IRM-009: University Information Technology Infrastructure, Architecture, and Ongoing Operations

Date: 06/09/2006 Status: Final
Last Revised: 09/08/2021
Policy Type: University
Oversight Executive: Vice President and Chief Information Officer
Applies To:

Academic Division, the Medical Center, and the College at Wise.

Reason for Policy:

It is critically important that the University of Virginia’s information technology (IT) infrastructure, architecture, and ongoing operations support the mission of the University of Virginia. To meet this need, decisions affecting these areas must reflect standards, guidelines, and practices found to be effective in the higher education environment. This policy establishes the nationally recognized codes of practice with which the University aligns its IT infrastructure, architecture, and ongoing operations.

Definition of Terms in Statement:
  • Terms:

    There are no terms that require definition.

Policy Statement:

The University maintains a list of specific standards and guidelines that should influence decisions affecting key components of its IT infrastructure, architecture, and operations. These standards and guidelines align with industry best practices, appropriately tailored for the specific circumstances of the University, as described by EDUCAUSE, Internet2, and others within higher education, as well as those from healthcare and selected technology industries. It is not the intent of this guidance to in any way inhibit research or other institutional endeavors that by their nature may require the use of cutting-edge technology not yet appropriate for normal use. The guidance is descriptive rather than prescriptive to achieve flexibility where needed. The ultimate goal is to create logical relationships between information technology resources and the mission of the University and its units.

This policy applies to all University information technology, whether owned and operated by the University, schools, or departments, or used for University business through contractual arrangements.

Information Technology Services has posted an overview of the framework for infrastructure, architecture, and ongoing operations, along with standards and guidelines. When decisions are made regarding IT infrastructure, architecture, and ongoing operations, the decision maker should consult this information for guidance.

Compliance with Policy:
Failure to comply with the requirements of this policy may result in (1) disciplinary action up to and including termination or expulsion in accordance with relevant University policies; and (2) the University taking measures that may impact the school, department, or unit. The University also recognizes that there may be business needs or academic pursuits that require deviation from this policy or the use of different standards. Any deviation from this policy or the use of different standards requires coordination with and approval from the Contact Office to remain compliant with the requirements of this policy.

Questions about this policy should be directed to the Office of the Vice President & Chief Information Officer.

Related Information:

The following is a sampling of higher education sources for IT best practices and evolving trends:

Center for Internet Security taps into the global IT community to help public and private organizations protect themselves against cyber threats. It provides both a prescriptive, prioritized, and simplified set of cybersecurity best practices and consensus-developed secure configuration guidelines for hardening various technologies as well as a community of practitioners to offer timely updates and advice.

The EDUCAUSE Center for Analysis and Research Working Groups helps educational institutions develop institutional strategies and plan their resource deployment in this emerging and evolving technological landscape and helps their users harness and optimize the power and capabilities of new integrated IT tools and systems for educational and research applications in higher education.

EDUCAUSE is a nonprofit association whose mission is to advance higher education by promoting the intelligent use of information technology.

Health Level Seven is an international standards-setting organization operating in the healthcare arena, specifically in the area of clinical and administrative data.

Internet2 develops and deploys advanced network applications and technologies for research and higher education, accelerating the creation of tomorrow's Internet.

The Postsecondary Electronic Standards Council is a non-profit association of colleges and universities; professional and commercial organizations; data, software, and service providers; and state and federal government agencies.

Policy Background:

The Commonwealth of Virginia Restructured Higher Education Financial and Administrative Operations Act of 2005 grants institutions additional authority over financial and administrative operations, on condition that certain commitments to the Commonwealth are met. The University of Virginia’s Management Agreement with the Commonwealth provides full delegated responsibility for management of the institution’s information technology infrastructure, architecture, and ongoing operations.

Major Category: Information Resource Management
Next Scheduled Review: 09/08/2024
Approved by, Date: Board of Visitors, 06/09/2006
Revision History: Updated 9/8/21; 5/15/14.