While the word "compliance" can take on a few different meanings depending on its use, what we mean by it is, "doing what is expected of you, in your role, by policy and law".  For example, consider the Digital Millenium Copyright Act (DMCA).  To be DMCA-compliant as an internet user, you must not infringe on lawful copyrights by illegaly downloading or sharing protected material, or by interfering with the protective controls over that material.  Not infringing on protected material is what is expected of you in your role as an internet user.

We understand that compliance is not always straightforward and easy to understand.  The items under this tab are resources to assist you in navigating the compliance information that is relevant to you in order to help guide you towards compliance in your role within the UVA community.

Contracts: Data Protection Addendum

University Information Security (InfoSec) worked in partnership with Audit, University Procurement Services, Medical Center Procurement, University Counsel, and Health System Computing Services to develop a standard set of data security, privacy and audit terms and conditions for University contracts with firms that must create, obtain, transmit, use, maintain, process, or dispose of institutional data in order to fulfill their contractual obligations.

Data Protection and Purchasing 

A brief FAQ that covers the data protection requirements that apply to purchasing.


Resources for the UVA community to better understand the DIgital Millennium Copyright Act (DMCA) and how the University responds to alleged instances of illegal sharing that are detected on its network.

Faxes and HSD

A brief FAQ that covers sending or receiving faxes containing highly sensitive data from a remove (i.e., off-Grounds) location

Information Security Risk Management Program

The University of Virginia is committed to preventing incidents that may impact the confidentiality, integrity, and availability of information resources.

Source URL: