Cybersecurity

At UBC, we are responsible for substantial amounts of personal information about students, faculty and staff as well as any other confidential information we hold on behalf of the university. The CIO and the Chief Information Security Officer (CISO) oversee UBC’s efforts to safeguard personal information assets in order to comply with regulations, laws, and policies set in British Columbia.

• UBC Office of the CIO: Policy, Standards & Resources

VARIANCE REQUEST:

• In order to protect UBC’s information assets, UBC’s Chief Information Officer (CIO) has issued binding Information Security Standards that must be followed. Groups that wish to deviate from these Information Security Standards are required to request a variance from the CIO via the Department Head.
• More information can be found in the following link
• Contact: information.security@ubc.ca

PRIVACY IMPACT ASSESSMENT (PIA):

• Since UBC is a public institution, British Columbia’s Freedom of Information and Protection of Privacy Act (FIPPA) requires UBC to conduct a privacy impact assessment (PIA) for all new or substantially modified enactment, system, project, program, or activity that supports UBC business.
• More information, including how to submit a PIA request, can be found in the following link
• Contact: privacy.matters@ubc.ca

SECURITY AND CONFIDENTIALITY AGREEMENT:

• Before anyone who is not a UBC employee can be given access to personal or otherwise confidential/sensitive information held by UBC, they must agree to protect any information they may access and to comply with B.C.’s privacy legislation by signing a Security and Confidentiality Agreement (SACA), or another agreement that contains equivalent requirements.
• More information, including sample agreements, can be found in the following link
• Contact: UBC Legal Counsel, Information and Privacy

The Faculty of Medicine has developed and approved this policy to reduce risk to the Faculty, UBC and our Health Authority partners who host academic activities. The Policy and related procedures apply to all Faculty of Medicine units.

In alignment with UBC’s Information Security Compliance Program, and the Policy & Procedures, all Faculty of Medicine units with their own IT systems will be required to complete a self-assessment of their compliance with Essential Controls. Affected unit IT and administrative leads will be invited to an introductory meeting to the process in the coming months. Departments supported by Digital Solutions will be handled centrally, but will also participate.

The new Policy:

1. Provides clarity on the application of UBC Policies in all Faculty of Medicine units and environments, particularly locations outside of the UBC Vancouver campus;
2. Defines reporting requirements of all staff and contractors performing IT-related duties;
3. Clarifies procedures to ensure compliance with UBC IT related policies and standards; and
4. Promotes efficient and effective use of technology resources within the Faculty.

Why is training on privacy & information security so important?
Nearly every UBC faculty and staff member has access to confidential information, including personal and payment card data. As the loss or disclosure of this information could be very harmful, it’s important for you to know how to protect it.

Who should take the training?
Privacy & Information Security – Fundamentals training is a mandatory requirement for faculty, staff, researchers, student employees and contractors who use UBC Electronic Information and Systems.

Privacy & Information Security – IT Professionals training is a mandatory requirement for faculty, staff, researchers, student employees and contractors who are Technical Owners of UBC systems and University IT Support Staff.​

• TRAINING:
  Privacy & Information Security Fundamentals Part 1
• TRAINING:
  Privacy & Information Security Fundamentals Part 2
• TRAINING:
  Privacy & Information Security IT Professionals
• WORKSHOP:
  Monthly Workshops