U-M’s information security policy and 13 supporting standards balance protecting U-M information systems and data; maintaining an open environment for teaching, learning, and research; and ensuring the university's core missions and institutional priorities remain paramount. Each standard is supported by supplemental guidance and documentation to help units meet the minimum security requirements as identified in the policy and standards.
Unit Security Checklists are available to help you make incremental improvements to the security posture of your unit and the university.
- Access, Authorization, and Authentication
Ensure that the right people have the right access to the right things at the right time while applying appropriate security controls.
- Awareness, Training, and Education
Tips, training, and more that you can use and share to help you protect sensitive university data as well as your own personal information.
- Back Up U-M Data
All U-M units and research programs on all campuses are required to backup university data.
- Disaster Recovery Management
Follow this guidance to determine the scope of required planning and use provided templates to help ensure everything is covered.
Use encryption to protect data from accidental exposure, theft, or compromise.
- Hardening for U-M Systems
Follow these instructions to ready your servers, databases, and applications to handle sensitive data.
- Information Security Risk Management
Identify, assess, and limit threats to the university’s most important information systems and data.
- Network Security Management
Ensure the confidentiality and integrity of data in transit over IT networks.
- Physical Security
Create a secure physical environment for IT systems to reduce the risk of theft or loss of U-M data.
- Secure Coding and Application Security
Follow best practices and use testing services when developing and hosting applications that handle U-M data.
- Securely Dispose of U-M Data and Devices
Properly erase university devices for disposal or transfer.
- Security Log Management
Information captured by logs can be critical in supporting incident response or a forensic analysis in the event of a suspected data breach, IT security incident, or other legally mandated investigations.
- Shared Access to Business Documents
Faculty, staff, and student employees should use storage options that allow for shared ownership of unit files.
- Third Party Vendor Security & Compliance
When you select a vendor, make sure they meet compliance requirements. Also include appropriate IT security and privacy agreements in your contract.
- Vulnerability Management
Vulnerability scans, alerts, and penetration testing help you know what to mitigate.