Requesting Addition of a Service to the Sensitive Data Guide / Sensitive Data Guide

Requesting Addition of a Service to the Sensitive Data Guide

If you would like to have a service that is available to members of the U-M community added to the Sensitive Data Guide, please contact the ITS Service Center and provide the information listed below. Information Assurance (IA) staff will determine if the item should be added and work with you on an entry for the item if appropriate. Please allow several weeks for the process.

  • Service description. Explain what the service is and what it is used for.
  • Description of compliance. List the service's security safeguards, particularly those that make it compliant with sensitive data regulations. Provide details about what types of sensitive data can and cannot be safely stored in/used with the service and explain why or why not.
  • Links to information about the service. Provide a link to the service's homepage and any relevant documentation.
  • Links to additional resources. Provide any additional links that you think would be helpful to users.
  • RECON results? Has an IT security risk analysis (RECON) been conducted for the service? If so, please provide details.
  • Vendor Security & Compliance Assessment? If the service is provided by a vendor, has a Vendor Security & Compliance Assessment been done? If so, please provide details.
  • Business Associate Agreement? If the service is provided externally, has the provider signed a U-M Business Associate Agreement? If so, please provide details.