Information Security Guidelines

The Information Security Guidelines service offering provides information security standards as a guideline to ensure the University of Toronto’s information systems and personal information is not compromised.

Incident Response

The Incident Response service offering monitors for and responds to notifications of compromised UTORid accounts, potentially compromised systems and phishing or other malicious emails. Additionally, it manages or facilitates and provides guidance for information security incidents.

Internet Blocks

The Internet Blocks service offering protects University of Toronto systems against unwanted intrusion or attack by internet hosts due to malware infection (botnet), virus/worm propagation, denial-of-service attacks, spamming (botnet, open SMTP relay), etc.

Application Risk Self-Assessment

The Application Risk Self-Assessment service offering enables project managers / application developers to assess the security of their application and privacy impact to users of their application through a guided checklist.

Instructional Technology Privacy Impact Self-Assessment

The Instructional Technology Privacy Impact Self-Assessment service offering will allow users of instructional technology to assess the privacy impact to users of the instructional technology through a guided checklist.

Web Application Vulnerability Scan

The Web Application Vulnerability Scan service offering identifies vulnerabilities in a web application and provides recommendations to mitigate the likelihood the vulnerability would be exploited.

Divisional Risk Assessment

The Divisional Risk Assessment service offering provides University of Toronto Divisions with a high-level qualitative and quantitative review of their people, processes and technology and the handling of confidential information to determine the current risk posture within a division.

Project Information Risk Management Assessment

The Project Information Risk Management Assessment service offering uses an information risk assessment process to consistently provide University of Toronto projects with an in-depth analysis of the application or vendor under consideration by the project.

Unit Information Risk Self-Assessment

The Unit Information Risk Self-Assessment service offering provides units with a method to determine their own level of information risk and identify for themselves where they plan to commit resources to reduce risk, thereby creating their own Information Risk Management Program.


The UTORGrouper service offering is designed to support delegated role and access management, allowing those best placed to make access control decisions (eg. Business Officer, Project Manager, Divisional and Departmental Staff) to make them directly and have the changes take effect immediately.