Trusted Service Provider (TSP) Resources

Because of its unique needs, Michigan Medicine has specific IT security standards that must be met according to Federal, State, and Organizational policies and regulations. The resources below are designed for Michigan Medicine employees managing IT systems or services, most commonly known as Trusted Service Providers (TSPs) and provide additional guidance on some of the most common Information Assurance (IA) processes TSPs will encounter.


I’m trying to…


  • Submit an MMIAR

    All IT systems connecting to organizational IT resources first need to be screened. Click here to review the Michigan Medicine Information Assurance Request (MMIAR) requirements and Vendor Selection information.


  • Manage IT Vulnerabilities

    All IT systems are routinely scanned for vulnerabilities. Click here for the process and requirements for reviewing and remediating vulnerabilities — or requesting exceptions for fixes that cannot be applied within the required timeframes.


  • Manage Risk Assessments

    All IT systems must periodically undergo updated risk (controls) assessments. Click here for the process and requirements for managing risk assessments.


  • Submit an RDR

    The Risk Decision Request (RDR) is how TSPs request to keep an IT system or service connected to Michigan Medicine IT resources when a vulnerability on that system cannot be resolved in the designated timeframe.


  • Review IA Portfolio

    Some IA:MM investments have direct (or downstream) impact on HITS and/or TSPs. Click here to learn more about in-flight projects and prioritized demands, as well as their anticipated organizational impacts.


  • Review IA Change & Release

    The IA Change & Release effort is a collaborative publication with IA partners (HITS & TSPs) to review minor IA process changes monthly. Click here for current and archived IA Change & Release Notes.