This page outlines all software and applications that have been assessed for potential risks.
Before using any of the software listed below, please provide the IT Team with an indication of your intended use and use case.
Mentimeter – Assessed
Mentimeter is an interactive presentation software that allows you to engage your audience through real-time voting, polls, quizzes, and other interactive content.
Recommendations
- The overall risk associated with using Mentimeter is low, given that only one faculty member is involved, and students are not required to create an account.
- Students will not create an account for using this application.
- Due to the tracking and device data collection by Mentimeter, it is recommended to block or reject unnecessary cookies and opt out of marketing and advertisement features.
Archivematica and AtoM – Assessed
Archivematica is a free and open-source digital preservation system designed to maintain long-term access to collections of digital objects. It provides an integrated suite of tools that allow users to process digital objects from ingest to archival storage and access. AtoM is a web-based, open-source application for standards-based archival description and access.
Recommendations
- Approved for student accounts, instructor accounts and data storage on our local server.
- All admin or web developer/configuration access should use a form of multi-factor authentication (MFA) to ensure that your system configuration is not easily accessible or manipulated.
- Contact the IT team for the best way to enable access for your students and to assess your use-case.
- Both products are open source, meaning that there is no Privacy Policy or Terms of Agreement that would be used to legally define the relationship between software owners and UofT.
- This product is available for use, hosted by the Faculty IT team on our servers in the University of Toronto library data center.
Slack – Assessed
Slack is a collaboration platform designed to connect teams and streamline communication. It offers various features including channels, direct messaging, integrations with other tools, file sharing, and search.
Recommendations
- Without a specified contract between Slack and UofT, the Terms of Use would govern the relationship from a contractual context. For example, if there is a legal dispute between Slack and a faculty member using Slack, then the Terms would provide the framework that the dispute would be measured against.
- Slack’s Privacy Policy will dictate the how’s and why’s around data collection and usage; including it’s ability to use personal information/customer data.
- Slack may add information it receives from other sources to information it has on its users.
- Slack sometimes sends marketing-based emails. There is an opt-out process within the Slack settings.
- Be careful when adding third party integrations. Slack notes that some of their third party service integrations may necessitate more personal information being required before use (through sign up/registration). These services may send data back to Slack.
- There may be other concerns with Slack usage, such as upload of NSFW content, however there are moderation processes within the system where the admin can remove posted content if needed.
Wix.com – Assessed
Wix.com is a popular website builder that allows users to create professional-looking websites without needing to know how to code.
Recommendations
- Restricted access to administrator account (no sharing).
- Make separate admin accounts for each admin if more than one is needed.
- Create strong, complex and long passwords for admin access.
- Utilize multi-factor authentication if possible.
- Largest risk: vandalism/defacement of a website.