Incident Response Roles and Responsibilities

Vice President for Information Technology and Chief Information Officer (CIO)

The U-M VPIT-CIO provides information technology leadership across the entire university; advising on matters of information technology strategy, entrepreneurship, security, and investment. As necessary or appropriate, the VPIT-CIO is responsible for being a conduit to other U-M executive officers during a suspected serious IT security incident.

Chief Information Security Officer (CISO)

The U-M CISO is the ultimate authority for interpretation and implementation of Information Security Incident Reporting (SPG 601.25), as well as for coordinating serious information security incident communications. 

University Privacy Officer

The university privacy officer is responsible for collaborating on privacy-related and breach notification activities of incident response across U-M; ensuring institutional privacy practices are incorporated into IT security incident investigations and reviewed after incidents; and providing specific recommendations to reduce the likelihood of incident occurrence and improve future incident response processes.

Information Assurance (IA)

IA has primary responsibility for coordinating the response to IT security incidents and providing a single point of contact for serious IT security incident communication and response at U-M. IA assists U-M units in IT security incident response. IA is responsible for appointing an incident response coordinator whose primary job function is to support incident management across the university.

IT User Advocate (UA)

The UA, part of the IA Incident Response team within IA, oversees responsible use of computing resources at U-M, and assists in eDiscovery and other investigatory matters. The UA works with the university community to ensure that information technology policies and guidelines relating to responsible use of information resources are followed.

Security Unit Liaison (SUL)

The SUL is a staff member who has been designated by the unit dean or director to provide unit oversight of information security. SULs communicate and coordinate IT security incident-related activities with IA, as well as evaluate and respond to non-serious incidents. SULs notify IA when they become aware of an IT security incident that may be serious.

Backbone Network Service Providers

U-M backbone network service providers collaborate with IA to implement appropriate filters and/or block network access as appropriate to mitigate threats from serious incidents.

University of Michigan Police Department (UMPD)

UMPD ensures appropriate steps are carried out for crimes committed with a computer and crimes committed against a computer.

Office of General Counsel (OGC)

The OGC participates in IT security incident response when the incident has a potential for legal liability or involves unlawful activity.

Office of the Vice President for Communications (OVPC)

The OVPC oversees public and media relations and participates in responding to serious IT security incidents.

U-­M Office of Research (UMOR)

UMOR is notified of security incidents involving human subject research data, or other sensitive research data. UMOR notifies IA when it becomes aware of an incident that may be serious.

Michigan Medicine Compliance Office

The Michigan Medicine Compliance Office is the university's focal point for coordinating the response to incidents involving Protected Health Information (PHI) and other data covered by HIPAA. It is also the Michigan Medicine focal point for coordinating serious incidents involving Michigan Medicine resources. Michigan Medicine Compliance notifies IA when it becomes aware of an IT security incident that may be serious.

Data Stewards

U-M data stewards approve incident response and mitigation decisions for serious incidents that involve possible disclosure of sensitive information within their area of responsibility.

Insurance and Claims Administration

Insurance and Claims Administration (formerly known as Risk Management) assists the university’s operating units, faculty and staff with managing risk created by programs and activities, and is responsible for management of the university’s cyber risk insurance.

Office of the Registrar

The Office of the Registrar ensures appropriate steps are taken in responding to incidents involving data covered by FERPA.

Office of the Treasurer

The Office of the Treasurer ensures appropriate steps are taken in responding to incidents involving data covered by PCI DSS.

Office of Finance

The Office of Finance ensures appropriate steps are included in responding to incidents involving data covered by GLBA.