Overview and Key Features:

Research cyber security consultations are virtual (or, if required, in person) meetings between RISP and researchers, research-supporting staff, project teams or students. During a consultation, RISP will answer your security questions/concerns and provide you with current guidance based on the University of Toronto’s policies, standards, procedures and guidelines, as well as general cyber security best practices.

   Getting Started:

Open an Enterprise Service Centre ticket to contact the Research Information Security Program.

   Get Help:

Cyber and Data Security

• Open an Enterprise Service Centre ticket to contact the Research Information Security Program.

Geopolitical and collaboration risk

• Contact the Research Security team: research.security@utoronto.ca.

Resources

• Information Security Handbook
• Data classification decision tool for research
• Research Information Security Program
• Research Security team
• Centre for Research Innovation and Support (CRIS)
• Research Data Management, Univeristy of Toronto Libraries (UTL)

 Overview and Key Features:

The Privacy Impact Assessment (PIA) service allows users of information technology to assess the impacts and risks related to the use of personal information for staff, faculty and students. PIAs are done as part of vendor and application reviews to identify privacy and compliance risks. However, it is recommended that any changes to data flows to existing processes also undergo PIAs to avoid non-compliance with FIPPA requirements.

   Getting Started:

• For assessment inquiries, open a ticket on the Enterprise Service Centre (ESC).

   Get Help:

Privacy policy guidance

• Learn how to read a privacy policy.

Freedom of Information and Protection of Privacy (FIPP) Office

• Visit the FIPP Office website for information about privacy protection.

Contact the Security team with questions at security@utoronto.ca

    Overview and Key Features:

The information risk assessment is a systematic evaluation process designed to identify, analyze and manage potential risks associated with projects and vendors (applications, hardware, service providers or any other vendors where data collection, storage or transfer may be involved). Regular risk assessments allow organizations to stay ahead of potential vulnerabilities, ensuring that the mitigation, avoidance, acceptance or transfer of identified risks remains effective over time.

This assessment is a proactive measure to enhance information security practices and maintain a resilient and secure environment at U of T. It is a valuable tool for those involved in projects and vendor relationships, such as project teams, departments and vendors engaged with the University, and it promotes a culture of risk-aware decision-making and continuous improvement.

   Getting Started:

• Open a ticket for an assessment

Get Help:

• For assessment inquiries, open a ticket on the Enterprise Service Centre.

   Information Security Handbook

Explore the handbook to get actionable steps and helpful information for your cyber security questions and requirements. This handbook is a trusted resource created by the Information Security team for the U of T community.

Visit the Information Risk Assessment guide for more information.