Glossary
Become familiar with terms seen frequently in IT's Policies & Standards pages.
- Contingency Planning: a proactive process to prepare for and recover from disruptions to IT services.
- Continuity of Operations and Disaster Recovery Plan (IT COOP/DR): the documented processes involved in supporting continued operations during a disruptive event and restoring critical IT systems and data afterward.
- Critical system: a system deemed critical to support the university’s mission critical operations. These are systems identified as highest priority for restoration during a disaster scenario.
- IT Project: A project with a primary purpose to create or enhance a unique information technology product or service. Research projects, research initiatives and instructional programs are not included in the scope of this policy.
- IT Risk: the potential for adverse impacts on IT services and data due to vulnerabilities, threats, or system failures.
- Mission Essential Function (MEF): a university function vital to the university's continued operation, ven during an emergency or disaster scenario.
- Non-person (system/service) account: an account assigned to a system or service that accesses, transmits or edits data, system configurations or computer programs.
- Non-Sensitive data: information that may or must be open to the general public. It is defined as information with no existing local, national or international legal restrictions on access or usage. By way of illustration only, some examples of Non-Sensitive data include:
- Publicly posted press releases
- Publicly posted schedules of classes.
- Publicly posted interactive university maps, newsletters, newspapers, and magazines.
- Public announcements, advertisements, directory information, and other freely available data on university websites.
- PMI: Project Management Institute
- Privileged user account: an account assigned to an individual with responsibilities for administering information technology services or systems. These accounts generally have elevated permissions to perform tasks that, if unauthorized, could potentially compromise the security of systems and data or disrupt operations.
- Project: A temporary endeavor undertaken to create a unique product, service or result (PMBOK, 2021 edition).
- Project Management: The application of knowledge, skills, tools, and techniques to mitigate risk, control budget and manage scope of tasks.
- Protected Data: information that is protected by statutes, regulations, university policies or contractual language but which does not carry the same level of risk as Sensitive and Personally Identifiable Information. By way of illustration only, some examples of Protected Data include:
- Student educational records protected by the Family Educational Rights and Privacy Act (FERPA). Under FERPA, education records are any documents, files, and/or other materials that contain information directly related to a student, are personally identifiable to that student, and are maintained by the university or a university agent. These records include but are not limited to grades, transcripts, class lists, student course schedules, contact and family information, student health records, student financial information (at the postsecondary level), and student discipline files. The information may be recorded in any way, including, but not limited to, handwriting, print, computer media, videotape, audiotape, film, microfilm, microfiche, and e-mail.
- FERPA designates several types of records that are exceptions to this definition, including law enforcement records and medical and treatment records. For more detailed information contact the University Registrar at [email protected] or visit the webpage Student Records Privacy Policy and Notification of Rights under FERPA
- Personal information or giving history collected from a donor, alumnus, or another individual
- Employment or non-identifiable personnel data
- Banner 93 numbers
- Performance evaluations
- Student educational records protected by the Family Educational Rights and Privacy Act (FERPA). Under FERPA, education records are any documents, files, and/or other materials that contain information directly related to a student, are personally identifiable to that student, and are maintained by the university or a university agent. These records include but are not limited to grades, transcripts, class lists, student course schedules, contact and family information, student health records, student financial information (at the postsecondary level), and student discipline files. The information may be recorded in any way, including, but not limited to, handwriting, print, computer media, videotape, audiotape, film, microfilm, microfiche, and e-mail.
- Recovery Point Objective: a maximum amount of data loss that is acceptable.
- Recovery Time Objective: maximum amount of time it should take to restore normal operations after a failure.
- Sensitive system: a system that stores or processes data classified as protected or sensitive in the university’s Data Classification and Protection policy.
- Sensitive Data: iinformation considered highly confidential or personal information protected by statutes, regulations, university policies or contractual language which, if exposed or breached, could result in legal damages, fines/penalties, identify theft and/or financial fraud.
- Sensitive and personally identifiable information includes any data that can be used to distinguish or trace an individual's identity, either alone or when combined with other information. Examples include a name, home address, email address, social security number, driver's license number, bank account number, passport number, date of birth, biometrics such as fingerprints, or information that is linked or linkable to an individual such as medical, educational, financial, and employment information.
- Information such as gender, race, religion, and marital status are typically not considered PII alone. However, this information should still be treated as sensitive because it could identify an individual when combined with other data.
- Specific examples of sensitive and personally identifiable information include:
- Social security numbers
- Driver's license numbers
- Credit/debit card numbers
- Passport numbers
- Taxpayer identification numbers
- Federal ID numbers
- Student financial aid data
- Employee health records
- Financial data that informs the university’s end-of-year financial statements
- System account credentials
- Sensitive data does not include information in the William & Mary directory or data that is made public by the university. Furthermore, the university has no obligation to protect an individual’s personal information if the personal information is provided to a third-party by another supplier without the involvement of the university.
- User account: an account assigned to a currently active staff member, student, or university affiliate for the purpose of accessing information technology services and systems
Questions?
Contact the Technology Support Center (TSC)
757-221-4357 (HELP) | [email protected] | Monday - Friday, 8:00 am - 5:00 pm