Security Breach Policy – Information & IT Systems

  • Home
  • Security Breach Policy – Information & IT Systems

Security Breach Policy – Information & IT Systems

Institution: North View College

Effective Date: October 11, 2025

Policy Owner: College Administration

1. Purpose

The purpose of this policy is to establish clear procedures and responsibilities for identifying, responding to, and mitigating security breaches involving student information and IT systems. This policy is designed to protect the confidentiality, integrity, and availability of student data and institutional technology assets.

2. Scope

This policy applies to:

  • All students, staff, faculty, contractors, and third-party vendors
  • All college-owned or managed IT systems, networks, and platforms
  • All data breaches involving personal, academic, financial, or health information

3. Definitions

Security Breach: Any incident resulting in unauthorized access to, disclosure of, modification of, or destruction of data or IT systems.

Personal Information: Any data that identifies an individual, including name, student ID, address, academic records, or government-issued identifiers.

IT Systems: All digital infrastructure owned or operated by the College, including email systems, student portals, learning management systems, databases, and networks.

4. Roles & Responsibilities

  • IT Department: Monitor systems, respond to incidents, and maintain cybersecurity controls
  • Privacy Officer: Ensure compliance with privacy laws and report breaches when required
  • Students & Employees: Immediately report suspected security breaches and follow IT policies

5. Breach Response Procedure

Step 1: Identify & Contain

Suspected breaches must be reported immediately to the IT Department. Affected systems will be isolated, and compromised accounts may be disabled to prevent further unauthorized access.

Step 2: Assess the Breach

The College will determine the scope and severity of the breach, identify affected individuals and systems, and assess risks to privacy and operations.

Step 3: Notification

Where required by law, the College will notify affected individuals and regulatory authorities. Notifications will include details of the incident, affected data, actions taken, and steps individuals can take to protect themselves.

Step 4: Mitigation & Remediation

Recovery actions may include password resets, system patching, restoration of backups, and additional safeguards. All actions taken will be documented.

Step 5: Post-Incident Review

The College will conduct a review to identify root causes, implement long-term improvements, update policies, and provide additional training if necessary.

6. Prevention Measures

  • Strong encryption and access controls
  • Regular security audits and system reviews
  • Mandatory cybersecurity training
  • Updated anti-malware, firewall, and intrusion detection systems
  • Strong password and multi-factor authentication policies

7. Legal & Regulatory Compliance

This policy complies with all applicable privacy and data protection legislation, including:

  • Personal Information Protection and Electronic Documents Act (PIPEDA)
  • Personal Health Information Protection Act (PHIPA)
  • Freedom of Information and Protection of Privacy Act (FIPPA), where applicable

8. Policy Review

This policy is reviewed annually or as required due to changes in legislation, technology, or institutional practices.

9. Contact Information

For questions or to report a security breach, please contact:

IT Support: support@theshareplus.com
Privacy Officer: kbagga@theshareplus.com | Phone: +1 647-846-4456
Emergency (After Hours): +1 647-846-4882

North View College

North View College is committed to providing career-focused education through practical training, industry-relevant programs, and supportive learning environments that prepare students for real-world success.

Contact Us

Useful Links

Academics

Image