Information Security Compliance Team

The Information Security Compliance team serves as an informational resource for the UVA community, assisting departments with interpreting and implementing the procedural and technical requirements mandated by various requirements that apply based upon the type of data that is being handled. Compliance also seeks to provide University leadership with the tools needed to make informed risk-based decisions that best support the mission of the University. 

Compliance strives to ensure that the handling of UVA data is in accordance with requirements that fall into one or more of the following categories:

  • University policies, standards, and guidelines
  • Regulatory standards for data security:
    • We assist, in cooperation with the University's compliance network, in guiding UVA stakeholders towards compliance with state and federal regulations.
  • Contractual IT compliance:
    • We provide or publish basic guidance, such as including a DPA.
    • We partner with General Counsel and other contract stakeholders to ensure data security protections are sufficient to meet requirements. 

The operational responsibilities of the Compliance team include the following:

When you are ready to initiate a review, then please visit our Governance, Risk & Compliance platform; for more information click here.  You can also reach out to our team by sending an email to [email protected].  

If you are seeking IT Compliance guidance and are from the UVA Health System, please contact [email protected].