PIA Guidelines & Tools
PIA Guidelines & Tools
PIA Guidelines
Guidelines have been developed for the UBC community to build awareness about the PIA process and to more effectively manage PIA Requests. These guidelines outline expected use of standard services and tools, and explain how to comply with FIPPA requirements and the Information Security Standards.

Event Registration and Shopping Cart Tools
These tools are used for event signup and to provide a platform to make items available for purchase.
Tools covered: ePly-ePayment, UBC ePayment.

Survey Tools
These tools are used to efficiently collect and analyze information.
Tools covered: Qualtrics.

Mass E-Mail Tools
These tools facilitate communication with large numbers of users.
Tools covered: CyberImpact, Envoke, UBC Sendy (USEND).

Collaboration Tools
These tools facilitate collaboration between users.
Tools covered: MS Teams, Zoom, Blackboard Collaborate.
Risk Assessments & Tools
The following tools may be required to support custom risk assessments in emerging or prevalent risk areas to help the University better understand and mitigate privacy and information security risks.
- Application Risk Assessments (ARA) covers technical risk areas such as vulnerability management and privileged access.
- Operational Risk Assessments (ORA) focuses on risks relating to end-user handling of personal information.
- Privacy and Information Security Requirements & Risk Assessment is used to assess the risk level for external products and services. It should be included as part of procurement responses to ensure a vendor/product meets UBC’s privacy requirements.
- Implementation Checklist is used to demonstrate that appropriate controls have been applied in product development and to show that a product is ready for production.
- Privacy / Security Solutions & Services Integration Checklist is used to assess the functional and technical requirements prior to procurement by outlining core security services and integrations.
- Tailored Risk Assessments if none of the above fits your needs, use the PIA Inquiry to request additional information and determine additional documentation requirements.
Please refer to the Privacy Matters Resources for more information.