Skip to header Skip to main navigation Skip to main content Skip to sidebar Skip to footer

IT Governance

Technology Services

  1. Home
  2. Security

IT Security

All IT investment proposals are subject to security reviews. These reviews are especially critical for enterprise-level technologies or other technology that impacts a large number of students, faculty and/or staff.

Data Classifications

The VCU Data Classification Standard policy provides the classification of all data generated, processed, stored, transmitted, or used by all VCU faculty, staff, contractors, and third party business partners on behalf of VCU. VCU data classification levels include Category I (Confidential and Regulated), Category II (Sensitive), and Category III (Public) information. 

The VCU Data Classification Tool may be used to determine the data classification category for IT projects and provide expectations of what to expect upon security reviews. 

VCU Data Classification Tool

Data security-related forms

All requests must have the vendor complete the Higher Education Cloud Vendor Assessment Tool form. This must be submitted with your investment proposal.

Higher Education Cloud Vendor Assessment Tool

IT Security related policies


For questions regarding IT Governance or the procurement process, contact

For questions regarding IT security, contact

For questions regarding accessibility, contact the EIT Accessibility Coordinator.

View graphic versionView graphic version