Message of EVP on Implementation of University-wide Information Security and Data Management (ISDM) Policy

Dear Colleagues,

A study completed last year by PricewaterhouseCoopers concluded that the University’s level of maturity in data management is low, and went on to make a number of recommendations to improve the situation.  These recommendations are as follows:

  1. To proceed on establishing the Information Technology Policy Committee (“ITPC”) under Council as the Strategy Governance on Information Policy which covers Information Security and Data Management.
  2. To reposition the Central Compliance Team for Personal Data Protection as Information Security and Data Management Sub-committee of the ITPC to serve the wider functions as the Operational Governance on Information Security and Data Management.
  3. To continue the work of the Task Force on Management of Research Data and Records related to research data management.
  4. To continue the current role and functions the University Data Protection Officer as the policy oversight on protection of personal data and the related advisory.
  5. To re-organise the Information Security Team of IT Services to function as the Data & Security Team in providing the oversight for data and information security compliance (including personal data).
  6. To implement the University-wide Information Security and Data Management Policy with 3 lines of defence through three phases of development.

These recommendations have the support of the Task Force on University Data Policy, the Senior Management Team, Information Technology Committee and the Senate. Cyber-security is a major risk affecting the University and the introduction of this policy is crucial to the University’s future success.

A series of briefing sessions will be held in June for the departmental Information Security and Data Management (“ISDM”) coordinators to be nominated by departments/offices/work units.  After that, training sessions on the principles and practices of data classifications and data inventory management, in the context of the University’s ISDM Policy, will be organised from July to October for the data owners/stewards, custodians of departments/offices/work units.  ITS will coordinate the initiative and announce details of the arrangement in due course as the progress moves forward.   Please visit the website: for more information.

This is an extremely important initiative and I am grateful for your support.

Thank you very much.

Yours sincerely,

Dr. Steven J. Cannon
Executive Vice-President
(Administration and Finance)

May 24, 2017