University Information Security Requirements for Systems, Applications, and Data (601.27)
U-M's Information Security policy (SPG 601.27) and the U-M IT security standards apply to all U-M units, faculty, staff, affiliates, and vendors with access to U-M institutional data. Federal or state regulations and contractual agreements may require additional actions that exceed those included in U-M's policies and standards.
Requirements are organized by standard:
- Access, Authentication, and Authorization Management
- Awareness, Training, and Education
- Disaster Recovery Planning and Data Backup for Information Systems and Services
- Electronic Data Disposal and Media Sanitization
- Encryption
- Information Security Risk Management
- Network Security
- Physical Security
- Secure Coding and Application Security
- Security Log Collection, Analysis, and Retention
- Security of Enterprise Application Integration
- Third Party Vendor Security and Compliance
- Vulnerability Management
Ross School of Business – 601.27 Alignment
Below is the measure of Ross IT’s work toward compliance with the 601.27 SPG.
Each standard that is listed below has a series of security elements that need to be met to maintain and achieve compliance. The score for each standard represents the level of alignment and compliance for that standard.
| Information Security Requirements for Systems, Applications, and Data | Current |
|---|---|
| Access, Authentication, and Authorization Management | 5 |
| Awareness, Training, and Education | 5 |
| Disaster Recovery Planning and Data Backup for Information Systems and Services | 5 |
| Electronic Data Disposal and Media Sanitization | 5 |
| Encryption | 5 |
| Information Security Risk Management | 5 |
| Network Security | 5 |
| Physical Security | 5 |
| Secure Coding and Application Security | 5 |
| Security Log Collection, Analysis, and Retention | 5 |
| Security of enterprise Application Integration | 5 |
| Third Party Vendor Security and Compliance | 5 |
| Vulnerability Management | 5 |
| Current Total | 65 |
| Goal Total | 65 |
| 5 | Met Goal |
| 4 | 75% or more of goal reached |
| 3 | At least 50% of goal reached |
| 2 | Less then 50% |
| 1 | In progress |
Last Updated on May 10, 2025
