Policies

The following OIT security policies establish a baseline for information security and risk management activities for the University and are based on the COV ITRM SEC530 and SEC514 Standards and defines the minimum acceptable level of information security and risk management activities that the University must implement.

It is the User's responsibility to ensure they familiarize themselves with these policies. Questions should be directed to the University Information Security Officer.

Office of Information Technology & SUPPORTING Policies

32-01 - Acceptable Use of Technological Resources
32-02 - Data Classification Policy

The following policies are currenlty under review and/or replacement.

32-8-2 Information Security Roles and Responsibilities
32-8-3 Business Impact Analysis
32-8-7 Security Audits

RECORDS MANAGMENT SCHEDULES

33-04 - University Records Management

Schedules can be found at http://www.lva.virginia.gov/agencies/records/sched_state/index.htm.

Common records can be found under the following General Schedules:
GS-101: General Administration, Contracts and Purchasing
GS-102: Finance & Accounting
GS-103: Human Resources/Personnel
GS-106: Building & Maintenance
GS-111: Academic Departments, Athletics, Housing, Research, Student Affairs, Student Financial, Student Registration, University Development
GS-113: Information Technology
GS-120: Health

32.8 Security Control Catalog

32.8.100 Access Control

BOV #38-02 (2020) - Logical Access Control Policy
BOV #38-08 (2022) Remote Wireless and Mobile Access Policy