Search Information Security site


Policy on Third-Party Access to the University Network

Effective: January 12, 1998


The University of Virginia occasionally receives requests for direct connections to its network for non-affiliated third parties. Such requests for network access are typically either from firms that provide computing support services to University departments or from metropolitan area network service providers that offer remote-access solutions to University students, faculty, and staff. This policy has been developed to ensure that all such network access requests are treated consistently, fairly, and with a minimum of delay.

Annual Review Process

This policy and all associated network connections will be reviewed on an annual basis. Connections will be reviewed with the requesting departments to determine the usefulness of the connection. Connections that are no longer useful to the requesting department will be terminated at that time. The University does understand that third-parties will often need to sign annual contracts with a telephone company and every effort will be made to take this into account during any connection review process.


Outside agencies conducting business with the University requiring network communication will normally be able to conduct this business using the University's existing Internet connection. In some cases, however, the University or its departments may be better served by a more direct connection between the University network and the outside agency. Reasons for this may include faster access, a more reliable connection, or the exchange of network protocols not normally transmitted across the Internet. The following guidelines apply to any request for third-party connections to the University network:

  • The University's Department of Information Technology Services (ITS) is responsible for all external connections to the University network. Departments must initiate special connections to outside agencies in a written request to ITS. The request must explain the nature of the desired connection and the benefit(s) expected from the connection.
  • In general, no direct connection to the University network from non-centrally-contracted third parties providing computing or network support will be allowed. If approved for access to the University network, such firms will usually be referred to contracted agencies for the provision of actual network connectivity. Cornerstone Networks was such an agency when this policy was written in 1998.
  • Metropolitan area networking firms who are not competing with firms holding University remote-access contracts and who provide general access services to the entire University community may be eligible for direct connections to the University network. Direct connections will not be provided for the purpose of competing with existing University contracted services. For example, the University aggregates, bids, and contracts for dial-up modem and ISDN remote access services. Network connections will not be provided to third-parties intending to compete with the University's contracted dial-up provider.
  • These special connections must not in any way provide the outside agency the means to or be for the purpose of allowing the outside agency to compete with any services provided by agencies with exclusive contractual agreements with the University.
  • The connection must be used solely to provide the improvement in service indicated by the University department in its request. The third-party firm may provide this same set of services to other University departments in addition to the requesting department.
  • Agencies with special connections must agree to abide by any and all computing-related policies, especially security and privacy policies, of the University and ITS. Violation of any such policy will result in immediate termination of the connection.

Termination of Access

Access to the University network is a privilege that may be granted or withdrawn by the University at any time. The University may terminate the special connection if it is determined not to be in the University's interest to continue the connection. However, it is generally expected that the University will choose not to remove network access outside of the annual review process unless the connection is being used in violation of one or more of the policies listed above. The University may also impose temporary service interruptions for operational reasons.

Application Procedure

Sponsoring University departments should submit requests for third-party network access to:

Information Technology Services
Carruthers Hall
Attn: Director, Communications and Systems

The request should include a brief description of the service being provided by the third party and the names, e-mail addresses, and phone numbers of firm's administrative and technical contacts.

Policy reviewed by OIT Director of Planning and Policy Development


Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security Office will evaluate the report and provide a full investigation.

Complete Report Form