Responsible Service:
Information Technology
Date and Instance of Approval:
December 7, 2023
Vice-President, Finance and Administration
PURPOSE
1.1 This Procedure is established pursuant to University Policy 132 – Electronic Monitoring of Employees (“Policy 132”) to provide a table (see Section 3 of this Procedure) to inform Employees on the types of systems used by the University that can generate data about Employee activity or location (as referred to in Section 5.3 of Policy 132).
DEFINITIONS
2.1 Capitalized words or expressions used in this Procedure, that are not defined in this Section 2 are defined in Policy 132.
2.2 For the purposes of this Procedure,
- “Firewall” refers to hardware and software that allows or denies network traffic from one segment to another and inspects network packets as they move from one segment to another.
- “Virtual Private Network” or “VPN” refers to software that creates an encrypted communication link to a remote network.
- “Web Gateway” refers to hardware or software sitting between the users and the Internet, web gateways inspect web requests against software policies and security rules to ensure malicious applications and websites are blocked and inaccessible.
TABLE
3.1 The table below is intended to give examples of the types of systems that can generate data about Employee activity or location (as referred to in Section 5.3 of Policy 132); and to generally describe how Electronic monitoring might occur if the University exercises its right to engage in Electronic monitoring (as per Section 5.4 of Policy 132). The table is not exhaustive and is provided as an example/illustration.
3.2 In each example in the table below, the purpose of the use of information obtained is typically for the purposes of, and those consistent with, protecting University assets, resources, and data, the University’s compliance with University Policies and Procedures or with its contractual obligations or Applicable Law. The table provides additional purposes that may apply.
| Category | Sub-Category | Purpose (s) - additional to those mentioned in section 3.2 above |
|---|---|---|
| computer software | support and service provision software (e.g., live chat, IT or HR support ticket system). Also, the features integrated into service provision software, such as those, intended to capture client satisfaction | service improvement, supporting ongoing program development |
| internal enterprise management software and applications (e.g., finance, HR tools, e-commerce sites) | service delivery | |
| learning Management Software, proctoring software, and other education-focused software tools. | compliance with University Policies and Procedures, academic evaluation, delivery of University programs and services | |
| library resource reservation and access | access to library resources, assessing library service offerings, helping in planning for future offerings. | |
| library resource reservation and access | access to library resources, assessing library service offerings, helping in planning for future offerings. |
| Category | Sub-Category | Purpose (s) - additional to those mentioned in section 3.2 above |
|---|---|---|
| productivity tools | University-owned mobile and telephony devices | inventory management, billing, quality assurance |
| registration tools for special events, learning, and professional development activities | attendance and participation in University event or activity | |
| business productivity software with cloud integration | collaboration | |
| print servers | aggregated usage statistics to ensure service delivery and billing | |
| mail campaign | promotion and marketing | |
| software for remote IT support and assistance | service delivery and service management |
| Category | Sub-Category | Purpose (s) - additional to those mentioned in section 3.2 above |
|---|---|---|
| research tools | library and research applications | University research funding obligations and to support researcher publication activities. |
| data collection software including survey software, statistical software, etc. with named licensing | license compliance | |
| monitoring tools for specific equipment and facilities | safety of University equipment, property or safety of persons. |
| Category | Sub-Category | Purpose (s) - additional to those mentioned in section 3.2 above |
|---|---|---|
| network security tools | Virtual Private Networks (VPN) and Web Gateways | protection and proper operation of University IT assets and IT resources, issuing alerts to administrators when unusual activity on the University network is detected, and diagnostic processes are required, network security, network issue diagnosis process and network quality monitoring aggregated data could be used to monitor building usage statistics or occupancy (ex: number of persons in the library). cybersecurity tool monitors university-issued and personally enabled devices connected to the wireless internet on campus to identify anomalies in network traffic and computer usage that may indicate a cybersecurity incident |
| Firewall, intrusion detection systems (IDS) and intrusion prevention systems (IPS). | ||
| network monitoring tools, network logs and server logs, including wireless access points and wired connection. | ||
| wireless internet | ||
| website analytics | aggregate statistical purposes, providing data of when, where, and how users engage with website | |
| wi-fi location | identifying University network segments that require additional capacity |
| Category | Sub-Category | Purpose (s) - additional to those mentioned in section 3.2 above |
|---|---|---|
| cyber security tools | forensic tools and security information and event management (SIEM) | addressing cybersecurity issues with IT-related systems and associated software, preserving, identifying, extracting, and documenting cybersecurity incidents |
| cybersecurity prevention system tools and software, including antivirus/malware, endpoint protection software and spam/phishing email prevention systems | protecting and proper operation of University IT assets and IT resource, issuing alerts to administrators when unusual behaviour on systems is detected, and diagnostic processes are required, verifying compliance on the University network | |
| device management software | enabling device management and configuration management for IT supported staff and faculty devices, verifying security compliance of device |
| Category | Sub-Category | Purpose (s) - additional to those mentioned in section 3.2 above |
|---|---|---|
| physical security and location | perimeter access to buildings and interior room doors, proximity ID card readers for access control; used with employee identification cards, badges, key cards, FOBs, etc. | facility and physical security |
| intrusions alarms | issuing alerts to Protection Services of a possible intruder to a University facility. | |
| parking enforcement | verifying compliance to University traffic and parking rules and other University Policies and Procedures. | |
| video surveillance systems | safety and security of persons and University property. supporting investigations of allegations regarding unlawful activity, breach of a University obligation, non-compliance with University Policies and Procedures or non-compliance with Applicable Law. | |
| gate counter | occupancy monitoring, service usage monitoring. |