91µÎµÎ

Updated: Sun, 10/06/2024 - 10:30

From Saturday, Oct. 5 through Monday, Oct. 7, the Downtown and Macdonald Campuses will be open only to 91µÎµÎ students, employees and essential visitors. Many classes will be held online. Remote work required where possible. See Campus Public Safety website for details.

Du samedi 5 octobre au lundi 7 octobre, le campus du centre-ville et le campus Macdonald ne seront accessibles qu’aux Ă©tudiants et aux membres du personnel de l’UniversitĂ© 91µÎµÎ, ainsi qu’aux visiteurs essentiels. De nombreux cours auront lieu en ligne. Le personnel devra travailler Ă  distance, si possible. Voir le site Web de la Direction de la protection et de la prĂ©vention pour plus de dĂ©tails.

91µÎµÎ.CA / IT Services / Cloud Services

What are Cloud Services?

A Cloud Service is a free or paid service or software solution delivered over the internet by an external vendor. This service provides access to applications and resources, using infrastructure or hardware external to 91µÎµÎ. Personal and institutional (enterprise and research) data is stored, processed and transmitted outside of 91µÎµÎ infrastructure, “in the cloud”. 

See Cloud 101 for an overview of Cloud Services.

What is the Cloud Directive and related Cloud Service Acquisition Process?

°Őłó±đĚýCloud Directive outlines 91µÎµÎ's obligations in securely acquiring and using Cloud Services. It describes the necessary protections (controls) to use cloud services, depending on the type of data involved and its required security and privacy needs.  

°Őłó±đĚý°ä±ô´ÇłÜ»ĺĚýł§±đ°ů±ąľ±ł¦±đĚý´ˇł¦±çłÜľ±˛őľ±łŮľ±´Ç˛ÔĚý±Ę°ů´Çł¦±đ˛ő˛ő describes in detail what steps need to be followed to acquire a Cloud Service. The process requires that a privacy, a contractual and an IT risk assessment be performed to evaluate if the vendor can deliver on their commitments to safeguard our data against theft, loss and corruption. 

Why do we need the Cloud Directive and Cloud Service Acquisition process?

The main objective of the Cloud Directive and the Cloud Service Acquisition process is to: 

  • protect personal information (PI) as well as personal health information (PHI). Examples include: SIN number, date of birth, address, gender, medical records or bank account information (to just name a few)

  • safeguard our institutional (enterprise) data, research data, proprietary information and intellectual property (IP) 

  • comply with applicable laws, regulations and standards

Students who leverage solutions that have been assessed and approved by 91µÎµÎ, can do so knowing that their personal information is managed securely.

What happens if we don’t follow the Cloud Directive and Cloud Service Acquisition process?

If we don’t follow this directive and process, then we don’t have any assurance that our data is properly safeguarded, and as a result, our data privacy and Intellectual Property rights are not guaranteed. Our data could be prone to unauthorized use or loss. 

In addition, we have a legal responsibility to safeguard our data. For example, personal information must be protected. In other words, if we are not safeguarding our data appropriately, we are in violation of the law.

What data needs to be protected in the cloud? 

Any data that is confidential needs to be protected. This includes data whose protection is required by law or regulation, or governed by contract or 91µÎµÎ policies. 

Here are a few examples of data to protect: 

  • Faculty members need to protect student personal information, and hence ensure that educational software for teaching and learning has been evaluated and approved. 

  • Researchers (including students working on research projects) need to protect their research data and the intellectual property associated with their research 

  • Staff members need to protect other people’s personal information, such as employee files, medical information, student records

Who needs to comply? 

All members of the 91µÎµÎ community must comply with the Cloud Directive and the Cloud Service Acquisition Process when acquiring and/or using paid or free Cloud Services. Research data and educational software used for teaching and learning are subject to the Cloud Directive as well. 

How to get support?

We realize that it may be difficult to understand the details of 91µÎµÎ policies and directives. We, therefore, encourage you to contact itgovernance.its [at] mcgill.ca if you have questions or concerns. It will be our pleasure to assist and guide you through the process.  

Back to top