Tools & Templates

Information Assurance (IA) provides a variety of guides, tools, services, and best practices recommendations to help IT professionals secure their systems and devices. 

Hardening Guides

Sensitive Data Protection

  • Access to Employee-Held Data for U-M Units. Units may request access, for business purposes, to university data held in the U-M-provided account or service of an employee or terminated employee in accordance with U-M policy, athough it is preferable to have the employee transfer the information.
  • Data Classification Levels. All U-M institutional data is classified into one of four classifications or sensitivity levels. Learn about the levels and security requirements for each one.
  • External Funding and Information Security Requirements. The U-M Office of Research coordinates with IT security professionals to meet requirements of government grants or contracts. 
  • Requesting Addition of a Service to the Sensitive Data Guide. Don't see a service listed in the Sensitive Data Guide? Here's how to ask that the service be considered for inclusion.
  • Sensitive Data Discovery. Checks done on MiWorkspace computers to ensure sensitive data is not being stored unnecessarily or improperly. Available to non-MiWorkspace units on request.
  • Sensitive Data Guide to IT Services. The Sensitive Data Guide allows you to look up services or data types to determine the appropriate places to store and work with U-M data.

Planning, Compliance & Risk Mitigation

  • Disaster Recovery Planning. Information and templates for IT disaster recovery planning at U-M.
  • Penetration Testing (Ethical Hacking). A more intrusive active exploitation of security vulnerabilities, only at the request of units or system owners, used to proactively test a critical system.
  • Risk Analysis (RECON). A risk assessment methodology used to assess threats and vulnerabilities to mission critical U-M systems and applications, or to systems storing sensitive data.
  • Third Party Vendor Security & Compliance. A guide for reviewing and monitoring external service providers that access, maintain, or process institutional data.

Security & Privacy Best Practices