Information Risk Management Program

Service Description

The Information Risk Management Program at the Faculty of Medicine has been established under the authority of the Dean of the Faculty of Medicine, in coordination with the University’s Chief Information Officer (CIO). The goal of the Information Risk Management Program (IRMP) is to ensure that risks to the Faculty and the University, arising from mis-handling or mis-identification of information, are managed as an integral component of information solutions throughout their lifecycle, and in full accordance with the policies and guidelines of the University.

The IRMP is a proactive framework for identifying and managing information risk, and opportunities to take advantage of existing enterprise infrastructure, at all points in the information solution lifecycle. Under the IRMP, the Sponsor (business process owner) or Steward (administrator) of a project to build or change an information system must do the following before it goes into production:

• determine the sensitivity of the data it will contain (public, confidential, or protected)
• follow the defined process to ensure the risks have been appropriately managed

An IRMP Committee has been formed to review all systems that will contain protected data, to ensure that the risks to the Faculty and the University have been appropriately managed.

Service Charges