AV天堂

Skip to main content
People Departments Maps Buildings Rooms A-Z
University
of Victoria
Apply Library
Sign in Online tools Sign out
Information security

Transparency

University Systems is responsible for providing a secure digital campus for UVic. This page outlines the steps we take to do that.

You can also read our statements on acceptable use of technology and data privacy.

Acceptable use of technology Data privacy and cloud services

Protect

The best way to protect our digital campus is to be proactive. Here are some examples of how we do that:

  • We maintain secure NetLink ID sign in services for all our online services.
  • We encourage use of passphrases instead of passwords. A passphrase is more secure than a password because it's longer than a single word.
  • Duo Multi-Factor Authentication is enabled for all student and employee NetLink IDs.

Privacy controls

  • We only collect personal information for necessary services.
  • We maintain strict control over who can access your personal information.
  • We only share personal information with third-party software and service vendors if it's required.

Read our data privacy statement for details.

Our email service:
  • requires a passcode for adding @uvic.ca addresses to mobile devices
  • only allows connections from email clients with modern authentication protocols
  • allows all users to report suspicious emails

We use email security tools to:

  • identify and block malicious senders
  • quarantine malicious links and files
  • move spam messages to your junk email folder
  • warn you when a sender is untrusted or appears to be impersonating a person or office at UVic

  • UVic Wi-Fi requires an active NetLink ID to sign in. Only trusted devices can connect to our network.
  • We block network connections for devices with insecure and unsupported operating systems.
  • Systems that store private or confidential information can only be accessed through the UVic wired network, secure UVic Wi-Fi or through the UVic VPN service.
  • We use firewalls to block network connections to malicious websites and downloads.
  • Our network equipment is regularly patched and upgraded to meet current standards.

  • Systems that we manage are available 24 hours a day, 7 days a week, except for service outages.
  • To avoid vulnerabilities, we regularly patch and update the systems that we manage.
  • We strictly limit system access to authorized system administrators and information security staff.
  • We work with vendors to resolve problems that are outside of the scope of what we manage.
  • We follow UVic's when deploying new services.

UVic managed devices are computers, tablets and smartphones owned by UVic and supported by University Systems IT Support staff.

Our device management includes:

  • requiring active NetLink IDs for sign in
  • endpoint protection and full-disk encryption on all computers
  • providing self-service software installation for popular desktop apps
  • software and security updates applied with device management software
  • the ability to track and erase user data from devices that are lost or stolen
  • secure disposal of decommissioned storage devices like hard drives

We follow UVic policies and procedures when deploying or decommissioning managed devices.

UVic provides online learning resources like and annual staff privacy training.

Other training tools we use include:

Monitor

We're required to monitor UVic systems and services where necessary for security purposes. Access to monitoring tools and data is strictly controlled. We maintain audit logs of system access to ensure security and accountability within the system.

We will:

  • monitor systems to detect, report and stop potential information security incidents
  • use alerts to help us report known issues and outages
  • use automated systems to monitor network traffic and flag suspicious activity
  • lock compromised accounts to prevent unauthorized access
  • log all compromised account evidence to mitigate the risk of future breaches

Assess

We perform duties outlined in UVic's institutional policies and procedures such as technical approval, security reviews and responding to security incidents.

University Systems regularly assesses our systems and services against our information security standards.

Information security standards

Our information security standards are a set of guidelines we use to manage UVic's digital infrastructure. They're designed to ensure confidentiality, integrity and availability of university information. These standards are reviewed and updated regularly.

Only available to UVic employees.

Cloud security standards

Our cloud security standards are security controls used to protect personal information and UVic data when using cloud services. They help us ensure our third-party partners are maintaining secure software environments and privacy controls.

Only available to UVic employees.

Respond

University Systems may assist in investigations. For example, we might examine system logs for evidence of a security breech or misconduct. We won’t disclose personal information unless required by law or UVic policy.

University Systems will block an account or device from accessing the UVic network or systems in a response to:

  • information security or privacy incidents involving that account or device
    • we may require assurance or evidence that you’ve made a reasonable effort to secure your account or device before we unblock it
  • violations of applicable laws
  • violations of UVic policies

Get help now

Contact IT support to:

  • Ask questions about information security
Get help