Information Technology Resources: All VIU-managed or approved hardware, software, networks, data, cloud services, and related infrastructure used to create, store, process, or transmit VIU information.
Users: Any person or entity accessing, using, or managing VIU IT resources.
VIU Business: Teaching, learning, research, administration, community engagement, and other authorized institutional activities.
Approved Systems: Systems that have been reviewed and authorized by VIU governance processes.
Critical Systems: Systems supporting core operations or containing sensitive data.
System Owner: The business or technical owner accountable for ensuring lifecycle planning, risk management, and compliance with technology standards.
Information Asset: Data, systems, applications, or services supporting VIU operations.
Asset Owner: A designated individual responsible for the overall accountability of a VIU information asset, including its appropriate use, protection, compliance with policies and regulations, and alignment with business objectives throughout the asset lifecycle.
Personal Information: Recorded information about an identifiable individual as defined under applicable privacy legislation (e.g., FIPPA).
Sensitive Information: Information requiring protection due to legal, regulatory, ethical, or institutional risk.
Access Control: The set of policies, processes, and technical mechanisms used to ensure that only authorized individuals or systems are granted appropriate access to IT assets, data, and services, based on approved business requirements.
Compensating Controls: Temporary risk mitigation measures implemented when immediate replacement or upgrade is not feasible.
Security Control: A safeguard or countermeasure.
Least Privilege: Limiting access to the minimum necessary to perform assigned duties.
Role Based Access: System access rights and permissions are assigned based on an individual’s job role or function within the organization.
Vendor End of Life (EOL): The date at which a vendor designates a product as no longer manufactured or sold and begins transitioning it out of support.
Vendor End of Support (EOS): The date after which a vendor no longer provides security updates, patches, or technical support.