U-M’s information security policy and 13 supporting standards balance protecting U-M information systems and data; maintaining an open environment for teaching, learning, and research; and ensuring the university's core missions and institutional priorities remain paramount. Each standard is supported by supplemental guidance and documentation to help units meet the minimum security requirements as identified in the policy and standards.
- Backup U-M Data
All U-M units and research programs on all campuses are required to backup univerity data.
- Disaster Recovery Management
Disaster Recovery planning is required for all mission critical systems and applications, as well as any system that stores data classified as Restricted, High, or Moderate.
- Information Security Risk Management
Identify, assess, and limit threats to the university’s most important information systems and data.
- Securely Dispose of U-M Data and Devices
Properly erase university-owned devices for disposal or transfer.
- Server & Database Hardening
Follow these instructions to ready your servers and databases to handle sensitive data.
- Third Party Vendor Security & Compliance
If your unit uses a non-university product or service with university data, you must ensure adequate protection of the data.
- Vulnerability Management
Vulnerability scans, alerts, and penetration testing help you know what to mitigate.