University Information Security Requirements for Systems, Applications, and Data (601.27)

U-M's Information Security policy (SPG 601.27) and the U-M IT security standards apply to all U-M units, faculty, staff, affiliates, and vendors with access to U-M institutional data. Federal or state regulations and contractual agreements may require additional actions that exceed those included in U-M's policies and standards.

Requirements are organized by standard:

Ross School of Business – 601.27 Alignment

Below is the measure of Ross IT’s work toward compliance with the 601.27 SPG.  

Each standard that is listed below has a series of security elements that need to be met to maintain and achieve compliance. The score for each standard represents the level of alignment and compliance for that standard.

Information Security Requirements for Systems, Applications, and Data Current
Access, Authentication, and Authorization Management 5
Awareness, Training, and Education 5
Disaster Recovery Planning and Data Backup for Information Systems and Services 5
Electronic Data Disposal and Media Sanitization 5
Encryption 5
Information Security Risk Management 5
Network Security 5
Physical Security 5
Secure Coding and Application Security 5
Security Log Collection, Analysis, and Retention 5
Security of enterprise Application Integration 5
Third Party Vendor Security and Compliance 5
Vulnerability Management 5
Current Total 65
Goal Total 65
5 Met Goal
4 75% or more of goal reached
3 At least 50% of goal reached
2 Less then 50%
1 In progress


Last Updated on April 11, 2022