Tag Archives: compliance

ITS begins work on CUI proof of concept

The University of Michigan has been working on a effort to ensure that the university is compliant with the new regulations concerning the use of Controlled Unclassified Information (CUI). The next step is to develop a CUI public cloud strategy and proof of concept in AWS. That is where the ITS Cloud Infrastructure Transformation Program (CITP) technical team… Read More »

U-M Information Security policy: Revised and approved

The revised University of Michigan Information Security policy (SPG 601.27) recently was approved, along with a number of new information technology standards. The policy and accompanying standards represent the most comprehensive revision of the institution’s information security program since its inception over a decade ago. SPG 601.27 and the standards are based on a cybersecurity risk management framework that… Read More »

Export Controls CoP expands to address CUI

A new Community of Practice (CoP) group has been established to address the challenges U-M programs, faculty, students, and employees may face with the federal government’s Controlled Unclassified Information (CUI) program. The new U-M CUI CoP has evolved from the Export Controls CoP, which now falls under the umbrella of the CUI CoP. U-M, like all research universities,… Read More »

Learn about GDPR at July 26 open forum

You and all members of the U-M community are invited to a General Data Protection Regulation (GDPR) Open Forum to learn more about U-M’s approach to GDPR compliance. Sol Bermann, university privacy officer and interim chief information security officer, and David Grimm, associate general counsel, will share U-M’s approach to GDPR compliance, demonstrate the processes and tools developed… Read More »

U-M preparing for GDPR

A cross-university working group has been working for months to prepare U-M for the General Data Protection Regulation (GDPR), which goes into effect on May 25. To date, these efforts have included developing a risk-based GDPR compliance strategy, making important decisions regarding key requirements of the regulation, developing key GDPR processes and tools, and making recommendations for an… Read More »

Vulnerability management & vendor compliance standards published

Two new standards clearly define responsibilities regarding vulnerability management and vendor security and compliance, and updated and expanded guidance to help you meet those responsibilities is on Safe Computing. Andrew Rosenberg, interim U-M vice president for information technology and Michigan Medicine chief information officer, recently approved these two new standards: Third Party Vendor Security and Compliance (DS-20). When… Read More »

Fragmented U.S. privacy laws leave large data loopholes

By | April 10, 2018

Florian Schaub, an assistant professor at U-M and a privacy expert, notes in a recent article that the patchwork of U. S. laws and regulations that govern data collection and privacy leave loopholes for companies to exploit. For example, Federal laws strictly protect medical, financial, and education-related records. However, online services, apps, and data collection by emerging technologies… Read More »

U-M preparing GDPR compliance program

The General Data Protection Regulation (GDPR), which takes effect May 25, 2018, will affect organizations worldwide, including universities. The regulation expands personal privacy rights for European Union residents. It will take some time for organizations around the world to sort through, understand, and determine the implications of the GDPR requirements, as well as figure out how best to… Read More »