Information Security Compliance Team

The Information Security Compliance team serves as an informational resource for the UVA community, assisting departments with interpreting and implementing the procedural and technical requirements mandated by various requirements that apply based upon the type of data that is being handled. Compliance also seeks to provide University leadership with the tools needed to make informed risk-based decisions that best support the mission of the University. 

Compliance strives to ensure that the handling of UVA data is in accordance with requirements that fall into one or more of the following categories:

  • University policies, standards, and guidelines
  • Regulatory standards for data security:
    • We assist, in cooperation with the University's compliance network, in guiding UVA stakeholders towards compliance with state and federal regulations.
  • Contractual IT compliance:
    • We provide or publish basic guidance, such as including a DPA.
    • We partner with General Counsel and other contract stakeholders to ensure data security protections are sufficient to meet requirements. 

The operational responsibilities of the Compliance team include the following:

  • Security reviews for Cloud Vendors
  • Exception requests and undocumented deviations from policy
  • Contract reviews
    • Serve as technical resource when requested, such as by University Counsel, Procurement, OSP, or Property & Liability Risk management, and when the contractual language is within our knowledge of centrally supported services
  • Research support for compliance with IT Policies
    • IRB-SBS reviews of data security plan
    • Other research projects as requested
  • ITS Approvals
    • RITMs (e.g. Shibboleth, Storage, Server)
    • Static IP on AONs
    • Zoom and O365 integrations
    • Additional integrations, for centrally supported services
  • Information Security Risk Management program
  • ITS Solutions Collaborations
  • Project work
    • CIO portfolio projects
    • InfoSec projects

When you are ready to initiate a review, then please visit our Governance, Risk & Compliance platform; for more information see here.  You can also reach out to our team by sending an email to [email protected].  

If you are seeking IT Compliance guidance and are from the UVA Health System, please contact [email protected].