The revised Information Security policy (SPG 601.27) was approved and published, along with a number of new information technology standards, over the summer. The policy and accompanying standards represent the most comprehensive revision of the institution’s information security program since its inception over a decade ago.
Information Assurance (IA) sent email to Security Unit Liaisons (SULs) in late October asking them each to facilitate and coordinate their unit’s implementation planning. Implementation will be phased in over the next two years, with an anticipated compliance date of December 31, 2020.
"Information security is a shared responsibility," said Sol Bermann, U-M’s chief privacy officer and interim chief information security officer. "The IA team looks forward to working with units across the university to support implementation, interpreting the policy and standards, and receiving feedback along the way.
"The Information Assurance team will work with and support all U-M campuses and Michigan Medicine as we work towards implementation," said Bermann. IA staff members are meeting with university stakeholders, IT governance groups, and others to outline the implementation planning process.
Watch for announcements soon of some general implementation planning meetings that are now being scheduled across the university. If you'd like an individual implementation planning meeting with IA staff, send your request to email@example.com. In the meantime, check out the information being added to Safe Computing to support implementation under Protect Your Unit’s IT. And if you have suggestions or feedback, please send them to firstname.lastname@example.org.
"We appreciate your support as everyone works together to improve IT security and compliance," said Bermann.