Applicant Review & Document Sharing/Storage Platforms | Graduate & Postdoctoral Studies

Applicant Review & Document Sharing/Storage Platforms

This list has been compiled using the different storage approvals from Information Security and the Privacy Office. Using a system outside of the approved listing could result in a privacy breach investigation/fines or immediate platform usage shutdown, so should not be used. 

The University does not currently have a central admissions committee's applicant review platform. WebNow is used as our document management system for graduate applications. The list below provides an understanding of what platforms can be used on campus to review applicants or share/store materials outside of WebNow.

All OGPS PDF forms that contain student information are considered S3 by the University's Data Storage Guidelines (except the Application for Readmission, which is considered S4) and the chart below describes the different storage/share approved options. 

Platform 

Share Application Documents/OGPS Forms Rank/Comment on Applicants
CivicWeb Yes (Limited) Not Available
CourseLink No (Open Learning working towards limited category) Yes
Email

Yes (Limited & Encrypt)

Yes
Encrypted Computer

Yes

Yes
Encrypted USB (eg. Aegis Secure Key)

Yes

Yes
GryphForms

Yes

Yes

Network Shared Drives (eg. CFS) Yes

Yes

OneDrive/Sharepoint/Teams Yes (Limited)

Yes

Online Shares (eg. Dropbox, Google Drive, ShareFile, iCloud Drive, etc) No

Not Suggested

Qualtrics Yes (Limited) Yes
WebNow / Experience Apps Yes Not Available

(Limited)

Students who submit/attach supporting documents such as medical documentation, financial/bank statements to support a form submission, or immigration documents as part of an application would be acceptable with the above chart suggesting all sections containing any Health Identification (eg. Health Card Number), Financial (Bank Accounts, SIN number,etc), Immigration (Passport #, Work/Study Permit #, etc) must be either removed or redacted prior to using this method. Departments should use their best judgement based on these guidelines, but if there are any doubts if any Health/Financial/Immigration Identification would be considered S4, they should contact either Information Security through the CCS Help Desk or the Privacy Office with the example.  If users are given access to shared storage, you should maintain a list of those users and audit accordingly. Users who download the documents, must be using an Encrypted Computer/USB.

 

(Encrypted)

Documents themselves must be encrypted prior to using this method. If a department password is being used for larger group sharing, you should maintain a list of those users and audit/change the password accordingly. When sending an encrypted document to OGPS or other users, you must not provide the password in the email including the attachment