ºÚÁÏÍø±¬³Ô¹Ï
Why is this important?
Visitors need to be confident our sites are secure and their privacy is protected.
Legislation and policy
ºÚÁÏÍø±¬³Ô¹Ï staff are subject to Quebec and Canadian laws and ºÚÁÏÍø±¬³Ô¹Ï’s policies concerning information security and maintaining the confidentiality of personal information.
In addition, anyone who processes, transmits or stores credit cards information in an unsecure and unauthorized manner may be found in violation of financial confidentiality laws and expose themselves to legal liability. If you need to collect payment, please get in touch with Financial Services.
Christopher Manfredi, Provost and Vice-Principal Academic, describes the responsibility of all academics to uphold ºÚÁÏÍø±¬³Ô¹Ï's information security
Visit ºÚÁÏÍø±¬³Ô¹Ï’s cybersecurity websiteÌýSecure your journeyÌýfor additional tools and resources.
Checklist of things to do
- Create secure webpages and webforms that properly protect users' personal data.
- Adhere to ºÚÁÏÍø±¬³Ô¹Ï's Essential web security guidelines for site owners.
- Don't display or email people's confidential information (unless it's using ºÚÁÏÍø±¬³Ô¹Ï's official email).
- Don't identify student names without their written consent, e.g. on Research web pages, do not list student participants.
- Don't share sensitive or restricted data on unauthorized generative AI tools.
- Microsoft Copilot is currently the only authorized generative AI tool at ºÚÁÏÍø±¬³Ô¹Ï. Refer to the to learn what is acceptable and not acceptable to enter into a prompt.
- If you become aware of unsafe practices or vulnerabilities, .
- Ensure your site has a designated sponsor/asset steward.
- Delete/decommission websites when they become inactive and/or are no longer of value.
- Update website access permissions accordingly when your web team members change roles, leave your department or leave the university.
- Use ºÚÁÏÍø±¬³Ô¹Ï usernames and passwords for authentication on ºÚÁÏÍø±¬³Ô¹Ï websites and systems (where possible).
- If authentication is required on ºÚÁÏÍø±¬³Ô¹Ï websites, it should be performed using one of our preferred Single Sign On (SSO) methods, such as SAML, Ìýwith ºÚÁÏÍø±¬³Ô¹Ï’s central identity provider.
- Limit data collection for analytics and user research to interactions around links, buttons and page elements only.
- If linking to information in a cloud service, adhere to instructions in ºÚÁÏÍø±¬³Ô¹Ï's Cloud Directive which describes when and where you can process, transmit and storeÌýºÚÁÏÍø±¬³Ô¹Ï data
Supporting resources
Related sites
How to create secure webforms
Privacy and security policies and guidelines
ºÚÁÏÍø±¬³Ô¹Ï policies and guidelines site owners and managers should be aware of.
Use of information technology
- Policy on the Responsible Use of Information Technology at ºÚÁÏÍø±¬³Ô¹Ï, IT Services
- IT Policies, Directives, Regulations and Standards
- IT Security Incident Response
- Guide to secure web service/servers
- Cloud Services at ºÚÁÏÍø±¬³Ô¹Ï - When acquiring or using a new software app, here's what you need to know...
- Domains and URLs for ºÚÁÏÍø±¬³Ô¹Ï websites
Privacy and personal information
- Cloud Services at ºÚÁÏÍø±¬³Ô¹Ï
- Guidance for safe use of cloud applications at ºÚÁÏÍø±¬³Ô¹Ï
- Information Security Reminder, Enrolment Services
- Information security, IT Services
- IT Governance - Data Classification Document from the Secretary General
- ºÚÁÏÍø±¬³Ô¹Ï's Cloud Directive
- Privacy Notice, ºÚÁÏÍø±¬³Ô¹Ï
- Protection of Personal Information, Student Rights and Responsibilities