Home
Resources
Information for Administrative Units

Information for Administrative Units

Administration and Operations have particular needs that enable centralized, distributed, support-oriented, research-supporting, and departmental functions to run well. It is likely that technical solutions may require technologies to "talk" with each other, or may involve sensitive data (HE, HR, FIN).

Because of this, it is important that due diligence always be followed with regards to risk of a technology solution to sensitive information. The TRAC process is very much concerned with identifying risks related to the above, better allowing administrative and operational departments to make good decisions when it comes to technology solutions.

When a technology solution has been assessed as MEDIUM or HIGH RISK, there is a list of recommendations and concerns that need to be addressed by the project team.

It is the project team’s responsibility to address those risks and affirm signoff from their VP that the risks have either been eliminated, mitigated or accepted by the VP who is accountable for risk. Signature by the VP is an acknowledgement that they are taking responsibility for the risk to the institution where the risks identified by TRAC are not mitigated in the ways that we have recommended.

In some cases involving High Risk and Institutional Impact, beyond the scope of a single VP, recommendation for awareness and acceptance by all VP's may be required and would be co-ordinated by the TRAC Chairs.

Noteworthy Considerations:

While TRAC doesn't directly scrutinize in-house application code, it offers pivotal security and operational guidelines.
Given the dynamic tech environment, periodic TRAC reassessments ensure your initiatives remain aligned with updated protocols.
Transitioning to cloud infrastructures? TRAC appraisals are essential to understand evolving risk landscapes.
eCommerce solutions must be vetted by the Western Bankcard Committee to ensure compliance.

Related Processes

The TRAC report is provided by a collection of experts in areas related to Infomation Technology, Legal, Privacy, Procurement, Financial Services, Internal Audit, and administrators of our corporate data systems. The committee will render an opinion of the solution and its underlying technologies. There may be other areas of risk mitigation that must be followed after the TRAC report has been delivered.

Legal Counsel - Privacy/Legal negotiation risks, contract negotiations
WTS Security Operations Centre - information security risks
Privacy Office- Legislative and regulatory items related to personally identifiable information
PCI Working Group/Bankcard Committee - eCommerce and finance risks
Western Procurement - Policy and vendor engagement

Western Technology Services
1393 Western Road
London, Ontario, Canada, N6A 3K7
Tel: 519-661-3800
Privacy | Web Standards | Terms of Use | Accessibility

Key Topics:

About
Submit to TRAC
Resources
FAQs