Search Information Security site

 

Information Policy Library

This library serves as a central repository for all UVA information technology (IT) resource policies, standards, and procedures. The creation of a single location that consolidates the 4 information policy areas and their associated standards, procedures, and guidelines should facilitate compliance initiatives across the UVA community.  These policies address the management of IT resources and University information to provide the framework for minimizing risk to these valuable assets. 

All users of UVA IT resources are encouraged to review and familiarize themselves with the 4 areas of policies, standards, and procedures below and to seek assistance from technology experts (i.e. Local Support Partners) in the unit areas.

For questions or concerns please speak with your Local Support Partner (LSP) or email University Information Security at it-policy@virginia.edu.

Top 10 Changes

Highlights the changes made to UVA information policies, standards, and procedures. Unless otherwise noted, all changes are effective immediately. 

Acceptable Use

All users of University information technology (IT) resources are required to use them in an ethical, professional, and legal manner.

Policy

Acceptable Use of the University’s Information Technology Resources (IRM-002)

Data Protection

Users must comply with all University policies and standards for the data to which they have been granted the ability to view, copy, generate, transmit, store, download, or otherwise acquire, access, remove, or destroy. Users must also meet any additional compliance requirements for data protection stipulated by various governmental, legal, or contractual entities.

Policy

Data Protection of University Information (IRM-003)

Information Security

Owners and overseers of the University’s information technology (IT) resources must take reasonable care to eliminate security vulnerabilities from those resources.

Policy

Information Security of University Technology Resources (IRM-004)

Privacy & Confidentiality

The University is committed to the privacy of individuals and to safeguarding information about individuals subject to limitations imposed by local, state, and federal law and other provisions described in the policies, standards, and procedures listed below.  The University, as steward of public resources and electronic information, shall respond to requests for electronic information in an orderly manner consistent with state and federal law and the policies, standards, and procedures listed below.

Policy

Privacy and Confidentiality of University Information (IRM-012)

Exceptions

We understand the need for flexibility in becoming compliant with the updated policies, so a new process has been developed to request exceptions to a policy, standard, or procedure. There must be a legitimate business reason and proof that any potential risks will be mitigated before placing an exception request.

Additional Resources

 

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security Office will evaluate the report and provide a full investigation.

Complete Report Form