Security Policies, Standards and Procedures

Below is a list of security specific policies governing the use of the university's information systems. For a complete list of W&M IT policies, visit the IT Policies and Standards page.

Information Security Policy

This policy states the codes of practice with which the university aligns its information technology security program.

Acceptable Use Policy for Students

William & Mary students are expected to use the university's information systems appropriately and responsibly. This policy lists the activities which are prohibited and the potential disciplinary actions that the university may impose in response to policy violations.

Acceptable Use Policy for Faculty and Staff

University employees are responsible for the protection and proper use of university administrative data, third party proprietary information, and information systems according to the policy provisions set forth in this policy.

Email Policy

The purpose of this policy is to ensure that this critical service remains available and reliable, and is used for purposes appropriate to the university's mission.

Data Classification Policy

This document defines the university's system and data classification scheme and established procedures for protecting critical IT systems and sensitive university data processed, received, sent, or maintained by or on behalf of William & Mary.

Security Awareness and Training Policy

This document defines the university's requirements for administering a comprehensive security awareness and training program.

Access to Electronic Records Policy

This policy establishes the rules and procedures for providing access to electronic records owned by William & Mary, administered by the Information Technology department, and stored on or transmitted by William & Mary owned or leased computers and/or networks.

Questions?

Contact the Technology Support Center (TSC)
757-221-4357 (HELP) | [[support]] | Monday - Friday, 8:00 am - 5:00 pm