q - Patch Management
- Schedule R - Printer Security
- Schedule U - Software Installation
- Schedule Z - Workstation Security
- Server management
If you own or manage University of Ottawa servers, these schedules outline hardware and software configurations, and list minimum security requirements for servers.- Schedule Q - Patch Management
- Schedule T - Server Security
- Schedule W - Vulnerability Scanning
- Schedule O - Generating and Maintaining System Logs
Implementation
These policies and schedules apply to all active systems and IT initiatives underway at the University. We are working with the community towards compliance for all University IT assets and practices. Your commitment towards these security schedules enhances our overall cybersecurity posture, resilience against cyberthreats and transparency around known risks.
Information sessions will take place later this year.
Questions and Comments
The University is committed to enhanced security and the implementation of these new schedules. For any questions or comments, contact us through the IT Service Portal.