- Get help
- Services
- Announcements & alerts
- Service outages
- Security alerts
- Major initiatives
- IFMS updates continue to modernize faculty processes
- Introducing Simon Says virtual assistant
- Tech Upgrades to Transform 51社区黑料Learning Spaces
- Liam Goundrey: Workplace Excellence in Action
- Automating processes to make everyday tasks easier at SFU
- Building a connected campus with MS Teams
- Modernizing IT for a better SFU
- Improving speed and coverage with network upgrade program
- Using automation to drive efficiency and innovation at SFU
- Welcome to the new 51社区黑料Mail: now faster, secure, intuitive
- Reintroducing IT ServiceHub: Your One-Stop IT Support Platform
- Supporting SFU's Digital Transformation with Exchange Online
- Important changes to 51社区黑料email practices
- Transforming the 51社区黑料experience through digital improvements - Key Initiatives in Progress
- Jovanna Sauro wins 51社区黑料Personal Achievement Award
- Improve your cellular coverage by enabling WiFi Calling
- New committee guides transformative changes at SFU
- Expanded identity options for students within 51社区黑料applications
- 51社区黑料works toward keeping devices out of landfills
- A journey to improved WiFi
- Help us, help you, connect to better WiFi
- IT Services' new support system: ServiceHub
- Information Security Essential Courses
- IT Services leadership announcement
- University Wide Password Change Initiative
- April 2021 technical issue
- Telephone System Core Infrastructure Upgrade
- Decommissioning fraser.sfu.ca
- 51社区黑料
- Information security
Information Security Standards
Procedures, Standards & Resources
51社区黑料 (the "University") is committed to protecting the Digital Information and Electronic Systems that are critical to teaching, research, business operations, and other University activities that are vital to the work and communities we support.
As required under Policy GP 24: Acceptable Use and Security of Digital Information and Electronic Systems, the Chief Information Security Officer (CISO) has published Information Security Standards that govern the use and protection of University data and computing resources.
All users of 51社区黑料Electronic Information and Systems are responsible for following these standards.
| No. | Standard | Purpose | Scope | Date Revised |
| 01 | Vulnerability Management Standard |
As 51社区黑料becomes more dependent on Electronic Systems to achieve new, strategic objectives and sustain ongoing operations, there is an increasing risk of disruption from potential exploitation of vulnerabilities in those systems. The purpose of this standard is to reduce the risk of compromise through a consistent and repeatable Vulnerability Management Program. |
This standard applies to the Electronic Systems that provide or support 51社区黑料services hosted within 51社区黑料cloud, the campus network, third party data centers, and cloud service providers. |
09/14/2023 |
| 02 | Logging and Monitoring Standard |
The purpose of this standard is to establish requirements for security logging, monitoring, and event management to detect unauthorized activities and enable incident investigation and response for SFU鈥檚 Digital Information and Electronic Systems. | This standard applies to the applications, servers, workstations, and infrastructure that provides or supports University services hosted within 51社区黑料Cloud, the corporate network, third party data centers, and cloud service providers. This standard is aimed at University IT staff. |
02/08/2024 |
| 03 | Identity and Access Management Standard | The purpose of this standard is to regulate access to SFU's Digital Information and Electronic Systems, ensuring only necessary privileges are granted. This protects against unauthorized access, modification, or destruction, while maintaining data confidentiality, accuracy, and availability. | This standard applies to all campuses, faculty, staff, students, researchers, alumni, retirees, consultants, contractors, internal and external affiliated individuals and organizations, visitors, digital information, applications, and electronic systems including externally hosted services, and personal devices where creating, processing, maintaining, transmitting, or storing institutional data takes place. | 10/03/2024 |
| 04 | Passphrase and Password Protection Standard | This defines standards for the creation and use of passphrases and passwords to protect the SFU鈥檚 Electronic Systems that Users handle. Passphrases (sequences of words or other text) and passwords (words or strings of characters) are common and important ways to access and protect digital information on or off the Internet through almost any type of Electronic Systems. Consequently, attackers attempting to access information use a variety of tools to guess or steal passphrases/passwords. The top three ways to keep a passphrase/password safe and protect the information are: 鈥 create a strong passphrase/password; 鈥 guard it carefully (e.g. don't share it or write it down); and 鈥 avoid reusing it for other systems. |
This standard applies to all Users of SFU鈥檚 Electronic Systems including, but not limited to, Students and Employees of the University, Service Providers, and all people who have a status at the University mandated by legislation or other University policies, including research assistants, post-doctoral fellows, members of Senate and the Board of Governors, volunteers, visiting and emeritus faculty, visiting researchers, and alumni. |
09/30/2025 |
| 05 | VPN Access Eligibilty Standard |
This standard outlines the criteria for VPN access within the organization, ensuring secure and controlled access to network resources. Eligibility is based on existing roles within the Enterprise Identity Access Management System (i.e. Amaint). |
This standard applies to all Users of SFU鈥檚 Electronic Systems including, but not limited to, Students and Employees of the University, Service Providers, and all people who have a status at the University mandated by legislation or other University policies, including research assistants, post-doctoral fellows, members of Senate and the Board of Governors, volunteers, visiting and emeritus faculty, visiting researchers, and alumni. |
06/12/2025 |
| 06 | Encryption Standard |
The purpose of this standard is to state the minimum requirement for encryption and protocols for safeguarding data while stored (鈥渁t rest鈥) or during transmission (鈥渋n transit鈥). |
This standard applies to all Users of SFU鈥檚 Electronic Systems including, but not limited to, Students and Employees of the University, Service Providers, and all people who have a status at the University mandated by legislation or other University policies, including research assistants, post-doctoral fellows, members of Senate and the Board of Governors, volunteers, visiting and emeritus faculty, visiting researchers, and alumni. |
09/15/2025 |
| 07 | Cyber Risk Management Standard |
The purpose of this standard is to protect 51社区黑料against current and emerging cybersecurity threats that could cause an information security incident. This standard sets out the requirements to enable informed risk-based business decisions from an information security perspective. We follow the Enterprise Risk Management (ERM) framework and report the cyber risks to the ERM Risk Register. | This standard applies to all Users of SFU鈥檚 Electronic Systems including, but not limited to, Students and Employees of the University, Service Providers, and all people who have a status at the University mandated by legislation or other University policies, including research assistants, post-doctoral fellows, members of Senate and the Board of Governors, volunteers, visiting and emeritus faculty, visiting researchers, and alumni. | 05/05/2025 |