Below is a list of security specific policies governing the use of the university's information systems. For a complete list of W&M IT policies, visit the IT Policies and Standards page.
This policy states the codes of practice with which the university aligns its information technology security program.
William & Mary students are expected to use the university's information systems appropriately and responsibly. This policy lists the activities which are prohibited and the potential disciplinary actions that the university may impose in response to policy violations.
University employees are responsible for the protection and proper use of university administrative data, third party proprietary information, and information systems according to the policy provisions set forth in this policy.
This document defines the university's system and data classification scheme and established procedures for protecting critical IT systems and sensitive university data processed, received, sent, or maintained by or on behalf of William & Mary.
Encryption when combined with appropriate access controls is an important technology for protecting the confidentiality and integrity of university data. These guidelines help illustrate when encryption is necessary for protecting sensitive university data.
This policy ensures the appropriate, responsible, and safe use of electronic communications and social media by employees of the university. This policy establishes minimum standards for all state employees.
This policy establishes the rules and procedures for providing access to electronic records owned by the university of William & Mary, administered by the Information Technology department, and stored on or transmitted by William & Mary owned or leased computers and/or networks.
This policy requires that all data on computers and other electronic devices be erased or rendered inaccessible by destruction of the media. The standard stipulates that when data is erased from electronic devices it must be done in accordance with the Department of Defense's standard for data wiping.