HomePolicies & SecurityPoliciesUVa-Wise Policy Index

6.3. UVa-Wise Policy Index

UVAW – 1

Firewall Configuration Policy – Configuration changes, documentation, stateful inspection, additional firewalls, review

UVAW – 2

System Configuration Policy – standards, vendor supplied defaults, documentation, review, systems containing sensitive information

UVAW – 3

Information Sensitivity Policy – administrative data, access, ownership, data responsibility roles

Appendix A

Definitions and Examples of Administrative Data Categories

Appendix B

Roles and Responsibilities Related to College Administrative Data

UVAW – 4

Encryption Policy – where and when to use encryption, type of encryption to be used

UVAW – 5

Anti-Virus Software Policy – software, updates, definitions

UVAW – 6

Operating System (OS) and Application Security Policy – updates, patches, fixes, documentation, back-out procedures

UVAW – 7

Unique Identifiers – unique user ID, password (identity) verification, background checks, contracts, encryption, user revocation, group/shared passwords, password complexity and rules

UVAW – 8

Physical Access to Sensitive Data Systems – access controls, data retention

UVAW – 9

Sensitive Data Access Tracking and Monitoring – access, auditing logs, event entries, system clocks and times, reviewing logs, audit trails

UVAW – 10

Periodic Testing of Security, Systems, and Processes – scans, penetration testing, IDS/IPS

UVAW – 11

Risk Management and Disaster Recovery Policy – completion and review of Risk Management/Disaster Recovery plans

UVAW – 12

Security Awareness Training and Communication Policy – training, documentation, communication methods

UVAW – 13

Information Technology Security Incident Handling Policy – Incident response procedures, teams, notification methods, involvement

UVAW – 14

Policy on Electronic Mail and Mass E-mail(s) – Listserves, appropriate uses, expectations, repercussions

UVAW – 15

University of Virginia’s College at Wise Monitoring/Review of Employee Electronic Communications or Files Policy – expectation of privacy; court orders; what, when and who can be monitored

Appendix A

Guidance for Vice Chancellors on University of Virginia’s College at Wise Policy on Monitoring/Review of Employee Electronic Communications or Files

UVAW – 16

Computer/Hard Drive Disposal Policy - To establish processes and procedures for the disposal of all computers and/or hard drives including but not limited to those containing sensitive data in any format including electronically and/or digitally

UVAW – 17

Change Management Policy and Form

*All UVa-Wise IT policies and standards that apply to The University of Virginia’s College at Wise are defined, approved by management, and communicated via the OIT website to the Wise Campus and Community. The CIO, IT Managers, and the IT Security and Policy Coordinator will meet annually to review, revise and approve all new and revised policies which will then be presented to the Senior Staff for approval. All approved policies will then be posted on the IT website within a week of approval.


This page was: Helpful | Not Helpful