6.3. UVa-Wise Policy Index

UVAW – 1	Firewall Configuration Policy – Configuration changes, documentation, stateful inspection, additional firewalls, review
UVAW – 2	System Configuration Policy – standards, vendor supplied defaults, documentation, review, systems containing sensitive information
UVAW – 3	Information Sensitivity Policy – administrative data, access, ownership, data responsibility roles
Appendix A	Definitions and Examples of Administrative Data Categories
Appendix B	Roles and Responsibilities Related to College Administrative Data
UVAW – 4	Encryption Policy – where and when to use encryption, type of encryption to be used
UVAW – 5	Anti-Virus Software Policy – software, updates, definitions
UVAW – 6	Operating System (OS) and Application Security Policy – updates, patches, fixes, documentation, back-out procedures
UVAW – 7	Unique Identifiers – unique user ID, password (identity) verification, background checks, contracts, encryption, user revocation, group/shared passwords, password complexity and rules
UVAW – 8	Physical Access to Sensitive Data Systems – access controls, data retention
UVAW – 9	Sensitive Data Access Tracking and Monitoring – access, auditing logs, event entries, system clocks and times, reviewing logs, audit trails
UVAW – 10	Periodic Testing of Security, Systems, and Processes – scans, penetration testing, IDS/IPS
UVAW – 11	Risk Management and Disaster Recovery Policy – completion and review of Risk Management/Disaster Recovery plans
UVAW – 12	Security Awareness Training and Communication Policy – training, documentation, communication methods
UVAW – 13	Information Technology Security Incident Handling Policy – Incident response procedures, teams, notification methods, involvement
UVAW – 14	Policy on Electronic Mail and Mass E-mail(s) – Listserves, appropriate uses, expectations, repercussions
UVAW – 15	University of Virginia’s College at Wise Monitoring/Review of Employee Electronic Communications or Files Policy – expectation of privacy; court orders; what, when and who can be monitored
Appendix A	Guidance for Vice Chancellors on University of Virginia’s College at Wise Policy on Monitoring/Review of Employee Electronic Communications or Files
UVAW – 16	Computer/Hard Drive Disposal Policy - To establish processes and procedures for the disposal of all computers and/or hard drives including but not limited to those containing sensitive data in any format including electronically and/or digitally
UVAW – 17	Change Management Policy and Form

*All UVa-Wise IT policies and standards that apply to The University of Virginia’s College at Wise are defined, approved by management, and communicated via the OIT website to the Wise Campus and Community. The CIO, IT Managers, and the IT Security and Policy Coordinator will meet annually to review, revise and approve all new and revised policies which will then be presented to the Senior Staff for approval. All approved policies will then be posted on the IT website within a week of approval.

Downloads

This page was: Helpful | Not Helpful

← State laws which apply to computing resources