Information Security Policy

Information Security Policy

Legislative History:

Approved on: 7 April, 2014 (Finance and Audit Committee); 28 April, 2014 (Board)

Approval Authority: Board of Governors

Signature: Julia Foster


  1. The purpose of this policy is to protect York University’s information and data resources from accidental or intentional unauthorized access, modification, or damage, while also preserving the open information sharing requirements of its academic culture.


  1. This policy applies to all faculty, staff and third-party agents of the University as well as any other University affiliate who is authorized to access institutional information and data.
  2. This policy applies to all institutional information and data in any format or medium in the custody or under the control of the University including information excluded from the scope of the Freedom of Information and Protection of Privacy Act (FIPPA).


  1. In the course of carrying out its mission of teaching and research and conducting University business, York University or its agents collect, create and maintain information that is sensitive and valuable. The University is responsible for the appropriate handling and protection of this information.
  2. Information handling standards and sensitivity classifications will be created and maintained for all institutional information and data resources. All employees and agents of the University shall ensure that information and data are classified and protected as appropriate for their sensitivity level.


  1. The University President shall authorize standards, classifications, procedures and guidelines as necessary or desirable to give effect to this policy.