U-M’s information security policy and 13 supporting standards balance protecting U-M information systems and data; maintaining an open environment for teaching, learning, and research; and ensuring the university's core missions and institutional priorities remain paramount. Each standard is supported by supplemental guidance and documentation to help units meet the minimum security requirements as identified in the policy and standards.
- Awareness, Training, and Education
Learn how you can do your part to reduce risks and increase the security of the university's sensitive data.
- Backup U-M Data
All U-M units and research programs on all campuses are required to backup university data.
- Disaster Recovery Management
Follow this guidance to determine the scope of required planning and use provided templates to help ensure everything is covered.
- Hardening Guides & Tools
Follow these instructions to ready your servers, databases, and applications to handle sensitive data.
- Information Security Risk Management
Identify, assess, and limit threats to the university’s most important information systems and data.
- Secure Coding and Application Security
Follow best practices and use testing services when developing and hosting applications that handle U-M data.
- Securely Dispose of U-M Data and Devices
Properly erase university devices for disposal or transfer.
- Security Log Management
Information captured by logs can be critical in supporting incident response or a forensic analysis in the event of a suspected data breach, IT security incident, or other legally mandated investigations.
- Third Party Vendor Security & Compliance
When you select a vendor, make sure they meet compliance requirements. Also include appropriate IT security and privacy agreements in your contract.
- Vulnerability Management
Vulnerability scans, alerts, and penetration testing help you know what to mitigate.