Fleming College policies are approved by Fleming College’s Board of Governors and operating procedures are approved by Fleming College’s Senior Management Team (SMT). Refer to the college’s Policy & Procedures website for a listing of all college policies. Below is an excerpt of the ITS policies.

ITS Policies & Operating Procedures

• 6-600 IT Policy Framework
• 6-601 Appropriate Use Policy (AUP)
  • OP #6-601 AUP and Accessing Another User’s Data Procedure
  • OP #6-601A Remote Access Procedure
  • OP #6-601B Social Media Procedure
• 6-602 IT User Account Management Policy
• 6-604 Electronic Information Security Policy  
  • OP #6-604A Information Security Classification Procedure
  • OP #6-604B Access Control Procedure
  • OP #6-604C Information Security Incident Management   
• 6-605 IT Business Continuity Policy
  • OP #6-605A IT Business Continuity and Disaster Recovery

---

IT Standards

As required under Policy 6-600, IT Policy Framework, the VP IT has published IT Standards that govern the use and protection of College data and computing resources. All Users of Fleming’s systems and information are responsible and accountable for following these standards.

User Standards (US)

User Standards (US) are mandatory and applicable to All Users:

• US-101 – Password and Passphrase Protection Standard
• US-102 – Encryption Requirements
• US-103 – Transmission and Sharing of Electronic Information
• US-107 – Bring Your Own Device (BYOD)

Technical Standards (TS)

Technical Standards (TS) are focused primarily for use by the ITS Department and any staff member, contractor or any IT professional with a technical role, such as a System Administrator, Application Administrator, etc. Some Technical Standards may contain sensitive information and will be provided to individuals on an as-needed basis upon request. Staff can use an access request to obtain a copy of an IT Technical Standard.

• TS-104 – Vulnerability Management
• TS-105 – Privileged Account Management
• TS-106 – PeopleSoft Development Standards

---

Legislation, Regulations, Agreements & Industry Standards

Below is a listing of some of the legislation and regulations applicable to the College. Additionally, the ITS department aims to be compliant with, or follow the guidance of, the industry standards also listed below:

• GO-ITS 25.0 General Security Requirements | ontario.ca
• ISO/IEC 27001:2022 – Information security management systems
• ITIL | IT Service Management | Axelos
• PIPEDA – Personal Information Protection and Electronic Documents Act (2000)
• FIPPA – Freedom of Information and Protection of Privacy Act, R.S.O. 1990, c. F. 31
• PHIPA – Personal Health Information Protection Act (2004)
• Copyright Act (Canada) R.S. 1985
• Limitation Act
• Occupational Health and Safety Act (OHSA) | ontario.ca
• Ministry of Training, Colleges and Universities Act, RSO 1990
• Ontario Colleges of Applied Arts and Technology Act, 2002
• Ontario Student Grants and Ontario Student Loans, O Reg 70/17
• Private Career Colleges Act, 2005
• Colleges Collective Bargaining Act, 2008 and applicable Collective Agreements
• Broader Public Sector Accountability Act, 2010
• Strengthening Post-secondary Institutions and Students Act, 2022
• 2020-2025 Strategic Mandate Agreement: Sir Sandford Fleming College of Applied Arts and Technology | ontario.ca
• Broader Public Sector Procurement Directive issued by the Management Board of Cabinet, effective July 1, 2011
• Canadian Free Trade Agreement (CFTA)
• Comprehensive Economic and Trade Agreement (CETA)
• Ontario Centralized Procurement Initiative
• Payment Card Industry Data Security Standards (PCI-DSS)