Vulnerability Management Policy

Approved by the CIO - October 4, 2023

Vulnerability Management is a foundational component of the University of Guelph’s information security program which includes the identification, assessment and remediation of discovered IT security vulnerabilities. Responsibility for the on-going effort to reduce vulnerabilities on University-owned information technology assets is shared between service/system/application owners and CCS.

All devices owned by the University, devices connected to the University network, and devices that store University-owned data are in scope of this policy regardless of ownership. This includes personally-owned devices connected to the University network and third-party hosted services utilized by the University.

CCS Information Security offers the Vulnerability Management Service to assist with compliance with this policy.

View the full Vulnerabilty Management Policy (PDF)