University of Virginia
Information Technology Policies
Unless otherwise noted, the following policies apply to the entire University community. Contact ispro@virginia.edu for clarification or to report violations, unless otherwise indicated.
Security and Data Protection
| Policy or Topic | Description | Contact or Additional Information |
|---|---|---|
| Administrative Data Access | Rules for access to administrative data, including definitions explaining what it is and the rules for using it. Employees who access University administrative data must use it according to the rules or risk disciplinary consequences. |
|
| Electronic Storage of Highly Sensitive Data | Strictly limits the circumstances under which highly sensitive data may be stored on individual-use devices and media. It further mandates that strict security requirements be met when highly sensitive data must unavoidably be stored on individual-use electronic devices or electronic media. |
|
| Electronic Data Removal | Explains rules and processes for removing data from electronic storage media being surplused, transferred or returned. University policy IRM-004. |
|
| Electronic Data Retention | Defines retention policies for electronic media (e.g., computer files). | |
| IT Security Incident Reporting | Establishes the requirement to report information technology security incidents to appropriate University officials so proper and timely response procedures can be initiated. University policy IRM-012. | |
| IT Security Risk Management | Explains the IT Security Risk Management Program, which itself explains existing risks and strategies for reducing or eliminating those risks. University policy IRM-003. |
|
| IT Security Program | States the codes of practice with which the University aligns its information technology security program to safeguard the institution’s computing assets in the face of growing security threats. This significant challenge requires a strong, persistent and coordinated program that leverages widely accepted, effective security practices appropriate for the higher education environment. University policy IRM-011. |
|
| Network Access for Third Parties | Explains the conditions under which third parties (e.g., vendors, consultants) are allowed direct access to the University network. |
|
| Social Security Number Initiative | Comprehensive initiative to phase out the use of Social Security numbers (SSNs) systematically wherever possible. |
|
| Security of Networked Devices | Explains all users’ responsibilities for maintaining the security of their devices on the University network. |
|
Responsible Use Policies
| Policy or Topic | Description | Contact or Additional Information |
|---|---|---|
| Responsible Computing Handbooks | Use of UVa IT resources is governed not only by the University’s own Standards of Conduct, Honor System, and Human Resources policies, but by local, state, and federal laws relating to copyrights, security, and other statutes regarding electronic media. Separate handbooks for students and faculty/staff explain these user responsibilities. | |
| Ethics in Computer Usage | Explains rules for maintaining privacy, confidentiality, and integrity of the computing environment while using resources appropriately. | |
| Mass Emailings | Explains rules and guidelines for sending mass emailings to University audiences. University policy IRM-006. |
|
| Obscene Material | Defines the University’s legal interpretation of obscene materials. | |
| Sexually Explicit Material | Defines state ban (and exemptions) on employee access to sexually explicit material via state equipment. | |
| State Use of Internet and Electronic Communication Systems Policy | Commonwealth of Virginia’s responsible use policy for state employees. | |
| Shared Computing Resources | Explains rules for using shared computing resources such as public labs. |
|
| Telecommuting | Promotes telecommuting as a means of achieving administrative efficiencies, reducing traffic congestion and transportation costs, improving productivity and job performance, supporting business continuity plans, and sustaining the hiring and retention of a highly qualified workforce by enhancing work/life balance without diminishing employee performance or service delivery. | |
| Website Advertising | The University’s Web pages must not be used for commercial purposes. University policy IRM-001. |
|
| Wireless Frequencies Use | Explains policy on wireless bandwidth usage for the 2.4 and 5.1 GHz radio frequencies. |
|
Copyright Policies
| Policy or Topic | Description | Contact or Additional Information |
|---|---|---|
| Copyright Infringement Response | Defines how the University responds to copyright complaints. |
|
| Copyright Protection | Defines what is protected by copyright on official University websites and how to go about reporting copyright violations. |
|
| Digital Copyright Protection | Defines policy regarding use of digital materials and copyright-protected software. |
|
Information Flow, Monitoring, & Standards
| Policy or Topic | Description | Contact or Additional Information |
|---|---|---|
| Accessibility to Information Technology | Sets forth standards and guidelines that reflect best practices for achieving the accessibility of information technology by persons with disabilities. University policy IRM-008. | |
| Employee Electronic Communication/File Monitoring and/or Review | Defines policy on institutional monitoring as well as employee electronic files or communications content review. |
|
| Information Access | It is UVa’s policy that the same standards and principles of intellectual and academic freedom used in university classrooms, libraries, and other aspects of university life be applied to access for the University community to resources available through computer networks. |
|
| Information Release | Defines the procedure to release information about users’ activities on our systems (e.g., legal requests for otherwise private information). |
|
| Information Technology Project Management | Establishes the common and consistent application of project management best practices in the management of IT projects and the delivery of IT solutions within budget, on schedule, within scope and in such a way as to best contribute to accomplishing the University’s strategic mission. University policy IRM-010. | |
| IT Infrastructure and Ongoing Operations | Establishes the nationally recognized codes of practice with which the University aligns its IT infrastructure, architecture and ongoing operations. University policy IRM-009. | |
| Use of Email for Official Communication with Students | Establishes email as the University’s official means of communication with students and sets forth obligations members of the University community have regarding email use for this purpose. | |
| Virginia.edu Privacy Statement | Defines what the University does with user information collected via its websites. |
|
Procedures
| Policy or Topic | Description | Contact or Additional Information |
|---|---|---|
| Applications and Data Services Work Requests | Describes the general process for submitting an ITS/Custom Applications and Consulting Services request. University policy IRM-002. | |
| Computing Accounts | Explains who can get an ITS account, how to do so, and when it expires. |
|
| Network Service Interruption Notifications | Defines ITS’s role in announcing activities that have known potential to interrupt access to networks or systems. |
|
| Software Site Licenses (ITS) | Explains how to request funding from ITS for application-software site licenses or volume purchases. |
|
