Guidelines & directives
In the development of Concordia's information security program, and through consulation with the community, the following guidelines and directives have been drafted for feedback
The goal of the information security program is to affirm the University’s commitment to ensure the security of all Institutional Data and Institutional Information held by the University, in compliance with applicable laws and regulations. The Policy also sets out the governance structure and the units and/or teams responsible for ensuring the security of information.
To help with the implementation of the Information Security Policy (VPS-33), IITS develops policy-related guidelines and directives which include user and technical management standards and procedures to help ensure Concordia’s information security:
Directives
These directives pass through the consultation and approval process before they will become implemented for the entire university community.
| Reference | Directive | Feedback period |
|---|---|---|
| VPS-33-D01 | User Access Provisioning, Deprovisioning and Transfer | Winter 2023/24 |
| VPS-33-D02 | Reporting of Information Security Incidents | Winter 2023/24 |
| VPS-33-D03 | Passwords and Passphrases | Winter 2023/24 |
| VPS-33-D04 | Vulnerability Management | Winter 2023/24 |
| VPS-33-D05 | Logging and Monitoring | Coming soon |
Guidelines
These guidelines pass through the consultation and approval process before they will become implemented for the entire university community.
| Reference | Directive | Feedback period |
|---|---|---|
| VPS-33-G01 | Backup Management | Winter 2023/24 |
These policy-related resources are subject to periodic reviews to adapt to changing expectations and risks. We encourage you to provide feedback by email to ciso@concordia.ca.