UW Information Technology


Purpose: Hardware, information systems and data are protected from unintended or unauthorized access, change or destruction. Security also includes protection from unplanned events and natural disasters.


  • Protect information according to University policies using cost-effective access controls.
  • Make decisions based on the classification and value of assets.
  • Secure the boundaries between architectural components.
  • Consider malicious threats and accidental misuse.
  • Ensure confidentiality, integrity and availability of information.
  • Control access using authentication and authorization.
  • Manage University risk.

Achieving this Guiding Principle

Best Practice
Systems are designed with appropriate controls to protect data confidentiality, integrity, and availability based on asset, value, and risk.
Applications and services log all impersonation requests.
Impersonation requests do not include user passwords.