University Information Security Requirements for Systems, Applications, and Data (601.27)

U-M’s Information Security policy (SPG 601.27) and the U-M IT security standards apply to all U-M units, faculty, staff, affiliates, and vendors with access to U-M institutional data. Federal or state regulations and contractual agreements may require additional actions that exceed those included in U-M’s policies and standards.

Requirements are organized by standard:

Ross School of Business – 601.27 Alignment

Below is the measure of Ross IT’s work toward compliance with the 601.27 SPG.  

Each standard that is listed below has a series of security elements that need to be met to maintain and achieve compliance. The score for each standard represents the level of alignment and compliance for that standard.

Information Security Requirements for Systems, Applications, and DataCurrent
Access, Authentication, and Authorization Management5
Awareness, Training, and Education5
Disaster Recovery Planning and Data Backup for Information Systems and Services5
Electronic Data Disposal and Media Sanitization5
Encryption5
Information Security Risk Management5
Network Security5
Physical Security5
Secure Coding and Application Security5
Security Log Collection, Analysis, and Retention5
Security of enterprise Application Integration5
Third Party Vendor Security and Compliance5
Vulnerability Management5
  
Current Total65
Goal Total65
5Met Goal
475% or more of goal reached
3At least 50% of goal reached
2Less then 50%
1In progress

Last Updated on March 2, 2026