Information Technology Policies at the University of Michigan

Compliance Resource Center

Policies Under Review

Policies in development go through a public review before they are published. See which policies are in the review stage »

The University of Michigan provides information technology resources to a large and varied group, including faculty, staff, students, and guests. All members of this community are responsible for using these resources in an effective, efficient, and ethical manner that does not interfere with the reasonable use by other community members or endanger the University's tax-exempt or legal status. In particular, University employees who deal with sensitive data are required to exercise due diligence with regard to privacy and security policies and practices.

The information technology policies noted below apply to the entire University of Michigan community and its guests. Entities within the University, such as Information and Technology Services (ITS), maintain additional information technology policies or guidelines that apply to the University at large.

In addition to the University-wide policies, supplemental policies may apply at other levels and in specific areas. For example, the Dearborn and Flint campuses; the University of Michigan Health System; and individual schools, colleges, or departments may maintain policies for users of their respective networks and services.

Several key drivers will help determine IT policy priorities. These include:

  • U-M environment: Policies should align to core academic, research, learning and teaching, and administrative missions

  • NextGen Michigan: Policies should support the reinvention of information technology at U-M and respond to emerging technologies

  • Legal and regulatory environment: Policies should be in compliance with all statutory requirements

  • 10 year-gap: Policies need to be updated to properly account for the decade during which U-M has not had a comprehensive IT policy function

  • Risk environment: Policies should satisfactorily account for an ever-changing array of environmental, technological, and operational risks

  • Best practices: Policies should reflect industry and higher education best practices

Violations of the information technology policies at the University of Michigan may result in disciplinary action by the University.

Policy Oversight and Approval

The Chief Information Officer has oversight responsibility for IT policy. Information and Infrastructure Assurance (IIA), by delegation of the Chief Information Officer, coordinates the IT policy function for U-M, with responsibility for policy development, education, and maintenance; IIA maintains a complete repository of institutional IT policies, standards and guidelines.

The IT Policy Development and Administration Framework specifies the process for drafting new—or revising old—IT policies. The IT Council and University IT Executive Committee have reviewed and approved the framework.

The U-M IT governance groups set campus-wide priorities for IT services, resources and facilities. Policies and standards and guidelines have different levels of final approval authority. Specifically:

  • The Chief Information Officer has final approval authority for IT guidelines and standards.

  • The IT Executive Committee has final approval authority for new or revised Standard Practice Guide policies.

To provide feedback, ask a question, or seek assistance with policy interpretation, contact IIA.

IT Policy Development

Information technology policies articulate the university's vision, strategy, and principles as they relate to the use of information and information technology resources. IT policies interpret applicable laws and regulations and ensure that the policies are consistent with legal and contractual requirements. In addition, IT policies specify requirements and standards for the consistent use of IT resources across the university.

Information and Infrastructure Assurance (IIA) is coordinating a campus-wide, systematic IT policy initiative. This IT policy program will develop and maintain IT policies that are in step with emerging technologies and align with the evolving role and philosophy of NextGen Michigan. To support the IT policy development process, a detailed framework was adopted that:

  • Determines when to establish a policy, guideline or standard
  • Determines the criteria for what should be in a policy, guideline or standards
  • Creates a collaborative methodology for the drafting, approving, updating, and expiration of policies, standards, and guidelines
  • Documents and publishes policies, standards, and guidelines
  • Serves as a campus-wide resource to consistently interpret and arbitrate policies
  • Measures policy effectiveness and level of adoption

More Information

For further information, or to submit comments or suggestions, please contact ITS Information and Infrastructure Assurance.