Knowledgebase: Guidelines
Cloud Services - Policies
Updated: 11 February 2021 09:15 AM

Cloud services have passed reviews of their License Agreements, Privacy, Security and Accessibility prior to purchase and we have standing contracts with all of these providers. 

Security and Privacy

Cloud Services procured or used by OCAD University require compliance with relevant institutional policies and two specific pieces of provincial legislation:

  • AODA (Accessibility for Ontarians with Disabilities Act) 
    • OCAD University is legally mandated to provide AODA Customer Service information and training to all employees, volunteers and student leaders. Universities are required to comply with this provincial accessibility legislation which specifically calls out the requirements for websites.
    • See more at:
  • FIPPA (Freedom of Information and Privacy Protection Act)
    • Transparency: information under the custody and control the university should be made available to the public with limited and narrowly defined exceptions (i.e., private donations to the university archives; most labour relations and employment related records; teaching materials; and research related records).
    • Privacy: personal information under the custody and control of the university should be protected from unauthorized collection, use, and disclosure. 
    • See more at: 

OCAD U IT Services reviews documentation to ensure compliance including:

  • Licensing Agreements and Contract Terms
  • VPAT (Voluntary Product Accessibility Templates) and compliance with W3C WCAG Accessibility Standards
  • Privacy Policies
  • Security Documentation, Certifications and Standards, Transparency Reports
  • Compliance with existing OCAD U policy including the Acceptable Use Policy
  • Compliance with the OCAD U Procurement Guidelines (

Unsupported Services

OCAD U does not advocate or support the use of any other Cloud Services as they may not be compliant with AODA, FIPPA, or have Privacy Policies or Licensing Terms that are deleterious to student or faculty accessibility, privacy, security, learning or pose a high-level of risk to the faculty member or institution. Institutional policies, such as the Information & Data Classification Policy (, are applicable to institutional confidential or internal data and information and, in many cases, would prohibit use of cloud services where the licensing terms, security and privacy policies have not been reviewed, assessed and approved by the university. 

If you choose to use an Unsupported Cloud Service personally:

  1. Do not store, share, transmit, backup any confidential institutional or personal information in any format.
  2. Do not store, share, transmit, backup any intellectual property, copyrighted content that you are not licensed to distribute. You cannot absolutely require students to use the service without an alternative option that has met the requirements above.
  3. You cannot absolutely require students to use the service without an alternative option that has met the requirements above.