Policies & Standards
Information Technology Policies at Virginia Tech
University numbered policies are statements of management philosophy and direction, established to provide direction and assistance to the university community in the conduct of university affairs. Division of Information policies and standards are managed using the IT Policy Process maintained by it.policy@vt.edu. Policies are listed by policy number on the university policy page. Standards, like other university procedures, are statements that prescribe specific actions to be taken to conform to established policies, allowing for the orderly implementation of those policies. Standards require compliance. Guidelines are recommendations important to carrying out policies and standards as well as other activities. Guidelines are advisory rather than mandatory.
University numbered policies in the topical area of information technology are listed in the 7000-series. (https://www.policies.vt.edu/PolicyLibrary). These policies are further classified by the subjects in the list below, along with related policies and standards.
- Acceptable use
- Security and data protection
- Identity management
- Data administration and transparency
- Infrastructure, architecture, and ongoing operations
- Project management, acquisition, and deployment
- Accessibility
POLICIES AND STANDARDS BY SUBJECT
ACCEPTABLE USE
University numbered policies
- 7000 - Acceptable Use and Administration of Computer and Communication Systems
- 4082 - Appropriate Use of Electronic Personnel and Payroll Records
- 4325 - Alternate Work Site and Telework Policy
- 5215 - Sales, Solicitation and Advertising on Campus
Commonwealth of Virginia policies
Standards
SECURITY AND DATA PROTECTION
University numbered policies
- 7010 - Policy for Securing Technology Resources and Services
- 7025 - Safeguarding Nonpublic Customer Information
- 7030 - Policy on Privacy Statements on Virginia Tech Web Sites
- 7035 - Privacy Policy for Employees' Electronic Communications
- 7105 - Policy for Protecting University Information in Digital Form
- 7200 - University Information Technology Security Program
Standards
- DoIT Facilities Physical Security Standard
- Virginia Tech IT Risk Assessment Standard
- Virginia Tech IT Vendor Risk Assessment Standard
- University Computer Administrator Access Standard
- Standard for Securing Web Technology Resources
- Virginia Tech Risk Classifications
- Minimum Security Standards
- Standard for High Risk Digital Data Protection
- Standard for Information Technology Logging
- Standard for Delegated Authority for Procurement of Low-Risk Software and IT Services
IDENTITY MANAGEMENT
University numbered policies
Standards
- Standard for University Enterprise Electronic Login Credentials
- Standard for Personal Digital Identity Levels of Assurance
DATA ADMINISTRATION AND TRANSPARENCY
University numbered policies
Standards
- Standard for administrative data management -- Navigate through this standard by searching for keywords or terms (for example--SSN, SCHEV, Hokie Passport)
- Simplified web-page version of Administrative Data Domains
Guidelines
INFRASTRUCTURE, ARCHITECTURE, AND ONGOING OPERATIONS
University numbered policies
Standards
PROJECT MANAGEMENT
University numbered policies
Standards
ACCESSIBILITY
University numbered policies
Standards
Guidelines
VIRGINIA TECH CERTIFICATION AUTHORITY
The Virginia Tech Certification Authority (VTCA) provides a digital certificate service to the campus community. Digital certificates are electronic identity credentials that use encryption to support secure access to a large number of web services and applications. The governing documents for the VTCA are located at www.pki.vt.edu/policy. The VTCA has outsourced its SSL/TLS certificate issuance to the InCommon CA. Its governing documents are located at https://www.incommon.org/certificates/repository/.
FEDERATED IDENTITY MANAGEMENT
Virginia Tech participates in federated identity management, allowing services provided by other institutions to authenticate and authorize Virginia Tech individuals securely and with appropriate protection of confidentiality.