Policies & Standards Issued by CIO

​The policies and standards listed below are issued by the West Virginia Office of Technology Chief Information Officer under the authority granted by the Legislature in WV Code Section 5A-6-4a and the Governor's Executive Order 6-06 and 3-17.


CSS# Standard Revised Date*
2018-1 Remote Access Authentication Issued: 08/01/2018
​2019-2 Advanced E-Mail Protections Revised: 08/01/2019
​2019-3 Payment Card Industry Data ​Security Revised: 04/17/2019
PO# Policy Name Revised Date*
​CIO-19-001 CIO Review Approval ​Issued: 08/01/2021
​SaaS WV Cloud-SaaS Procurement Addendum ​Issued: 11/01/2019
PO1002 Acceptable Use of Portable and/or Wireless Devices Revised: 10/21/2021
PO1010 Acceptable Use of State-Provided Instant Messaging Revised: 10/21/2021
PO1025 Accreditation and Certification Revised: 10/21/2021
PO1021 Account Management Revised: 10/21/2021
PO1014 Malicious Software/Anti-Virus Revised: 10/21/2021
PO1015 Change & Configuration Management Revised: 10/21/2021
​PO1033 ​Cloud Services - OneDrive for Business Revised: 12/22/2020

Contractor Management
     - Attachment A. Contractor Information Form
     - Attachment B. Employment Confirmation

Revised: 10/21/2021
PO1013 Data Backup and Retention Revised: 10/21/2021
PO1006 Data Classification Revised: 10/21/2021
PO1005 E-Mail Use Standards Revised: 10/21/2021
PO1023 E-Recycling -- See WV Admin Code Title 163 --
PO1008 Information Security Auditing Program Revised: 10/21/2021
PO1001 Information Security Policy Revised: 10/21/2021
PO1022 Internet Usage Revised: 10/21/2021
PO1000 IT Policy and Procedure Development Revised: 10/21/2021
PO1018 Network Violation Reporting Revised: 10/21/2021
PO1011 Media Protection Revised: 10/21/2021
​PO1003 ​Executive Branch Travel Policy ​Revis​ed: 10/20/2019
PO1017 Use of Social Media Revised: 10/21/2021
PO1019 Wireless Access Points Revised: 10/21/2021
PO1026 WVOT Monitoring Policy Revised: 10/21/2021

Technical Investigations

This procedure, along with the accompanying form, details the process for State Agencies to follow when requesting an investigation into any State employee’s technology-based activity. Supervisors and managers must follow this procedure to initiate investigations of persons using State equipment and systems submitting the required information at

Revised: 10/21/2021​

FOIA Request for Information

This form is for INTERNAL USE ONLY. Agencies are required to use this form to assist in the recovery of electronic data for FOIA requests. If you do not enter accurate or required information, we may be unable to fulfill your data request.


Vulnerability ​Scanning R​​​​equest Form

This form is for agencies that are not within the Executive Branch that wish to participate in the Vulnerability Scanning Service.

These policies apply to all Executive Branch Departments, Agencies and Commissions within the Governor's organizational structure. ​​​​​​​​​​​​