University Security Policies
Virginia Tech Policies and Guidelines
- Acceptable Use Guidelines
- Office of Student Conduct
- All University Policies
- IT Related Administrative Policies and Standards
IT Policies
| 7000 Acceptable Use of Computer and Communication Systems | This is a statement of policy regarding the use and administration of Virginia Tech computer and communication facilities, including those dealing with voice, data, and video. |
| 7010 Policy for Securing Technology Resources and Services | This policy will help ensure that all technology resources and services are as stable, secure and trustworthy as possible to help ensure security for individuals, departments, and the university. |
| 7025 Safeguarding Nonpublic Customer Information | This policy describes the University’s plan to implement the Safeguarding Standards promulgated by the Federal Trade Commission (FTC) in 16 CFR Part 314. |
| 7030 Policy on Privacy Statements on Virginia Tech Web Sites | This policy sets forth the required communications to developers and consumers of Virginia Tech web sites regarding the privacy of any information collected by the web site. |
| 7035 Privacy Policy for Employees' Electronic Communications | This policy defines the balance between the university’s business needs and respect for employees’ freedom of inquiry and expression with regard to electronic communications and computer resources owned or provided to employees by the university. |
| 7040 Personal Credentials for Enterprise Electronic Services | This policy instructs individuals affiliated with Virginia Tech and providers of Virginia Tech electronic services on the use of personal electronic credentials within the electronic enterprise systems of the university. |
| 7100 Administrative Data Management and Access Policy | This policy establishes uniform data management standards and identifies the shared responsibilities for assuring that the UEDB has integrity and that it efficiently and effectively serves the needs of the university. |
| 7105 Policy for Protecting University Information in Digital Form | The purpose of this policy is to safeguard university information from unauthorized disclosure and inappropriate use when used in digital form. |
| 7200 University IT Security Program | This policy documents the industry best practices with which the university will align its security activities. |
| 7205 IT Infrastructure, Architecture and Ongoing Operations | This policy establishes the nationally recognized codes of practice with which the university aligns its IT infrastructure, architecture, and ongoing operations. |
| 7210 IT Project Management | This policy furthers that goal by establishing the common and consistent application of project management best practices in the management of information technology (IT) projects. |
| 7215 IT Accessibility | This policy is established to support the Virginia Tech community in promoting equal access opportunity to information technology by the application of accessibility standards, guidelines, training, tools and methods consistent with higher education. |
| Security Standards for Social Security Numbers | This document is a companion to the Social Security Number Policy, Policy 1060. It provides standards for the care that needs to be taken with this sensitive data element. |
| Standard for Storing and Transmitting Personally Identifying Information | This standard addresses electronic storage and transmission of sensitive data that is personally identifying individuals affiliated with Virginia Tech. |
| Standard for Securing Web Technology Resources | The purpose of this standard is to establish the minimum security requirements for Web technologies at Virginia Tech that transmits or stores university information. |
| Standard for Protecting Sensitive University Information Used in Digital Form | The purpose of this standard is to provide steps that university employees must take to avoid inappropriate release of sensitive university information. |
| Standard for Administrative Data Management | The purpose of this standard is to specify the university personnel who occupy the roles of data trustees and data stewards, so that members of the university community who may have a need to access data, make corrections, or better understand data definitions and data sensitivity will have appropriate contact information. |
Federal Compliance Sites
| Family Educational Rights and Privacy Act (FERPA) | The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education. |
| Health Insurance Portability and Accountability Act (HIPAA) | The Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA, Title II) required the Department of Health and Human Services (HHS) to establish national standards for electronic health care transactions and national identifiers for providers, health plans, and employers. It also addressed the security and privacy of health data. |
| Gramm-Leach-Bliley Act (GLB Act) | The Financial Modernization Act of 1999, also known as the "Gramm-Leach-Bliley Act" or GLB Act, includes provisions to protect consumers’ personal financial information held by financial institutions. There are three principal parts to the privacy requirements: the Financial Privacy Rule, Safeguards Rule and pretexting provisions. |