Security at William & Mary

The primary goal of William & Mary's Information Security program is to protect the information assets supporting the university's primary business functions.  The program is aligned with the ISO/IEC Information Security Standard (ISO 27002:2013) and has the following objectives:

  1. Identify, assess, and treat information security risks.
  2. Develop and communicate information security policies, standards, and guidelines.
  3. Promote an effective information security awareness and training program commensurate with the needs of the university.
  4. Secure W&M's information assets including hardware, software, data, and infrastructure.
  5. Provide identity management services for W&M's information systems.
  6. Maintain an Information Technology disaster recovery plan that meets the recovery time objectives set forth in the university COOPs.
  7. Manage and respond effectively to information security incidents.
  8. Support W&M compliance efforts related to IT and Information Security.

Information Security is Everyone's Responsibility!