Guidelines & directives
In the development of Concordia's information security program, and through consultation with the community, the following guidelines and directives have been drafted for the community.
The goal of the information security program is to affirm the University’s commitment to ensure the security of all Institutional Data and Institutional Information held by the University, in compliance with applicable laws and regulations. The Policy also sets out the governance structure and the units and/or teams responsible for ensuring the security of information.
To help with the implementation of the Information Security Policy (VPSS-33), IITS develops policy-related guidelines and directives which include user and technical management standards and procedures to help ensure Concordia’s information security:
Directives
These directives pass through the consultation and approval process before they will become implemented for the entire university community.
| Reference | Directive | Status |
|---|---|---|
| VPSS-33-D01 | User Access Provisioning, Deprovisioning and Transfer | Approved - Spring 2024 |
| VPSS-33-D02 | Reporting of Information Security Incidents | Approved - Spring 2024 |
| VPSS-33-D03 | Passwords and Passphrases | Approved - Spring 2024 |
| VPSS-33-D04 | Vulnerability Management | Approved - Spring 2024 |
| VPsS-33-D05 | Logging and Monitoring | Coming soon |
Guidelines
These guidelines pass through the consultation and approval process before they will become implemented for the entire university community.
| Reference | Directive | Status |
|---|---|---|
| VPSS-33-G01 | Backup Management |
Approved - Spring 2024 |
These policy-related resources are subject to periodic reviews to adapt to changing expectations and risks. We encourage you to provide feedback by email to ciso@concordia.ca.