Policies & Standards Issued by CTO

The policies and standards listed below are issued by the West Virginia Office of Technology Chief Technology Officer under the authority granted by the Legislature in WV Code Section 5A-6-4a and the Governor's Executive Order 6-06 and 3-17.


CSS# Standard Revised Date*
2018-1 Remote Access Authentication Issued: 08/01/2018
​2019-2 Advanced E-Mail Protections Revised: 08/01/2019
​2019-3 Payment Card Industry Data ​Security ​Revised: 04/17/2019
PO# Policy Name Revised Date*
​CTO-19-001 ​CTO Review Approval ​Issued: 08/01/2019
​SaaS WV Cloud-SaaS Procurement Addendum ​Issued: 11/01/2019
PO1002 Acceptable Use of Portable and/or Wireless Devices Revised: 03/01/2019
PO1010 Acceptable Use of State-Provided Instant Messaging Revised: 03/01/2019
PO1025 Accreditation and Certification Revised: 03/01/2019
PO1021 Account Management Revised: 03/01/2019
PO1014 Malicious Software/Anti-Virus Revised: 03/01/2019
PO1015 Change & Configuration Management Revised: 03/01/2019
​PO1033 ​Cloud Services - OneDrive for Business Revised: 03/01/2019

Contractor Management
     - Attachment A. Contractor Information Form
     - Attachment B. Employment Confirmation

Revised: 03/01/2019
PO1013 Data Backup and Retention Revised: 03/01/2019
PO1006 Data Classification Revised: 03/01/2019
PO1005 E-Mail Use Standards Revised: 03/01/2019
PO1023 E-Recycling -- See WV Admin Code Title 163 --
PO1008 Information Security Auditing Program Revised: 03/01/2019
PO1001 Information Security Policy Revised: 03/01/2019
PO1022 Internet Usage Revised: 03/01/2019
PO1000 IT Policy and Procedure Development Revised: 03/01/2019
PO1018 Network Violation Reporting Revised: 03/01/2019
PO1011 Media Protection Revised: 03/01/2019
PO1017 Use of Social Media Revised: 03/01/2019
PO1019 Wireless Access Points Revised: 03/01/2019
PO1026 WVOT Monitoring Policy Revised: 03/01/2019

Technical Investigations

This procedure, along with the accompanying form, details the process for State Agencies to follow when requesting an investigation into any State employee’s technology-based activity. Supervisors and managers must follow this procedure to initiate investigations of persons using State equipment and systems submitting the required information at

Revised: 03/01/2019

FOIA Request for Information

This form is for INTERNAL USE ONLY. Agencies are required to use this form to assist in the recovery of electronic data for FOIA requests. If you do not enter accurate or required information, we may be unable to fulfill your data request.


Vulnerability Scanning Request Form

This form is for agencies that are not within the Executive Branch that wish to participate in the Vulnerability Scanning Service.

These policies apply to all Executive Branch Departments, Agencies and Commissions within the Governor's organizational structure.