This website stores cookies on your computer. These cookies are used to collect information about how you interact with our website and allow us to remember your browser. We use this information to improve and customize your browsing experience, for analytics and metrics about our visitors both on this website and other media, and for marketing purposes. By using this website, you accept and agree to be bound by UVic’s Terms of Use and Protection of Privacy Policy.  If you do not agree to the above, you can configure your browser’s setting to “do not track.”

Skip to main content
People Departments Maps Buildings Rooms A-Z
University
of Victoria
Apply Library
Sign in Online tools Sign out
University Systems

Guidelines for use of AI in administrative work

This page is for UVic employees and other members of the university community who use AI tools in their administrative or operational work. It explains who can use AI, which tools are approved, and how to use them responsibly, securely, and in line with university policies.

Definitions

This page uses terms with meanings that are specific, technical, and related to university policies. Read the definitions.

Policy and compliance

Members of the University Community have individual accountabilities for the appropriate use of AI in ways that uphold UVic’s values and adhere to university policies. The following requirements apply to the use of AI.

1. Adhere to university policies

To maintain the security and privacy of our data and IT systems, and ensure that university records created by AI are compliant with legislation and policy, employees must adhere to applicable university policies in the use of AI:

2. Use approved tools

The GenAI tool approved for use with UVic Data is Microsoft Copilot.

  • Consideration of new AI Tools must be vetted through a Privacy Impact Assessment with the Privacy Office, and Technical Approval Process through University Systems.

  • Publicly available GenAI tools such as ChatGPT, Claude, Gemini, Perplexity, etc. have not been approved for use with Highly Confidential, Confidential, or Internal classifications of UVic Data.

3. Safeguard UVic Data and Intellectual Property

To maintain the confidentiality of UVic Data, including but not limited to personal information, intellectual property, and copyrighted material:

  • Do not input/upload UVic Data with Internal, Confidential, or Highly Confidential information security classifications into non-approved AI applications. For example, do not input/upload personal information, such as for employees, students, or other third parties into any non-approved AI application.
  • To determine relevant security classification, please refer to IM7800 Information Security Policy (University Information Security Classification Procedures).
  • Do not upload or input materials into AI tools unless you own the content or have explicit permission or legal authority to use it.
  • Contact your manager, or email infosec@uvic.ca or request IT support if you are unsure about the information security classification of your data.

4. Ensure that AI use complies with records management policy

  • Be aware that Microsoft Copilot chats and prompts are retained for a period of 5 months and may generate records in scope for a Freedom of Information request.
  • Review, understand and follow records management guidance, which applies to all university technologies and processes.
  • Email RMHelp@uvic.ca if you have questions on how to manage records created by AI.

5. Use for work purposes

Use AI on UVic-owned devices for work purposes. 

6. AI requires professional oversight

Users of AI tools such as GenAI must have sufficient domain expertise to verify generated outputs, and have the skills and ability to generate similar work without the use of GenAI.

Moreover they must be professionally employed in this capacity, and in a position to spot errors, identify unexpected behaviours, as well as take full accountability for generated work and the results they produce.  

For example, users must not deploy, integrate, or implement code generated by AI tools directly into UVic’s information systems.

Principles for use of AI

In addition to the above policy and compliance requirements, the following principles apply to anyone using, designing, procuring, or implementing Copilot or any other AI and related technologies in support of operational and administrative purposes.

Human centred, ethical, and accountable use

Maintain human oversight for AI, especially decisions. Use AI in ways that align to UVic’s purpose, pledge and principles outlined in our Strategic Plan.

Transparency and trust

Disclose when and how AI is used, and the role of AI in processes that affect stakeholders. Ensure that AI systems are safe, reliable, tested and approved before use. This also means monitoring to avoid harm to others and mitigating risks such as bias, inaccuracy, and unintended consequences.

Responsible

You are responsible for being knowledgeable and current about the uses, policies, and limitations of the AI tools that you use, and for the output of the work created by AI. Take necessary training to responsibly use, implement and provide oversight over AI tools.

Innovation, sustainability, and cost-benefit alignment

AI can help reduce/streamline repetitive tasks and generate improvements, such as process innovation and benefits to the university (e.g. student experience). Be mindful of AI’s environmental impact.

Definitions

Artificial Intelligence (AI)
Computer systems that can generate outputs such as text, images, code, predictions, or recommendations based on human-defined goals and data/instructions provided to them. For more detailed description and definitions of AI, refer to Artificial Intelligence Risk Management Framework (AI RMF 1.0) (1.9MB pdf).

Generative AI (GenAI)
A specific type of Artificial Intelligence that can generate new content such as text, image, video, computer code, etc. For more detail, refer to the OECD's definition of generative AI.

Microsoft Copilot

The approved, enterprise GenAI tool for University of Victoria. It is an AI assistant embedded in the Microsoft365 ecosystem that uses underlying technologies like those used by the publicly available ChatGPT. Copilot can streamline routine tasks, including:

  • Text generation
  • Image and media creation
  • Proofreading and editing
  • Automated information gathering and synthesis
  • Summarization
  • Task planning and productivity support
  • Meeting and collaboration assistance

Microsoft Copilot was approved for enterprise use because it operates within a secure environment and does not use customer data to train public AI models. Copilot is managed by University Systems and has completed a security assessment and Privacy Impact Assessment. It is configured to comply with information security, privacy, and records management policy requirements.

University Community

Refers to:

  1. Credit and non-credit students, including distance students and continuing education students
  2. Employees (faculty, librarians, and staff)
  3. Any person holding a university appointment whether or not that person is an employee
  4. Post-doctoral fellows
  5. All persons who are employed under contracts with university faculty members as the employer and who provide research or administrative services directly supporting faculty members’ research activities
  6. Visiting researchers
  7. Anyone contractually required to abide by university policies
  8. Anyone volunteering with a university program or activity
  9. Members of the Board of Governors and Senate
  10. Separately incorporated organizations operating on campus
  11. Anyone who ordinarily resides in campus because of their relationship with the university

UVic Data
Records, including digital assets, containing personal information or business or confidential information about the university.

Records management guidelines

To ensure that university records are created, used, disposed of, and preserved in a systematic manner, compliant with relevant legislation, employees must adhere to the IM7700 Records Management Policy.

Contact your manager, or RMHelp@uvic.ca if you have any questions about how to manage unit records created with, or without, generative AI tools.

  • Records created as a part of administrative processes using generative AI tools are university records.
  • University records provide evidence of official business, policies, transactions, agreements, or decisions; and may be required for legal, financial, audit, administrative or operational purposes.
  • Administrative authorities are responsible for making reasonable efforts to ensure that records in the unit are managed according to IM7700.

  • Units are expected to use the university-wide classification plan, known as the Directory of Records, to classify records, enabling effective retention and disposition.
  • Records scheduled for disposition containing personal or confidential information and identified as having no long-term value must be destroyed in a secure and permanent manner.
  • Records that will be kept permanently by the university will be held by and preserved for access as determined by the University Archivist.
  • Records scheduled for disposition (including Transitory records) must not be disposed of when such records are: identified in current or pending litigation; responsive to a current request made under FIPPA; the subject of an audit; or identified in quasi-judicial and legal proceedings.