Policies & Standards Issued by CTO

The policies and standards listed below are issued by the West Virginia Office of Technology Chief Technology Officer under the authority granted by the Legislature in WV Code Section 5A-6-4a and the Governor's Executive Order 6-06 and 3-17.


CSS# Standard Revised Date*
2018-1 Remote Access Authentication Issued: 08/1/2018
PO# Policy Name Revised Date*
​18-001 New CTO Accelerated Approval Policy ​Issued: 12/10/2018
New CTO Accelerated Approval Policy Instructions and Form ​Issued: 12/10/2018
PO1002 Acceptable Use of Portable and/or Wireless Devices Revised: 09/1/2017
PO1010 Acceptable Use of State-Provided Instant Messaging Revised: 09/1/2017
PO1025 Accreditation and Certification Revised: 09/1/2017
PO1021 Account Management Revised: 09/1/2017
PO1014 Malicious Software/Anti-Virus Revised: 09/1/2017
PO1015 Change & Configuration Management Revised: 09/1/2017
​PO1033 ​Cloud Services - OneDrive for Business Revised: 09/1/2017

Contractor Management
     - Attachment A. Contractor Information Form
     - Attachment B. Employment Confirmation

Revised: 09/1/2017
PO1013 Data Backup and Retention Revised: 09/1/2017
PO1006 Data Classification Revised: 09/1/2017
PO1005 E-Mail Use Standards Revised: 09/1/2017
PO1023 E-Recycling -- See WV Admin Code Title 163 --
PO1008 Information Security Auditing Program Revised: 09/1/2017
PO1001 Information Security Policy Revised: 09/1/2017
PO1022 Internet Usage Revised: 09/1/2017
PO1000 IT Policy and Procedure Development Revised: 09/1/2017
PO1018 Network Violation Reporting Revised: 09/1/2017
PO1011 Media Protection Revised: 09/1/2017
PO1017 Use of Social Media Revised: 10/1/2017
PO1019 Wireless Access Points
PO1026 WVOT Monitoring Policy Revised: 09/1/2017

Technical Investigations

This procedure, along with the accompanying form, details the process for State Agencies to follow when requesting an investigation into any State employee’s technology-based activity. Supervisors and managers must follow this procedure to initiate investigations of persons using State equipment and systems submitting the required information at

Revised: 09/1/2017

FOIA Request for Information

This form is for INTERNAL USE ONLY. Agencies are required to use this form to assist in the recovery of electronic data for FOIA requests. If you do not enter accurate or required information, we may be unable to fulfill your data request.


Vulnerability Scanning Request Form

This form is for agencies that are not within the Executive Branch that wish to participate in the Vulnerability Scanning Service.

These policies apply to all Executive Branch Departments, Agencies and Commissions within the Governor's organizational structure.