Skip to navigation content (Press Enter).

University Technology Services

Information Integrity & Security Policy

Complete Policy Title: Information Integrity & Security Policy
Policy Number:
Approved by: COG
Date of Most Recent Approval: March, 1994
Revision Date(s):
Position Responsible for Developing
and Maintaining the Policy:
Director, CIS
Contact Department: University Technology Services
DISCLAIMER: If there is a discrepancy between this electronic policy and the written copy held by the Policy owner, the written copy prevails.

Accurate, complete and timely information which is used properly is essential to the effective functioning of the University. The University Information Integrity and Security Policy provides a framework within which information resources are managed. An information resource is the total system that is needed to deliver information as a customer service and a University information resource is one which is of significance to the University by reason of its size, distribution or strategic importance. All forms of an information resource (computerized and other) are covered.

There are many different individuals and departments who contribute to the information technology infrastructure at the University. An appropriate level of management planning, control and coordination is necessary, as it would be for any other University asset.


    The purpose of this policy is to provide an overall context for the creation, maintenance and use of University information resources.

  • GENERAL Policy

    The University will ensure that information is kept safe from loss, and secure from interference of unauthorized or improper access, while delivering it, as required, for the University's business. All participants in information resources will have clear responsibilities. The University's information resources will be developed in conformity with University standards.

    Other Relevant Policies

    (A) Information Resource Accountablity Policy

    The administration of an information resource is a partnership of custodians, managers and customers. Custodians are responsible for creating an information resource. Managers are responsible for managing and administering an information resource according to rules set by the Custodian. Customers need to use an information resource for a stated purpose. It may be appropriate to have multiple custodians and/or managers of an information resource. The information contained in an information resource may be subject to confidentiality requirements under University policies or legislation including the INCOME TAX ACT, and to liabilities pertaining to unauthorized use of information resources identified in sections 301.2 and 387.1.1 of the CRIMINAL CODE OF CANADA. The use of information resources must conform to such requirements. The loss of corruption of University information could result in serious problems for the University's operation and financial losses. Information must be protected against accidental loss.

    The purpose of this policy is to identify the extent of the University's concern over information security. It also described the policies and procedures by which the data integrity, security and privacy is maintained.

    An information resource shall have an identified custodian, manager and customer. Each will have defined responsibilities. Situations where one or more responsibilities reside in the same person(s) should be examined carefully because separation of responsibility is normally necessary for proper accountability.

    The Custodian shall:

    1. Judge the value of the information resource and amange it according to the Information Resource Standards Policy;
    2. Classify information according to the need for confidentiality. The normal classifications used at McMaster are:
      • Public - available to anyone
      • University - restricted to University and other specified persons or agencies on a need-to-know basis
      • Private - restricted to the collector(s) or originator(s)
      • Personal - information relating to an identifiable person. Within Personal information items may be Public, University or Private
    3. Ensure that information which is not public is subject to appropriate access policies and controls, and establish precedent cases for managers to follow in granting access. By default, all Personal information is Private and all other information is Public;
    4. Evaluate the cost-effectiveness of information resource controls;
    5. Plan integration and information resource sharing strategies within an institutional context; and
    6. Establish and publicize appropriate procedures to ensure that relevant policies are complied with.

    The Manager shall:

    1. Act on the specifications defined by the Custodian;
    2. Administer and monitor access to the information resource according to all applicable policies and procedures as specified by the Custodian and the University;
    3. Interpret and enforce the custodian's specifications for controls and procedures that are also communicated to the information resource customers;
    4. Make arrangements for the continuity of information resource availability should any faults cause a service disruption;
    5. Establish and observe appropriate procedures to ensure that relevant policies are complied with.

    The Customer shall:

    1. Ensure that the information resource that they have been granted access to is used for the agreed purpose and not made available to non-approved customers or information resources;
    2. Direct persons from within or outside the University, seeking access or use of an information resource, to the Manager;
    3. Observe all appropriate access and acceptable use policies;
    4. Observe appropriate procedures to ensure that relevant policies are complied with.

    (B) Information Resource Standards Policy

    Information technology systems are increasingly conforming to industry standards (open systems) to permit greater interoperability and decreased reliance on single-source components. As technology develops the responsibility for the creation and maintenance of information resources is becoming distributed.

    To ensure that all information resources adhere to standards adopted by the University to increase seamless and cost effective information sharing and reliability.

    The Custodian of an existing or proposed information resource shall:

    1. Ensure that all information resources comply with University standards as shall be established from time-to-time on the recommendation of the CIO. Exceptions may be granted only in exceptional circumstances;
    2. Ensure that prior to the creation or purchase of an information resource all parties who would be affected by or could benefit from that resource are consulted;
    3. Ensure that information resources that may be created by employees are subject to the University's policies on ownership and copyright.

Service Bulletins

Citrix Receiver Client Update

UTS asks Citrix users to upgrade Citrix Receiver Client to the most current version by February 28, 2017. See UTS Citrix website for installation and removal information.

Mosaic Upgraded Interface

Service Desk

Client Self Service:
Hours: Monday - Friday
8:30 am - 4:30 pm
Phone: 905-525-9140 x24357 (2HELP)
Location: Main Campus BSB Rm. 245
Service Catalogue:

Great Idea Site

Great Idea