Information for Administrative Units

Administration and Operations have particular needs that enable centralized, distributed, support-oriented, research-supporting, and departmental functions to run well. It is likely that technical solutions may require technologies to "talk" with each other, or may involve sensitive data (HE, HR, FIN).

Because of this, it is important that due diligence always be followed with regards to risk of a technology solution to sensitive information. The TRAC process is very much concerned with identifying risks related to the above, better allowing administrative and operational departments to make good decisions when it comes to technology solutions.

When a technology solution has been assessed as MEDIUM or HIGH RISK, there is a list of recommendations and concerns that need to be addressed by the project team.

It is the project team’s responsibility to address those risks and affirm signoff from their VP that the risks have either been eliminated, mitigated or accepted by the VP who is accountable for risk.  Signature by the VP is an acknowledgement that they are taking responsibility for the risk to the institution where the risks identified by TRAC are not mitigated in the ways that we have recommended.

In some cases involving High Risk and Institutional Impact, beyond the scope of a single VP, recommendation for awareness and acceptance by all VP's may be required and would be co-ordinated by the TRAC Chairs.

Noteworthy Considerations:  

  • While TRAC doesn't directly scrutinize in-house application code, it offers pivotal security and operational guidelines. 
  • Given the dynamic tech environment, periodic TRAC reassessments ensure your initiatives remain aligned with updated protocols.
  • Transitioning to cloud infrastructures? TRAC appraisals are essential to understand evolving risk landscapes. 
  • eCommerce solutions must be vetted by the Western Bankcard Committee to ensure compliance.

Related Processes

The TRAC report is provided by a collection of experts in areas related to Infomation Technology, Legal, Privacy, Procurement, Financial Services, Internal Audit, and administrators of our corporate data systems.  The committee will render an opinion of the solution and its underlying technologies. There may be other areas of risk mitigation that must be followed after the TRAC report has been delivered.

  • Legal Counsel - Privacy/Legal negotiation risks, contract negotiations
  • WTS Security Operations Centre - information security risks
  • Privacy Office- Legislative and regulatory items related to personally identifiable information
  • PCI Working Group/Bankcard Committee - eCommerce and finance risks
  • Western Procurement - Policy and vendor engagement