The Office of Internal Controls conducts an annual certification process for select U-M business areas. One of the certification areas is information assurance. Every fiscal year, units are asked to certify their level of compliance with a particular information assurance practice or process.
Security Unit Liaisons for each certifying unit should work with their unit's key administrative officer to ensure that their unit is prepared to answer the information assurance certification question.
Fiscal Year 2025 Question
U-M employees are expected to engage in regular data protection awareness, education, and training courses and campaigns, in accordance with the university policy Information Security (SPG 601.27) and IT standard Information Assurance Awareness, Training, and Education (DS-16). My unit promotes and/or provides data protection awareness and education.
Responses to FY25 Question
All units should be able to reply "Yes" or "Partially" to the question.
- Yes. My unit regularly promotes and/or provides data protection awareness and education at least annually.
- Partially. My unit occasionally promotes and/or provides data protection awareness and education.
- No. My unit does not promote and/or provide any data protection awareness and education.
Guidance for Responding to the FY25 Question
By participating in data protection awareness, training, and education, members of the U-M community help reduce the risk of data breaches, maintain compliance with applicable laws, regulations, contractual agreements, and U-M policies, and ultimately help protect U-M’s valuable digital assets.
University units have an important responsibility to provide data protection training and participate in the dissemination of educational and awareness materials to their staff and faculty.
When units fulfill this responsibility regularly, they promote data protection awareness and/or provide data protection training at least annually.
When units partially fulfill this responsibility, they promote data protection awareness and/or provide data protection training only occasionally.
Supporting Resources
ITS Information Assurance (IA) offers a range of resources that can help units fulfill their responsibility for providing regular data protection awareness and education.
- Training. Data protection training courses are listed on the Education page of the Safe Computing website. They can be taken on demand, such as the Safe Computing Curriculum, or assigned to unit staff members who access sensitive institutional data as part of their jobs, such as the newly-developed online course DPE110: Data Protection for Unit IT.
- Articles. Monthly articles in Michigan IT News and quarterly content from the Safe Computing Newsletter are available to units to cascade as appropriate to their staff, faculty, and students.
- Posters, Videos, and Social Media. IA maintains a media library of ready-to-share videos and posters, as well as an active presence on social media under umichTECH.
- Events. IA hosts events that promote data protection awareness and skills and we invite units to share them widely and encourage attendance. In addition to the resources listed above, ITS Information Assurance is available to work with units on customized training and awareness materials. Please reach out to your unit’s Security Unit Liaison to discuss needs and explore options.