IT Security

All IT investment proposals are subject to security reviews. These reviews are especially critical for enterprise-level technologies or other technology that impacts a large number of students, faculty and/or staff.

Data Classifications

The VCU Data Classification Standard policy provides the classification of all data generated, processed, stored, transmitted, or used by all VCU faculty, staff, contractors, and third party business partners on behalf of VCU. VCU data classification levels include Category I (Confidential and Regulated), Category II (Sensitive), and Category III (Public) information. 

The VCU Data Classification Tool may be used to determine the data classification category for IT projects and provide expectations of what to expect upon security reviews. 

Forms

All requests that handle Category I data must have the vendor complete the Higher Education Cloud Vendor Assessment Tool form. This must be submitted with investment requests.