Terms of Reference

Technology Risk Assessment Committee (TRAC)

Terms of Reference

Purpose

The TRAC process brings together key risk stakeholders as a working group to efficiently review, discuss and evaluate risk as they are self-identified by department initiatives or introduced through research, procurement, technology onboarding, and legal counsel processes. The Technology Risk Assessment Committee (TRAC) is a working group that supports Procurement Policy (MAPP 2.8) and Computing, Technology, and Information Resources Policy (MAPP 1.13) in evaluating the risk of proposed technology solutions with the intent of eliminating or mitigating risks where possible and escalating risks acceptance to the level of the Vice President’s offices across Western University.

Mandate

  • To provide institutional risk assessments as it relates to data, technology, legal liability, and privacy risk for initiatives that seek to procure or renew technology solutions
  • To ensure risk acceptance is escalated to the appropriate level in the institution
  • To provide guidance on risk mitigation, controls, and remediations for proposed solutions
  • To ensure adherence to data classification standards, Bank Card Committee procedures, and relevant policies within the organization
  • To promote visibility of technology solutions decisions within the university and, where appropriate, to recommend alignment with Western’s goals and objectives

Composition of TRAC

TRA Committee (TRAC) is comprised of several central functions at Western, including the Office of the University Legal Counsel, Procurement Services, and Western Technology Services (WTS). The committee is augmented by Resource Group representatives from the following central resource functions, as expertise is required: Financial Services, the Institutional Data Office, Internal Audit, Office of Research Services, and the Office of the Registrar. The TRAC Committee reports to an Interim Steering Committee represented by the Chief Digital Information Officer, Senior University Legal Counsel, Chief Data Officer, and the AVP Financial Services.

TRAC Working Group

  • Procurement Services - Co-Chair
  • WTS CISO / Cyber Security - Co-Chair
  • Office of the University Legal Counsel (Contract, Privacy, Legal Assistant)
  • Western Technology Services
    (Information Security, Infrastructure Services, Application Services)

TRAC Resource Group

  • Bank Card Committee Chair
  • Internal Audit
  • Office of Research Services
  • Office of the Registrar

TRAC Interim Steering Committee

  • Chief Digital Information Officer
  • Senior University Legal Counsel
  • AVP Financial Services
  • Chief Data Officer