{"id":671,"date":"2020-10-27T12:00:00","date_gmt":"2020-10-27T16:00:00","guid":{"rendered":"https:\/\/rossweb.bus.umich.edu\/ross-it\/technology\/university-information-security-requirements-systems-applications-and\/"},"modified":"2026-03-02T18:05:01","modified_gmt":"2026-03-02T23:05:01","slug":"university-information-security-requirements-systems-applications-and","status":"publish","type":"page","link":"https:\/\/rossweb.bus.umich.edu\/ross-it\/university-information-security-requirements-systems-applications-and\/","title":{"rendered":"University Information Security Requirements for Systems, Applications, and Data (601.27)"},"content":{"rendered":"\n<p>U-M&#8217;s&nbsp;<a href=\"http:\/\/spg.umich.edu\/policy\/601.27\">Information Security policy (SPG 601.27)<\/a>&nbsp;and the&nbsp;<a href=\"https:\/\/it.umich.edu\/information-technology-policies\/general-policies\/#standards\">U-M&nbsp;IT security standards<\/a>&nbsp;apply to all&nbsp;U-M&nbsp;units, faculty, staff, affiliates, and vendors&nbsp;with access to&nbsp;U-M&nbsp;institutional data. Federal or state regulations and contractual agreements may require additional actions that exceed those included in&nbsp;U-M&#8217;s&nbsp;policies and standards.<\/p>\n\n\n\n<p>Requirements are organized by standard:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/safecomputing.umich.edu\/information-security-requirements#DS22\">Access, Authentication, and Authorization Management<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/safecomputing.umich.edu\/information-security-requirements#DS16\">Awareness, Training, and Education<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/safecomputing.umich.edu\/information-security-requirements#DS12\">Disaster Recovery Planning and Data Backup for Information Systems and Services<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/safecomputing.umich.edu\/information-security-requirements#DS11\">Electronic Data Disposal and Media Sanitization<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/safecomputing.umich.edu\/information-security-requirements#DS15\">Encryption<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/safecomputing.umich.edu\/information-security-requirements#DS13\">Information Security Risk Management<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/safecomputing.umich.edu\/information-security-requirements#DS14\">Network Security<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/safecomputing.umich.edu\/information-security-requirements#DS17\">Physical Security<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/safecomputing.umich.edu\/information-security-requirements#DS18\">Secure Coding and Application Security<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/safecomputing.umich.edu\/information-security-requirements#DS19\">Security Log Collection, Analysis, and Retention<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/safecomputing.umich.edu\/information-security-requirements#DS-09\">Security of Enterprise Application Integration<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/safecomputing.umich.edu\/information-security-requirements#DS20\">Third Party Vendor Security and Compliance<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/safecomputing.umich.edu\/information-security-requirements#DS21\">Vulnerability Management<\/a><\/li>\n<\/ul>\n\n\n\n<p>Ross School of Business \u2013 601.27 Alignment<\/p>\n\n\n\n<p>Below is the measure of Ross IT\u2019s work toward compliance with the 601.27 SPG.&nbsp;&nbsp;<\/p>\n\n\n\n<p>Each standard that is listed below has&nbsp;a series of security elements that need to be met to maintain and achieve compliance. The score for each standard represents the level of alignment and compliance for that standard.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Information Security Requirements for Systems, Applications, and Data<\/th><th>Current<\/th><\/tr><\/thead><tbody><tr><td>Access, Authentication, and Authorization Management<\/td><td>5<\/td><\/tr><tr><td>Awareness, Training, and Education<\/td><td>5<\/td><\/tr><tr><td>Disaster Recovery Planning and Data Backup for Information Systems and Services<\/td><td>5<\/td><\/tr><tr><td>Electronic Data Disposal and Media Sanitization<\/td><td>5<\/td><\/tr><tr><td>Encryption<\/td><td>5<\/td><\/tr><tr><td>Information Security Risk Management<\/td><td>5<\/td><\/tr><tr><td>Network Security<\/td><td>5<\/td><\/tr><tr><td>Physical Security<\/td><td>5<\/td><\/tr><tr><td>Secure Coding and Application Security<\/td><td>5<\/td><\/tr><tr><td>Security Log Collection, Analysis, and Retention<\/td><td>5<\/td><\/tr><tr><td>Security of enterprise Application Integration<\/td><td>5<\/td><\/tr><tr><td>Third Party Vendor Security and Compliance<\/td><td>5<\/td><\/tr><tr><td>Vulnerability Management<\/td><td>5<\/td><\/tr><tr><td>&nbsp;<\/td><td>&nbsp;<\/td><\/tr><tr><td><strong>Current Total<\/strong><\/td><td><strong>65<\/strong><\/td><\/tr><tr><td><strong>Goal Total<\/strong><\/td><td><strong>65<\/strong><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>5<\/strong><\/td><td><strong>Met Goal<\/strong><\/td><\/tr><tr><td><strong>4<\/strong><\/td><td><strong>75% or more of goal reached<\/strong><\/td><\/tr><tr><td><strong>3<\/strong><\/td><td><strong>At least 50% of goal reached<\/strong><\/td><\/tr><tr><td><strong>2<\/strong><\/td><td><strong>Less then 50%<\/strong><\/td><\/tr><tr><td><strong>1<\/strong><\/td><td><strong>In progress<\/strong><\/td><\/tr><\/tbody><\/table><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>U-M&#8217;s&nbsp;Information Security policy (SPG 601.27)&nbsp;and the&nbsp;U-M&nbsp;IT security standards&nbsp;apply to all&nbsp;U-M&nbsp;units, faculty, staff, affiliates, and vendors&nbsp;with access to&nbsp;U-M&nbsp;institutional data. Federal or state regulations and contractual agreements may require additional actions that exceed those included in&nbsp;U-M&#8217;s&nbsp;policies and standards. Requirements are organized by standard: Ross School of Business \u2013 601.27 Alignment Below is the measure of Ross IT\u2019s&#8230;<\/p>\n","protected":false},"author":4819,"featured_media":0,"parent":0,"menu_order":104,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","_lmt_disableupdate":"","_lmt_disable":"","advgb_blocks_editor_width":"","advgb_blocks_columns_visual_guide":"","_kad_blocks_custom_css":"","_kad_blocks_head_custom_js":"","_kad_blocks_body_custom_js":"","_kad_blocks_footer_custom_js":"","_kadence_starter_templates_imported_post":false,"_kad_post_transparent":"","_kad_post_title":"","_kad_post_layout":"","_kad_post_sidebar_id":"","_kad_post_content_style":"","_kad_post_vertical_padding":"","_kad_post_feature":"","_kad_post_feature_position":"","_kad_post_header":false,"_kad_post_footer":false,"_kad_post_classname":"","ep_exclude_from_search":false,"footnotes":"","advanced-sidebar-menu\/link-title":"","advanced-sidebar-menu\/exclude-page":false},"categories":[],"tags":[],"ep_post_type":[45],"class_list":["post-671","page","type-page","status-publish","hentry","ep_post_type-page"],"acf":[],"taxonomy_info":[],"featured_image_src_large":false,"author_info":{"display_name":"Don DuChateau II","author_link":"https:\/\/rossweb.bus.umich.edu\/ross-it\/author\/duck\/"},"comment_info":"","coauthors":[],"author_meta":{"author_link":"https:\/\/rossweb.bus.umich.edu\/ross-it\/author\/duck\/","display_name":"Don DuChateau II"},"relative_dates":{"created":"Posted 5 years ago","modified":"Updated 2 months ago"},"absolute_dates":{"created":"Posted on October 27, 2020","modified":"Updated on March 2, 2026"},"absolute_dates_time":{"created":"Posted on October 27, 2020 12:00 pm","modified":"Updated on March 2, 2026 6:05 pm"},"featured_img_caption":"","featured_img":false,"series_order":"","_links":{"self":[{"href":"https:\/\/rossweb.bus.umich.edu\/ross-it\/wp-json\/wp\/v2\/pages\/671","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rossweb.bus.umich.edu\/ross-it\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/rossweb.bus.umich.edu\/ross-it\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/rossweb.bus.umich.edu\/ross-it\/wp-json\/wp\/v2\/users\/4819"}],"replies":[{"embeddable":true,"href":"https:\/\/rossweb.bus.umich.edu\/ross-it\/wp-json\/wp\/v2\/comments?post=671"}],"version-history":[{"count":2,"href":"https:\/\/rossweb.bus.umich.edu\/ross-it\/wp-json\/wp\/v2\/pages\/671\/revisions"}],"predecessor-version":[{"id":7747,"href":"https:\/\/rossweb.bus.umich.edu\/ross-it\/wp-json\/wp\/v2\/pages\/671\/revisions\/7747"}],"wp:attachment":[{"href":"https:\/\/rossweb.bus.umich.edu\/ross-it\/wp-json\/wp\/v2\/media?parent=671"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rossweb.bus.umich.edu\/ross-it\/wp-json\/wp\/v2\/categories?post=671"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rossweb.bus.umich.edu\/ross-it\/wp-json\/wp\/v2\/tags?post=671"},{"taxonomy":"ep_post_type","embeddable":true,"href":"https:\/\/rossweb.bus.umich.edu\/ross-it\/wp-json\/wp\/v2\/ep_post_type?post=671"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}