vcc.ca
Internet of Things Procedures
Procedures Number: 504
Procedures Effective Date: February 13, 2020
Approval Body: President
Sponsor: VP Administration
Procedures
- All VCC's Departments or any third party acting on behalf of VCC are required to contact the IT Department prior to acquisition of the new IoT device to avoid network compatibility or security issues.
- The IT Department will review IoT devices to determine:
- Risk to the data or services provided by the device.
- Risk to the device itself.
- Risk to VCC's computer network or to other VCC's IT systems.
- Compliance with FOIPPA and with other relevant legislations.
- Network compatibility.
- Other Cyber Security risks.
- Where necessary, the IT Department will consult Facilities; Safety, Security, Risk and Privacy; Purchasing; and other VCC's Departments.
- The IT Department will determine if the IoT device is safe to connect to VCC's computer network and will approve the IoT device to be purchased and/or to be connected to VCC network.
- If the IoT device is deemed to be unsafe for VCC, the IT Department will continue to work with the requestor to find a suitable product.
- No IoT device owned, used, or managed by VCC or on behalf of VCC may be connected to any VCC wired or wireless computer network without proper review and authorization from the IT Department.
- In case of disagreement with the IT Department's decision, the requestor may escalate to the CIO. The CIO's decision is final.
- The IT Department will assist with the configuration of the approved IoT devices to ensure safe connectivity to VCC's computer network.
- The IT Department may monitor VCC's computer network for the presence of unauthorised IoT devices and will disconnect any unauthorised IoT device from the network.
See related policy 504