New IT Security Policy

By: Jeff Grieve

March 14, 2017

This effort was spearheaded through the Working Group on Information Security (WGIS) and was intended to simplify and streamline Western’s IT Security policy and procedure framework into a single more accessible source of information.  In support of the launch of the new Policy, ITS has been working with Communications & Public Affairs on a series of communications events designed to orient members of the Western community to the Policy, including key elements and additional support resources.    Protecting the privacy and security of information and electronic resources at Western is an organizational priority.  Technology is an integral component of all campus operations.    The responsibility for information security at Western is shared by every member of the campus community. 

Information about the new IT Security Policy (MAPP 1.13) can be found at  You can also print/download a tri-fold information summary pamphlet at

Through positive information security behaviours we can all assist in protecting our valuable research, teaching and administrative resources.   Here are is a quick “Top 10” summary of the key things that you need to know about the policy:

  1. Users should be aware, that the university does not guarantee security - users should always engage in “safe computing” practices. 
  2. The university shall disclose any breach of the security of an information system to any individual whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person.
  3. Any computer or network security incident that potentially involves criminal activity shall be reported to Campus Community Police.
  4. Everyone who connects a computer to university computing resources has the potential to affect the security of those resources. 
  5. Encryption of wireless communications is required for all staff and faculty at the university. 
  6. All users are responsible for classifying the data that they are using in their environment in accordance with the data classification definitions.
  7. Users are responsible for ascertaining what authorizations are necessary and for obtaining them before proceeding.
  8. Unit Heads, including Directors, are responsible for ensuring that security policy is implemented within the unit.
  9. Individual users of computing resources must be familiar with, understand, and comply with relevant laws, policies, and procedures governing their use of the university’s computing resources.
  10. When engaging in electronic communications with persons in other jurisdictions or on other systems or networks, be aware that they may also be subject to the laws of those other jurisdictions and the rules and policies of those other systems and networks.

Published on  and maintained in Cascade CMS.