IT policies are an important foundation to protect Â鶹AV’s data and Â鶹AV’s IT resources, such as Cloud Services, software, hardware or voice communications systems. The policies:
- Reflect and uphold Â鶹AV’s mission and principles
- Indicate how to preserve confidentiality and integrity of our personal and institutional data (enterprise and research)
- Guide our community in making informed decisions. There are other types of governing documents, such as directives, regulations and standards, that we need to abide by. To understand the subtle differences, see below.
Reasons why we need to follow IT policies
- The Quebec and Canadian governments have passed laws to protect the privacy rights of citizens through several laws & regulations. Â鶹AV’s policies reflect these laws & regulations, and it is our individual and collective responsibility to be vigilant and compliant.
- Many of us use sensitive data, such as student records, employee files, medical records, or data collected through research. This data is at risk of being exposed and used without user consent. Whether you are using a university-owned device (for instance laptop or mobile) or a personally-owned one, you need to keep sensitive data safe, and IT policies identify what must be done to mitigate the risks of data loss, theft and corruption.
- Many of us use licensed software. When you use, copy, distribute, modify or sell software in a way that is not permitted by the terms of use (i.e. software license), you are engaging in an unlawful activity (software piracy). Every member of the Â鶹AV community must use software lawfully, since we are bound by the agreements that we implicitly or explicitly agree to.
What happens if we don't follow IT policies?
Policies can be seen as a constraint, and the impact of not following them may be intangible or invisible. However, as much as we try to shield our Â鶹AV community members, there are repercussions when a Â鶹AV community member doesn’t respect an IT policy. These members may put themselves and their unit at risk if they circumvent the safeguards required by these policies, and this may lead to security incidents, data breaches or software piracy.
To avoid financial penalties, legal actions, sanctions and reputational risk to yourself and Â鶹AV, every member of the Â鶹AV community must comply with the IT Policies.
Can a Â鶹AV community member make suggestions to improve an IT policy?
Yes, we encourage members of the Â鶹AV community to make suggestions for improvement. Suggested changes will be assessed, and revisions to the policy will take place when and if appropriate.
Who to contact with questions or comments about an IT Policy?
If you have any questions or comments about the IT policies, please email itgovernance.its [at] mcgill.ca
Definitions
The difference between Policies, Regulations, Directives and Standards is as follows:
- Policies describe, to the Â鶹AV community members, the University’s position on a subject matter and articulate each member’s responsibilities in upholding the University’s mission and principles.
- Regulations are similar to policies but they are more administrative and prescriptive in nature. They impose sanctions upon those who don’t respect the regulation.
- Directives provide specific instructions or directions to support higher-order policies or regulations.
- Standards provide Â鶹AV mandatory requirements, codes of practice, or specifications.
For more information, see the Policy for the Development and Review of Governing Documents.