Skip to content
You are using an unsupported browser. For best results please use the latest versions of Chrome, Edge, Firefox or Safari.

ISC Risk, Compliance, Metrics and Reporting Working Group

Terms of reference


The Risk, Compliance, Metrics and Reporting Working Group is responsible for developing, through consultation with member stakeholders and their colleagues, an understanding of the information and metrics needed by decision makers to best support information security decisions made at the local, divisional and institutional level. Fundamentally, this involves determining what metrics, reports or other information should be collected, and by whom and to whom they should be shared. This work includes the development of contextual information to aid in the interpretation of data provided to decision makers.


The working group in the current term will focus on the collection of metrics and development of reporting and information resources for information security work at all levels of the institution. Members will:

  • Identify and define stakeholder groups, their role in the provision of or accountability for information security and their associated information and reporting needs.
  • Probe the information needs of various stakeholder groups at the University of Toronto and document what information (and in what format and frequency) would be needed for those individuals to make responsible, informed decisions in their role.
  • Provide a proposed list of information to be collected, proposed sources for the information and distribution mechanisms and policies.
  • Develop and make recommendations for areas of institutional risk requiring focused attention and investment.
  • Provide ongoing feedback to the Data Asset Inventory and Information Risk Self-Assessment (DAI-IRSA) and other institutional risk management tools, processes and programs.


  • Membership is comprised of individuals who engage in a broad range of decision-making and support activities with varied information needs and those with expertise in information security.
  • Working group members will consult with local decision makers and their peers in representing and clarifying the information needs of various groups and roles.
  • Members will seek input from the Information Security Council (ISC) on information needs and stakeholder group definitions.
  • When the working group feels a natural ‘first pass’ of information needs can be produced, it will be forwarded to the ISC for endorsement before the working group moves forward on how the information may be collected and how it should be shared, and the tools and processes required to accomplish these goals.


Meetings are held every third Tuesday of the month, from 2 to 3:30 p.m.


Kalyani Khati (co-chair) Associate Director, Information Security Strategic Initiatives, Information Technology Services
Paul Morrison (co-chair) IT Director, Faculty of Kinesiology & Physical Education
Rishi Arora Information Risk Program Coordinator, Information Risk, ITS
Chris Brown Associate Registrar, Special Projects & Director Academic Scheduling, Registrar’s Office, Faculty of Applied Science and Engineering
Steven Butterworth PCS Manager, Department of Physics, Faculty of Arts & Science
Sheril Chacko Senior Business Analyst, Information & Instructional Technology Services, UTSC
Sandy Chang Assistant Director, Health & Wellness Centre
André Greenidge Senior Auditor – Information Systems, Internal Audit
John Kerr Director, Risk Management and Insurance, Finance
Lareza Lazuardi Senior Manager, Applications & Development, Information and Instructional Technology, Faculty of Arts & Science
Akshat Mishra Information Security Program Manager, Information & Instructional Technology Services, UTM
Kanupriya Parab Information Risk Manager, Information Risk, ITS
Shakhawat Patwary Senior Planning & Data Officer, Campus Planning and Analysis Office, UTSC
Serena Persaud Chief Administrative Officer, Student Life
Danny Velev Business Intelligence Solutions Architect, Division of University Advancement
Jeffrey Waldman Manager, Institutional Data Governance, Institutional Research & Data Governance