ITS Security

This page is intended to help users understand W&L security policies, data‑handling requirements, and user responsibilities, regardless of the technology being used.

Before using an AI tool, consider the type of information you are sharing. Confidential data should never be entered into AI tools. Sensitive internal information should only be used with caution, without identifying details, and only in W&L‑approved AI systems. Public information is generally safe to use.

When in doubt, if you wouldn't post it on the internet, don't paste it into AI.

Chart that describes Classifications, Data Types and How to Use. High Risk Confidential SSNs, health/medical data, student records, financial accounts, etc. Use strong encryption and restrict data input to W&L‑approved systems Moderate Risk Sensitive Internal operations data & controls, contractual or licensing information Take care when storing or sending via email, use caution and limit use to W&L‑approved systems Low Risk Public University publications, public directory info, campus maps Safe to share, control only to prevent alteration/misuse, low risk for general applications

icon of a terms sheet

Technology Terms of Service

These Terms explain how everyone at W&L is expected to use the university's technology and network services. When you use W&L systems-like the Wi‑Fi, computers, websites, or apps, you're agreeing to follow W&L policies and applicable laws. In short, use these services responsibly and appropriately, just as outlined in W&L's rules and policies.

View the Current Technology Terms of Service

icon of a clipboard with W&L trident

Information Security Plan

The goal of ITS's Information Security Plan is to help protect W&L's technology and data so the university can safely support teaching, learning, and daily operations. ITS does this by making sure information stays confidential, accurate, and accessible when needed. The Chief Information Security Officer (CISO) leads these efforts. The plan focuses on five main areas: managing risks, responding to security incidents, educating the community, setting policies, and using tools to stay compliant.

View the Information Security Plan

icon of a clipboard with star ribbon

Baseline Security Standards

To keep our network running smoothly and securely, we follow a few basic standards. Only authorized staff should manage major university systems, and those systems must be kept updated and protected from unauthorized access. Personal devices aren't guaranteed to work on the W&L network, but if you do connect one, it must be secure and must not put other systems or data at risk.

View the Baseline Security Standards

icon of a shield with a check mark

Security Safeguards for IT Resources

Washington and Lee is committed to keeping our technology and data secure, supported by our Information Security Program and university policies. You can help by keeping your devices and software updated, being cautious with unexpected email attachments-even from people you know-and avoiding the storage of confidential information on laptops or portable devices unless it's encrypted. This includes things like USB drives, external hard drives, and phones.

View Security Safeguards for IT Resources

icon of a page with a money sign

Financial Information Security

W&L requires everyone to protect financial information and follow all laws and university policies that keep this data secure. This program explains how to handle confidential financial data and includes extra protections when federal or state regulations require them. Anyone who works with financial information must keep it private, follow security rules, and comply with all laws that protect sensitive data.

View the Policy for Financial Information Security

icon of a clipboard with magnifying glass

Risk Assessment Guidelines

Risk assessments help identify potential threats, vulnerabilities, and the effectiveness of existing safeguards that protect the University's information assets. Risk management then uses these findings to determine which protections are needed, implement them, and monitor their ongoing effectiveness. This document offers a structured framework to guide the assessment process and support the development of a strong, well‑informed risk management plan.

View ITS Risk Assessment Guidelines

icon of a clipboard with pencil

Services and Regulated Data Types

This guide is meant to help you quickly see which W&L services are approved for different types of regulated data. A "Yes" means it's generally okay to use that service with the data type-as long as your data steward and department policies also allow it. A "No" means the service cannot be used with that data type, and you should not send, store, or share that information using that tool.

View the Services and Regulated Data Types Chart

icon of a file folder and lock

Confidentiality Policy

W&L stores confidential information to support daily operations, and laws require the University to protect it. This policy reminds employees, student workers, and volunteers that they are responsible for safeguarding any confidential information they access while doing their work.

View W&L's Confidentiality Policy