Security Unit Liaisons

Slides from previous  IT Security Community Meetings are available to members of the IT Security Community.

Every unit, school, and college has a staff member designated as a Security Unit Liaison (SUL), serving as that unit's primary IT security contact. To find the SUL for your unit, see the Security Unit Liaison Directory.

Information Security (SPG 601.27) establishes the expectation that units share in the responsibility to protect the information assets controlled by the university.

Appointments/Terms

Deans or directors appoint SULs for their units. SULs serve as a focal point for coordinating information security activities within the unit and act as the main interface between the unit and Information Assurance (IA). Large, complex units, or those with multiple independent sub-units, may choose to appoint more than one SUL to ensure coverage of all areas.

An SUL should have a strong interest in IT security and compliance and must have the influence or authority within their unit to ensure that U-M IT security standards and practices are being implemented and followed. A background in information technology is helpful, but it is not required for the role.

In general, SULs are expected to commit to a minimum two-year term with an average time commitment of four to ten hours per month, depending on the size, complexity, and number of SULs in their unit. An SUL can delegate specific tasks to others in their unit but maintains the responsibility of ensuring that all tasks are completed in a timely manner.

General Responsibilities

SULs are responsible for:

  • Regularly communicating with unit leadership on security related issues and alerting leadership of security risks and needed risk mitigation.
  • Leveraging IA services to meet unit requirements and support unit missions.
  • Ensuring their unit has established and regularly reviews appropriate unit-level security procedures in accordance with U-M policies and standards.
  • Coordinating information security education and awareness for their unit.
  • Sharing email, communications, and security awareness materials from IA and other sources with their unit.
  • Promoting awareness and education of security policies and guidelines.
  • Serving as the primary contact for monitoring and auditing of information security policy implementation.
  • Providing ongoing feedback to IA of special security needs, priorities, and concerns, including possible improvements for processes, services, and technologies.
  • Assisting IA in the maintenance of an inventory of sensitive and critical information assets within their unit(s) as well as any unit-unique regulatory requirements.

Specific Responsibilities

SULs are responsible for ongoing and recurring specific information security activities in their unit(s), including: