Requesting Addition of a Service to the Sensitive Data Guide

To request that a service be added to the Sensitive Data Guide,  contact the ITS Service Center and provide the information listed below. The service should be widely used at U-M. The Sensitive Data Guide is not intended to be a service catalog, and it does not include all services provided at the university. 

Information Assurance (IA) staff will  work with you on an entry for the item if appropriate. Please allow several weeks for the process.

  • Service description. Explain what the service is and what it is used for.
  • Description of compliance. List the service's security safeguards, particularly those that make it compliant with sensitive data regulations. Provide details about what types of sensitive data can and cannot be safely stored in/used with the service and explain why or why not.
  • Links to information about the service. Provide a link to the service's homepage and any relevant documentation.
  • Links to additional resources. Provide any additional links that you think would be helpful to users.
  • RECON results? Has an IT security risk analysis (RECON) been conducted for the service? If so, please provide details.
  • Vendor Security & Compliance Assessment? If the service is provided by a vendor, has a Vendor Security & Compliance Assessment been done? If so, please provide details.
  • Business Associate Agreement? If the service is provided externally, has the provider signed a U-M Business Associate Agreement? If so, please provide details.