Search Information Security site


Information Policy Library

This library serves as a central repository for all UVA information technology (IT) resource policies, standards, and procedures. The creation of a single location that consolidates the 4 information policy areas and their associated standards, procedures, and guidelines should facilitate compliance initiatives across the UVA community.  These policies address the management of IT resources and University information to provide the framework for minimizing risk to these valuable assets. 

All users of UVA IT resources are encouraged to review and familiarize themselves with the 4 areas of policies, standards, and procedures below and to seek assistance from technology experts (i.e. Local Support Partners) in the unit areas.

For questions or concerns please speak with your Local Support Partner (LSP) or email University Information Security at

Top 10 Changes

Highlights the changes made to UVA information policies, standards, and procedures. Unless otherwise noted, all changes are effective immediately. 

Acceptable Use

All users of University information technology (IT) resources are required to use them in an ethical, professional, and legal manner.


Acceptable Use of the University’s Information Technology Resources (IRM-002)

Data Protection

Users must comply with all University policies and standards for the data to which they have been granted the ability to view, copy, generate, transmit, store, download, or otherwise acquire, access, remove, or destroy. Users must also meet any additional compliance requirements for data protection stipulated by various governmental, legal, or contractual entities.


Data Protection of University Information (IRM-003)

Information Security

Owners and overseers of the University’s information technology (IT) resources must take reasonable care to eliminate security vulnerabilities from those resources.


Information Security of University Technology Resources (IRM-004)

Privacy & Confidentiality

The University is committed to the privacy of individuals and to safeguarding information about individuals subject to limitations imposed by local, state, and federal law and other provisions described in the policies, standards, and procedures listed below.  The University, as steward of public resources and electronic information, shall respond to requests for electronic information in an orderly manner consistent with state and federal law and the policies, standards, and procedures listed below.


Privacy and Confidentiality of University Information (IRM-012)


We understand the need for flexibility in becoming compliant with the updated policies, so a new process has been developed to request exceptions to a policy, standard, or procedure. There must be a legitimate business reason and proof that any potential risks will be mitigated before placing an exception request.

Additional Resources


Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security Office will evaluate the report and provide a full investigation.

Complete Report Form