Info for... William & Mary
William & Mary W&M menu close William & Mary

Security Policies

Below is a list of security specific policies governing the use of the university's information systems. For a complete list of W&M IT policies, visit the IT Policies and Standards page. 

Information Security Policy 

This policy states the codes of practice with which the university aligns its information technology security program.

Acceptable Use Policy for Students 

William & Mary students are expected to use the university's information systems appropriately and responsibly. This policy lists the activities which are prohibited and the potential disciplinary actions that the university may impose in response to policy violations. 

Acceptable Use Policy for Faculty and Staff

University employees are responsible for the protection and proper use of university administrative data, third party proprietary information, and information systems according to the policy provisions set forth in this policy.

The purpose of this policy is to ensure that this critical service remains available and reliable, and is used for purposes appropriate to the university's mission.
Data Classification Policy

This document defines the university's system and data classification scheme and established procedures for protecting critical IT systems and sensitive university data processed, received, sent, or maintained by or on behalf of William & Mary. 

 Security Awareness and Training Policy

This document defines the university's requirements for administering a comprehensive security awareness and training program.

Data Encryption Standard 

Encryption when combined with appropriate access controls is an important technology for protecting the confidentiality and integrity of university data. These guidelines help illustrate when encryption is necessary for protecting sensitive university data. 

Electronic Communications and Social Media Policy 

This policy ensures the appropriate, responsible, and safe use of electronic communications and social media by employees of the university. This policy establishes minimum standards for all state employees. 

Access to Electronic Records Policy 

This policy establishes the rules and procedures for providing access to electronic records owned by the university of William & Mary, administered by the Information Technology department, and stored on or transmitted by William & Mary owned or leased computers and/or networks.

Removal of Data from Electronic Media Standard 

This policy requires that all data on computers and other electronic devices be erased or rendered inaccessible by destruction of the media. The standard stipulates that when data is erased from electronic devices it must be done in accordance with the Department of Defense's standard for data wiping. 


Contact the Technology Support Center (TSC)
757-221-4357 (HELP) | [[support]] | Monday - Friday, 8:00 am - 5:00 pm