Virginia Tech® home

Policies & Standards

Information Technology Policies at Virginia Tech

University numbered policies are statements of management philosophy and direction, established to provide direction and assistance to the university community in the conduct of university affairs. Division of Information policies and standards are managed using the IT Policy Process maintained by it.policy@vt.edu. Policies are listed by policy number on the university policy page. Standards, like other university procedures, are statements that prescribe specific actions to be taken to conform to established policies, allowing for the orderly implementation of those policies. Standards require compliance. Guidelines are recommendations important to carrying out policies and standards as well as other activities. Guidelines are advisory rather than mandatory.

NEW AND UPDATED

New or recently (within 3 months) updated policies or standards will be listed here for notification of changes to be aware of or new policies taking effect. Updates and changes shown in this section incorporate feedback obtained during the April-June IT policy review. Thank you to our many stakeholders who provided feedback. 

  1. August 2025 - NEW IT Standards template: As IT Standards are updated, they will be using a new template that includes our Division logo at the top and a Compliance and Enforcement section.
  2.   August 2025 - NEW IT Glossary of terms: As new IT Standards and policies get updated, the “Definitions” section will link to a comprehensive Glossary of IT terms, so there will be a single source of definitions for words and phrases used in our policies and standards. (See also the Division of IT acronyms glossary.) 
  3.  August 2025 - UPDATED: The former Virginia Tech IT Vendor Risk Assessment Standard has been renamed to IT Vendor Risk Management Standard and: 
    •  Clarified party responsible for classifying software system risk level in section 2.1. 
    •  Expanded on the functions offered by using Third Party Risk Management (TPRM) service 2.1. 
    •  Specified the evidence required for annual review for systems that manage SSNs in section 2.5.
  4. Standard for Archiving Canvas Courses

University numbered policies in the topical area of information technology are listed in the 7000-series. (https://www.policies.vt.edu/PolicyLibrary). These policies are further classified by the subjects in the list below, along with related policies and standards.

POLICIES AND STANDARDS BY SUBJECT

ACCEPTABLE USE

University numbered policies

Commonwealth of Virginia policies

Standards

SECURITY AND DATA PROTECTION

University numbered policies

Standards

IDENTITY MANAGEMENT

University numbered policies

Standards

DATA ADMINISTRATION AND TRANSPARENCY

University numbered policies

Standards

Guidelines

INFRASTRUCTURE, ARCHITECTURE, AND ONGOING OPERATIONS

University numbered policies

Standards

PROJECT MANAGEMENT

University numbered policies

Standards

ACCESSIBILITY

University numbered policies

Standards

Guidelines

VIRGINIA TECH CERTIFICATION AUTHORITY

The Virginia Tech Certification Authority (VTCA) provides a digital certificate service to the campus community. Digital certificates are electronic identity credentials that use encryption to support secure access to a large number of web services and applications. The governing documents for the VTCA are located at www.pki.vt.edu/policy. The VTCA has outsourced its SSL/TLS certificate issuance to the InCommon CA. Its governing documents are located at https://www.incommon.org/certificates/repository/.

FEDERATED IDENTITY MANAGEMENT

Virginia Tech participates in federated identity management, allowing services provided by other institutions to authenticate and authorize Virginia Tech individuals securely and with appropriate protection of confidentiality.