Purpose

To outline the authority and responsibilities for standards associated with Computing Resources at Memorial University.

Scope

University Owned Computing Resources.

Definitions

Authorized User — An individual permitted by a responsible Unit or University employee to make use of University Computing Resources. Authorized Users include faculty, staff, students, contractors, sub-contractors, consultants, retirees, alumni, and Guests who have an association with the University that grants them access to University Technology Resources.

Cloud — Internet-based computing provided by a third party for computer processing resources and/or data storage.

Computing Resource(s) — All devices (including, but not limited to, desktops, laptops, tablets, phones, USB keys, hard drives) which are used to access, process, or store University Electronic Data. Computing resources are those used for University business and may be: single- or multi-user; individually assigned or shared; stand-alone or networked; stationary or mobile.

CTS — Campus Technology Services. The various technology service providers for Memorial University campuses (Marine Institute Information and Communications Technologies (ICT), Grenfell campus Information Technology Services (ITS), Harlow campus systems, St. John's campus Office of the Chief Information Officer (OCIO)).

IT-Classified Staff — Employed by the various technology service providers for Memorial University campuses (Marine Institute Information and Communications Technologies (ICT), Grenfell campus IT Services (ITS), Harlow campus systems, St. John's campus Office of the Chief Information Officer (OCIO), Labrador Institute (OCIO), Gander and Grand Falls Nursing Satellite Sites (OCIO)) and Select Units with Director/Head and Human Resources approval to provide local IT Support).

Sensitive Electronic Data — Electronic data that has been designated as private or confidential by law or by the University. Sensitive Electronic Data includes, but is not limited to, data protected by the Privacy policy and the Access to Information and Protection of Privacy Act, 2015, SNL 2015, CA-1.2 (ATIPPA), including employment, health, academic and financial records, unpublished research data, third-party business data and all internal or business use only data. To the extent there is any uncertainty as to whether any data constitutes Sensitive Electronic Data, the data in question shall be treated as such until a determination is made by the University or proper legal authority.

Unit Head — For the purposes of this policy, Unit Head is the term used to mean Deans, Department Heads, Division Heads, Heads of Schools, Directors, Executive Directors, University Librarian, University Registrar and other senior administrators at a comparable level; Associate Vice-Presidents and Vice-Presidents, as applicable.

University — Memorial University of Newfoundland.

University Electronic Data — Includes all data that belongs to or is used by the University that is processed, stored, transmitted and/or copied to or from Computing Resources. University Electronic Data may be considered Sensitive Electronic Data depending upon the data type.

University Funds — Funds administered by the University including but not limited to operating funds, research grant funds, PDTER funds and trust funds.

University Owned — All Computing Resources purchased by Memorial University through university funds.

University Technology Resources — Computers, Electronic Devices, networks, data storage, software applications, Cloud solutions, e-mail addresses, websites, domain names and identities that are either owned or funded (in whole or in part) by the University or by funds administered by the University.

Policy

1.0 General

Standards for approved computing device configuration shall be set by the OCIO and reviewed at least annually, with appropriate consultation. The standards may be revised by the IT-Classified Staff in response to technological advancements and user/unit requirements.

2.0 Responsibility

Unit Heads are responsible to ensure compliance with this policy and its related procedures. This responsibility may be delegated. Any such delegation must be in writing.

3.0 Device Configuration Standards and Non-Compliance

IT-Classified Staff are:

• responsible to have training and resources to support equipment that meets defined standards
• to configure and manage Computing Resources
• to provide 'best effort' support, where possible, for equipment that does not meet defined standards
• to have the right, under this policy, to refuse to connect equipment, which does not meet defined standards, to the campus network. See Networks and Communications and Electronic Data Security policies

4.0 Deviations

Requests for deviation from this policy are to be addressed to the CIO, through the Vice-President (Administration, Finance and Advancement). Requests should detail the section of the policy for which the exemption is being sought, and propose compensating controls if any. Requests for exemption must be endorsed by the Unit Head.

Procedures:

There are no procedures associated with this policy.