Tag Archives: compliance

Securely self-manage UM-owned devices

U-M faculty and staff are strongly encouraged to use computers and devices that are managed by a central U-M IT service provider, but in some circumstances, faculty and staff may need to self-manage a UM-owned device: Computers and other devices purchased with research grant funds to meet very specific research needs. Developers needing specific operating systems or software… Read More »

Data protection course for use in your unit

How can you help people in your unit become aware of their basic data protection responsibilities? Encourage them to take this new, university-focused online course from ITS Information Assurance: DCE101 U-M Data Protection and Responsible Use (in My LINC). The completely new course provides practical guidance and best practices. It replaces what used to be called “DCE101: Access… Read More »

Policies needed for online learners in 2020

By | December 19, 2019

Online learning plays a critical role for today’s students by offering greater flexibility to accommodate work schedules and, in many cases, creating more affordable pathways to credentials. However, concerns over quality and potential bad actors have inspired repeated attempts to regulate distance education in a manner that appropriately balances innovation with quality assurance and consumer protections. In a… Read More »

Expect privacy notice updates as the CCPA takes effect

On January 1, 2020, the California Consumer Privacy Act (CCPA) goes into effect. As we near that date, be aware that you are likely to start seeing updates and changes to privacy notices and policies for both personal and university online services (such at U-M Google and Box). Any communications about updates to vendor privacy policies and notices… Read More »

U-M IT security posture information published

Have external collaborators, granting agencies, or vendor partners ever asked you for information about the university’s IT security posture? ITS Information Assurance has pulled together an overview of how we secure U-M into one document to help you answer those questions: U-M IT Security Posture (U-M login required)Note: IT security and compliance is a shared responsibility. This document… Read More »

ITS begins work on CUI proof of concept

The University of Michigan has been working on a effort to ensure that the university is compliant with the new regulations concerning the use of Controlled Unclassified Information (CUI). The next step is to develop a CUI public cloud strategy and proof of concept in AWS. That is where the ITS Cloud Infrastructure Transformation Program (CITP) technical team… Read More »

U-M Information Security policy: Revised and approved

The revised University of Michigan Information Security policy (SPG 601.27) recently was approved, along with a number of new information technology standards. The policy and accompanying standards represent the most comprehensive revision of the institution’s information security program since its inception over a decade ago. SPG 601.27 and the standards are based on a cybersecurity risk management framework that… Read More »

Export Controls CoP expands to address CUI

A new Community of Practice (CoP) group has been established to address the challenges U-M programs, faculty, students, and employees may face with the federal government’s Controlled Unclassified Information (CUI) program. The new U-M CUI CoP has evolved from the Export Controls CoP, which now falls under the umbrella of the CUI CoP. U-M, like all research universities,… Read More »

Learn about GDPR at July 26 open forum

You and all members of the U-M community are invited to a General Data Protection Regulation (GDPR) Open Forum to learn more about U-M’s approach to GDPR compliance. Sol Bermann, university privacy officer and interim chief information security officer, and David Grimm, associate general counsel, will share U-M’s approach to GDPR compliance, demonstrate the processes and tools developed… Read More »

U-M preparing for GDPR

A cross-university working group has been working for months to prepare U-M for the General Data Protection Regulation (GDPR), which goes into effect on May 25. To date, these efforts have included developing a risk-based GDPR compliance strategy, making important decisions regarding key requirements of the regulation, developing key GDPR processes and tools, and making recommendations for an… Read More »

Vulnerability management & vendor compliance standards published

Two new standards clearly define responsibilities regarding vulnerability management and vendor security and compliance, and updated and expanded guidance to help you meet those responsibilities is on Safe Computing. Andrew Rosenberg, interim U-M vice president for information technology and Michigan Medicine chief information officer, recently approved these two new standards: Third Party Vendor Security and Compliance (DS-20). When… Read More »

Fragmented U.S. privacy laws leave large data loopholes

By | April 10, 2018

Florian Schaub, an assistant professor at U-M and a privacy expert, notes in a recent article that the patchwork of U. S. laws and regulations that govern data collection and privacy leave loopholes for companies to exploit. For example, Federal laws strictly protect medical, financial, and education-related records. However, online services, apps, and data collection by emerging technologies… Read More »

U-M preparing GDPR compliance program

The General Data Protection Regulation (GDPR), which takes effect May 25, 2018, will affect organizations worldwide, including universities. The regulation expands personal privacy rights for European Union residents. It will take some time for organizations around the world to sort through, understand, and determine the implications of the GDPR requirements, as well as figure out how best to… Read More »