- Get help
- Services
- Announcements & alerts
- Service outages
- Security alerts
- Major initiatives
- Building a connected campus with MS Teams
- Modernizing IT for a better SFU
- Improving speed and coverage with network upgrade program
- Using automation to drive efficiency and innovation at SFU
- Welcome to the new SFU Mail: now faster, secure, intuitive
- Reintroducing IT ServiceHub: Your One-Stop IT Support Platform
- Supporting SFU's Digital Transformation with Exchange Online
- Important changes to SFU email practices
- Transforming the SFU experience through digital improvements - Key Initiatives in Progress
- Jovanna Sauro wins SFU Personal Achievement Award
- Improve your cellular coverage by enabling WiFi Calling
- New committee guides transformative changes at SFU
- Expanded identity options for students within SFU applications
- SFU works toward keeping devices out of landfills
- A journey to improved WiFi
- Help us, help you, connect to better WiFi
- IT Services' new support system: ServiceHub
- Information Security Essential Courses
- IT Services leadership announcement
- University Wide Password Change Initiative
- April 2021 technical issue
- Telephone System Core Infrastructure Upgrade
- Decommissioning fraser.sfu.ca
- About
- Information security
Data security standard
The purpose of the Data Security Standard is to provide guidelines that help the University Community know which Information Systems are appropriate for the handling and storage of different types of data, as classified in the Data Governance Policy.
Guidelines for DATA
- Only handle or store the minimum amount of data required to complete a task (the principle of “data minimization”). Do not handle or store any data that is not required, in particular very sensitive data.
- Internal Data or Regulated Data may only be shared with other SFU Employees when their role at SFU requires them to have access to perform their duties (the principle of “least privilege”).
- Keep data on just one Information System and do not copy, extract, or download data to other Information Systems. In the case of a violation of this control, then either one of the following must be done:
- Submit a plan to eliminate the redundancy to the Data Governance Council, or
- Submit a request for approval in writing to the Data Governance Council.
- Enterprise and Local Information Systems staff are available to consult with departments and Users to advise them of the risks and help determine which Information Systems will be best able to meet their requirements and support their business processes.