As Virginia Tech's portfolio of services and business processes expand, it's essential that policies keep pace to ensure secure, reliable, and appropriate access.

In April 2024, Virginia Tech enacted major revisions to university Policy 7040: Enterprise Identity and Access Management, which governs university functions including digital identities, authenticators, and authorizations for all entities affiliated with the university. This policy is important not only to ensure the confidentiality and integrity of university data, but also to comply with federal and state law.

Originally, Policy 7040 was crafted to manage the central digital identity credential of the personal identifier (PID) and password. However, the scope and complexity of personal identifiers and credentials used at Virginia Tech has expanded over the years, necessitating a comprehensive revision of the policy. 

With this update, Policy 7040 now governs all identity and access management (IAM) capabilities for Virginia Tech’s enterprise functions, and the multiple ways in which Virginia Tech identifiers are created, used, and managed, providing space for access management and identity lifecycle standards in the university's policy landscape. Broadening the scope of the policy provides the flexibility that will enable the university to develop additional standards for both identity management and for the dissemination of identity data, both now and in the future.